Nature and the Internet both came without privacy.
The difference is that we’ve invented privacy tech in the natural world, starting with clothing and shelter, and we haven’t yet done the same in the digital world.
When we go outside in the digital world, most of us are still walking around naked. Worse, nearly every commercial website we visit plants tracking beacons on us to support the extractive economy in personal data called adtech: tracking-based advertising.
In the natural world, we also have long-established norms for signaling what’s private, what isn’t, and how to respect both. Laws have grown up around those norms as well. But let’s be clear: the tech and the norms came first.
Yet for some reason many of us see personal privacy as a grace of policy. It’s like, “The answer is policy. What is the question?”
Two such answers arrived with the New York Times on April 2nd: Facebook Is Not the Problem. Lax Privacy Rules Are., by the Editorial Board; and Can Europe Lead on Privacy?, by ex-FCC Chairman Tom Wheeler. Both call for policy. Neither see possibilities for personal tech. To both, the only actors in tech are big companies and big government, and it’s the job of the latter to protect people from the former. What they both miss is that we need what we might call big personal. We can only get that with personal tech that gives each of us agency. (Merriam Webster: the capacity, condition, or state of acting or of exerting power.)
We acquired agency with personal computing and the Internet. Both were designed to make everyone an Archimedes. We also got a measure of it with the phones and tablets we carry around in our pockets and purses. None are yet as private as they should be, but making them fully private is the job of tech.
For example, Customer Commons is working on tools that include cookies that go the other way, true loyalty cards, and terms we can proffer as individuals, and the sites and services of the world can agree to.
Those terms are examples of what we call customertech: tech that’s ours and not Facebook’s or Apple’s or Google’s or Amazon’s. When those personal tools engage the sellers and service providers of the world, they do VRM, or Vendor Relationship Management, which can engage CRM (Customer Relationship Management)systems on the other side.
The purpose of everything in the last paragraph is to turn the connected marketplace into a Marvel-like universe in which all of us are enhanced.
To be clear here, my argument here is not against policy, but for tech development. Without the tech and the norms it makes possible, we can’t have fully enlightened policy.
I had high hopes for the GDPR as it approached, and to some degree I still do; but so far it has mostly made life far worse for everyone. On the sites’ side, it caused countless cookie consent notices (nearly all meant to obtain consent to continued tracking-as-usual) and full employment for lawyers. On our side, it’s a big pain in the ass, with more personal privacy loss than ever. And that state will persist until GDPR enforcement happens.
Meanwhile we still need the tech. Let’s make it.
Originally published at blogs.harvard.edu/doc on April 2, 2018.