Principle 4: Trust

Principle 4: Trust

The principle is very simple, but it shouldn’t be underestimated. It is very often a bad idea to change how customers’ data is collected, especially if the customer has not been notified or asked beforehand.

How to keep the Trust?

If a company, or a state for that matter, has collected data for a given purpose, but the data subjects find out that the purpose has been changed without notification, they will probably lose trust in the company or state. And who can blame them?

Likewise, if the data subject gives her consent for her data to be used for one purpose, but it turns out that the company or the state actually used the data for another purpose, the data subject will probably lose trust in the company or state (provided they had this trust in the first place). This is also related to the Principle of Consent.

principle 4

Consistent with the GDPR

One should also make sure that it is sufficiently clear for the customer, exactly which data are being collected, and what the purpose is. This should be done before the initial collection of data, but it should also be repeated whenever changes are made to the collection or use of data. If this is not done, then the Principle of Consent (Principle 3) will also be violated.

The Principle of Trust could also have been called “The Principle of Transparency”. In its essence, the idea is that the entire data process, from the data collection to the use of data, should be as transparent as possible to the data subject.

The reason why we call it “The Principle of Trust”, is that transparency often means that the data collector is passive. But if you want to make sure that the customer is not surprised, it will often require an active effort from the data collector. Few things are harder to gain, and easier to lose than trust. That’s why we say “Don’t Surprise the Customer”.

Don’t Surprise the Customer.

Principle 3: Consent

Principle 3: Consent

Since people own data about themselves (Principle 1), and people have privacy rights over certain private domains (Principle 2), it’s often very important to have consent from the data subject before collecting private data. If consent is not given, the collection of the data will often be ethically problematic.

What is Data Consent?

This probably seems self-evident to most people. For example, if Jones somehow gains access to Smith’s medical records without getting Smith’s approval beforehand, then Jones has clearly behaved wrongly.

So, consent seems to be a very important component, if the collection of personal data is going to be ethically legitimate. In other words, consent seems to be a necessary condition for the legitimate collection of personal data.

But notice that it is also often a sufficient condition. This means, that if Jones has collected Smith’s consent beforehand, then we do not need any additional information in order to know that it was ethically legitimate for Jones to gain access to Smith’s information.

In most cases, however, the consent would need to be genuine and informed consent. This means that, if Jones threatens Smith to give him the medical records, or if Smith believes that he is consenting to something else, then the consent doesn’t count.

Cases of uninformed consent are, unfortunately, common in the tech world. Too often, the data subject is asked to confirm that they have read a very long terms-and-conditions form. Surprises can be intentionally hidden in the form since it is very unlikely that the data subject will actually read the whole thing.

In other cases, information has been collected without any form of consent, for example when producers of smart TVs spy on customers through the TV’s camera. See for example this Article.

principle 3

Explicit Consent and Implied Consent

When talking about consent, it is important to make the distinction between explicit and implied consent. Explicit consent means that Smith has explicitly given Jones permission to gain access to Smith’s medical record.

Contrast this with the following example of implicit consent: Smith has voluntarily uploaded his medical record online, for everyone to see, so Jones now has access to the record. Has Jones now behaved wrongly? It seems not. By voluntarily uploading the record online, Smith has implicitly consented to people gaining access to the medical record.

Seluxit and Consent

When Seluxit gains access to data about people, it is most often not personal data, in the sense that it is traceable to an identifiable individual. Most often, the data is about how a specific device is being used. Nonetheless, Seluxit makes sure that the data subject has given explicit consent before Seluxit collects any data. And, Selulix strongly encourages customers to comply with this principle. In general, we stand by this principle: No consent – no collection.

No consent – no collection.

Principle 2: Data Privacy

Principle 2: Data Privacy

When states and companies collect data about you, they come to know a lot about you. Do they violate your right to privacy? And what does that even mean?

At Seluxit, we believe that people own data about themselves (See The Principle of Data Ownership), but we also believe that people have a right to privacy over certain private domains. So what is the difference between the right to data ownership and the right to privacy? In this article, we will try to answer that question, and explain why we believe in the Privacy Principle.

An Important Distinction

First, it is crucial to make the following distinction, when talking about privacy: There is a distinction between the condition of privacy and the right to privacy. When companies or states collect data about Smith, his condition of privacy changes. That is to say, he loses privacy to some degree.

However, that does not necessarily mean that the companies or states have violated Smith’s right to privacy. If Smith gave informed consent beforehand, his privacy right has not been violated. But his condition of privacy has still changed, since his privacy has been diminished. The Privacy Principle is only concerned with the right to privacy.

The Right to Privacy

What does it mean to say that Smith has a right to privacy? It means, among other things, that he should be able to control whether Jones has access to data about him. But it also means that Smith has the right to control access to certain private ‘domains’ of his, even when no data about Smith is located within this domain. Such domains can both be digital, like a database, or physical like a house. Let’s look at two examples:

rights to privacy

Example #1

Imagine that Jones is a very good hacker. Without Smith’s permission, Jones gains access to Smith’s Google Drive. On the drive, Smith only stores – with his grandmother’s consent – a copy of the data from her SmartMeter, in order to see if her daily routines change. A change in routines can be a sign of developing dementia. Jones´s intention was to find unflattering pictures of Smith on the drive, in order to blackmail him.

According to the Privacy Principle, Jones has violated Smith’s right to privacy, and arguably also the grandmother´s (the grandmother owns the data), even though Smith does not own the drive, nor the data stored on it. This shows that Smith has certain privacy rights over certain domains, even if he does not own the domain, nor the data located in it. Therefore, the Principle of Data Ownership is not enough. We also need the Privacy Principle.

principle 2

Example #2

Let us consider another example. Jones wiretaps Smith’s phone, in order to learn compromising facts about Smith, which he will use to blackmail Smith. As it happens, Smith does not use his phone during the time in which Jones is wiretapping it.

According to the Privacy Principle, Jones has violated Smith’s right to privacy, even though Jones does not obtain any data about Smith. Again, this shows that the Principle of Data Ownership is not enough. We also need the Privacy Principle.

The point of these examples is simple: It is possible to violate someone’s right to privacy, even if no data has been accessed.

An Objection

Having read the examples above, one might raise the following objection: The Privacy Principle is in fact not necessary, as long as the Principle of Data Ownership applies. That is, we can explain Jones’ wrongdoing in the examples above (and any other case normally described in terms of privacy) as attempts of violating Smith’s property rights over his data: Jones is wrongfully trying to get access to information about Smith without Smith’s consent, but fails.

Our reply to this objection is the following: Imagine that in example #1, Jones’ intention was to gain access to the grandmother’s data, not Smith’s. He might not even know that it was Smith’s drive, he was hacking. In that case, Jones would not have attempted to gain access to data about Smith, and yet Jones clearly seems to have violated Smith’s right to privacy.

principle 2

Compliance with the Privacy Principle

When Seluxit collects and processes data, we respect both the Data Ownership Principle and the Privacy Principle: We only collect or process the data, which users have given us access to voluntarily and we do not collect data in users’ private domains without their consent. All data is anonymized so that no individual user is identifiable, and users´ private domains are respected.

You have a right to privacy over data about you, but you also have a right to control access to your private domains.

Principle 1: Data Ownership

Principle 1: Data Ownership

States and companies collect huge amounts of data about you, not always with your consent. Is that OK? Or do you have the right to control who has access to your data?

At Seluxit, we believe that people own data about themselves, and have the right to control what happens to their data. This is the first principle in our code of data ethics, and we call it The Principle of Data Ownership.

What is Data Ownership?

Think about what it means to say that Smith owns his car. It means that Smith may control what happens to the car. He may for example control whether the car is used by Jones, whether the car is destroyed, sold to others etc. It also means that if Jones uses the car or destroys it against Smith’s will, then he owes Smith compensation. The idea behind The Principle of Data Ownership is that ownership over data works almost the same way.

There are two crucial differences between ownership over tangible objects like cars, and intangible objects like data: Smith can sell his data to Jones, without Smith losing the data. But he cannot sell his car to Jones without losing it. And, if Smith uses his car, it will eventually be worn out. But, that is not the case with Smith’s data.

Can You Really Own Data?

The fact that Smith can sell his data to Jones without losing it, has caused some people to think that Smith should not be allowed to own the data in the first place. If Jones can have the data, without Smith losing, then Jones should be allowed to have it too.

Most people agree, though, that this is not the case with personal data. Just because Smith does not lose his data about, say, a chronic disease of his, if he sells it to Jones, it does not mean that Smith should not be able to own these data and exclude Jones from having access to them.

It is important to remember that the more data Jones has about Smith, the easier it is for Jones to manipulate Smith. For that reason, we think it is important that Smith has the right to control whether Jones has access to Smith’s data. And that right is best granted through ownership.

data ownership

An Example

Imagine the following: Smith is talking with a friend about a product that he wants to buy, and shortly thereafter, Smith sees an advertisement for that product on social media. The microphone in Smith’s smartphone has been turned on by companies in order to listen to what Smith might be likely to buy in the near future. According to The Principle of Data Ownership, the company is stealing Smith’s data in this case, unless he gave explicit informed consent beforehand.

Wappsto: A Data Market

One reason we endorse The Principle of Data Ownership is that it allows for data markets in the future. In order to buy and sell things on a market, these things need to be owned. At Seluxit we are in the process of developing a data market on our platform Wappsto, where people can buy and sell data produced through their IoT devices. These devices will produce data that is not strictly speaking personally. But in order to buy and sell these data, people need to own them.

data value

Data Value

Another reason we think that people should have property rights over data about them is the opposite would decrease the value of data. For example, once companies know that Smith bought a vacuum cleaner, the value of information that he searched for one on the Internet decreases. If Smith owns data about him, he might be able to sell the data on the market at a higher price.

We do not only want to do what is legal. We also want to do what we think is right.

Does the Principle Always Apply?

An obvious objection to the principle could be this: If Smith owns data about himself, then it implies that Smith’s property rights are being violated all the time, when he for example walks down the street and Jones can see Smith’s hair colour, approximate age etc.

For that reason, we think that ownership over personal data is often waved when people voluntarily choose to make the data in question public.

Another objection could be this: If Smith owns data about him, then the state violates Smith’s property rights all the time, when they gain access to Smith’s information, such as information about income, medical history, criminal history etc.

Our response to this objection is that Smith’s property rights are in fact violated in all of these cases. However, in such cases, there are often overriding societal benefits trumping Smith’s property rights over these personal data. For example, in order to protect children’s right to safety, it may be necessary to collect criminal histories of prospective kinder garden teachers.

There are many more grey-area cases like these, challenging The Principle of Data Ownership. We do not have an answer for all of them.