Q&A: Harvard’s Elizabeth Renieris

Data Ownership Is Dangerous

By Jeff Benson

First of two parts.

American computer scientist Jaron Lanier invented virtual reality. Now he and a growing list of technologists, from Andrew Yang to blockchain-obsessed idealists, want to forge a future in which people can profit from their data.

Elizabeth Renieris thinks that’s a dangerous idea. 

A lawyer and fellow at Harvard University’s Berkman Klein Center for Internet and Society, Renieris is among the foremost experts on cross-border data protection laws and digital privacy.

In an interview with Digital Privacy News, she explained why data commodification won’t work.

Why don’t you think people should be able to sell their data?

The problem is that you have no idea what will be done with your data. You have no idea who will access it. You have no idea what that data will mean in a different context.

So, this idea of a transaction that actually extinguishes your rights in relation to that data is really dangerous, because you cannot imagine all the ways that could go wrong.

There’s also the question of ‘It’s not your data to sell.’

If I sell “my” contact list to Facebook, the people in that list have no opportunity to consent to that. They don’t have any say in the matter.

Trying to draw the boundaries around my data doesn’t work from a logistical point of view.

Can we differentiate between public and private data?

In general, the law does not really differentiate. Public data might be my headshot. My photo is on websites. My face is “public” or discoverable.

But the fact that some data is known and discoverable or publicly available does not mean there are no longer rules that apply. … It’s not a meaningful distinction in law.

This is the slippery slope to a dangerous situation, as with [facial recognition software company] Clearview AI, where they argue, “It’s public data.”

Well, no — the fact that I provided this data for purpose X does not mean it can now be used for purpose Y or Z. 

Is that why we should instead be focusing on company practices with data collection and usage?

This is where the distinction between privacy and data protection is really important.

Traditional privacy rights talk about interference with your person, your home, your family life, things like that. They’re about intrusions with your autonomy.

Data protection is a separate but related concept that adds additional protections to data that’s been shared. 

I’m struggling with how that looks in the modern world.

Exactly! That’s the challenge. And you can see how it’s not even about the data. This is why there are now efforts to stop neurohacking and new IoT about your body or physiological functions.

Even things like targeted advertising and mass surveillance are really less about privacy and more about: “How does that practice manipulate us? How does it change our behavior?”

These conversations that try to define what data is are obfuscating the real point.

If we think about [data] in conventional ways rather than how it is used to monitor our behavior and our human experience, we’re not going to have any effective pushback from a legal standpoint.

We have to ask, ‘What is OK to be collecting, aggregating and injecting into these systems in the first place?’

Tuesday: Privacy Is an Inalienable Right.

Jeff Benson is a Nevada-based writer.

Sources:

  • www. theverge.com/2019/4/9/18302076/data-monetization-control-manipulation-economy-jaron-laniers-virtual-reality-vr-vergecast
  • www. nytimes.com/2019/10/15/opinion/andrew-yang-privacy-internet.html
  • www .wired.com/story/i-sold-my-data-for-crypto
  • cyber.harvard.edu/people/elizabeth-renieris
  • gdpr.eu