Tag: GDPR

Opting in and out of algorithms

It’s now over seven years since I submitted my doctoral thesis on digital literacies. Since then, almost the entire time my daughter has been alive, the world has changed a lot.

Writing in The Conversation, Anjana Susarla explains her view that digital literacy goes well beyond functional skills:

In my view, the new digital literacy is not using a computer or being on the internet, but understanding and evaluating the consequences of an always-plugged-in lifestyle. This lifestyle has a meaningful impact on how people interact with others; on their ability to pay attention to new information; and on the complexity of their decision-making processes.

Digital literacies are plural, context-dependent and always evolving. Right now, I think Susarla is absolutely correct to be focusing on algorithms and the way they interact with society. Ben Williamson is definitely someone to follow and read up on in that regard.

Over the past few years I’ve been trying (both directly and indirectly) to educate people about the impact of algorithms on everything from fake news to privacy. It’s one of the reasons I don’t use Facebook, for example, and go out of my way to explain to others why they shouldn’t either:

A study of Facebook usage found that when participants were made aware of Facebook’s algorithm for curating news feeds, about 83% of participants modified their behavior to try to take advantage of the algorithm, while around 10% decreased their usage of Facebook.

[…]

However, a vast majority of platforms do not provide either such flexibility to their end users or the right to choose how the algorithm uses their preferences in curating their news feed or in recommending them content. If there are options, users may not know about them. About 74% of Facebook’s users said in a survey that they were not aware of how the platform characterizes their personal interests.

Although I’m still not going to join Facebook, one reason I’m a little more chilled out about algorithms and privacy these days is because of the GDPR. If it’s regulated effectively (as I think it will be) then it should really keep Big Tech in check:

As part of the recently approved General Data Protection Regulation in the European Union, people have “a right to explanation” of the criteria that algorithms use in their decisions. This legislation treats the process of algorithmic decision-making like a recipe book. The thinking goes that if you understand the recipe, you can understand how the algorithm affects your life.

[…]

But transparency is not a panacea. Even when an algorithm’s overall process is sketched out, the details may still be too complex for users to comprehend. Transparency will help only users who are sophisticated enough to grasp the intricacies of algorithms.

I agree that it’s not enough to just tell people that they’re being tracked without them being able to do something about it. That leads to technological defeatism. We need a balance between simple, easy-to-use tools that enable user privacy and security. These aren’t going to come through tech industry self-regulation, but through regulatory frameworks like GDPR.

Source: The Conversation


Also check out:

Nobody is ready for GDPR

As a small business owner and co-op founder, GDPR applies to me as much as everyone else. It’s a massive ballache, but I support the philosophy behind what it’s trying to achieve.

After four years of deliberation, the General Data Protection Regulation (GDPR) was officially adopted by the European Union in 2016. The regulation gave companies a two-year runway to get compliant, which is theoretically plenty of time to get shipshape. The reality is messier. Like term papers and tax returns, there are people who get it done early, and then there’s the rest of us.

I’m definitely in “the rest of us” camp, meaning that, over the last week or so, my wife and I have spent time figuring stuff out. The main thing is getting things in order so that  you’ve got a process in place. Different things are going to affect different organisations, well, differently.

But perhaps the GDPR requirement that has everyone tearing their hair out the most is the data subject access request. EU residents have the right to request access to review personal information gathered by companies. Those users — called “data subjects” in GDPR parlance — can ask for their information to be deleted, to be corrected if it’s incorrect, and even get delivered to them in a portable form. But that data might be on five different servers and in god knows how many formats. (This is assuming the company even knows that the data exists in the first place.) A big part of becoming GDPR compliant is setting up internal infrastructures so that these requests can be responded to.

A data subject access request isn’t going to affect our size of business very much. If someone does make a request, we’ve got a list of places from which to manually export the data. That’s obviously not a viable option for larger enterprises, who need to automate.

To be fair, GDPR as a whole is a bit complicated. Alison Cool, a professor of anthropology and information science at the University of Colorado, Boulder, writes in The New York Times that the law is “staggeringly complex” and practically incomprehensible to the people who are trying to comply with it. Scientists and data managers she spoke to “doubted that absolute compliance was even possible.”

To my mind, GDPR is like an much more far-reaching version of the Freedom of Information Act that came into force in the year 2000. That changed the nature of what citizens could expect from public bodies. I hope that the GDPR similarly changes what we all can expect from organisations who process our personal data.

Source: The Verge

Microcast #002



What’s Doug working on this week?

Links:

GDPR, blockchain, and privacy

I’m taking an online course about the impending General Data Protection Regulatin (GDPR), which I’ve writing about on my personal blog. An article in WIRED talks about the potential it will have, along with technologies such as blockchain.

People have talked about everyone having ‘private data accounts’ which they then choose to hook up to service providers for years. GDPR might just force that to happen:

A new generation of apps and websites will arise that use private-data accounts instead of conventional user accounts. Internet applications in 2018 will attach themselves to these, gaining access to a smart data account rich with privately held contextual information such as stress levels (combining sleep patterns, for example, with how busy a user’s calendar is) or motivation to exercise comparing historical exercise patterns to infer about the day ahead). All of this will be possible without the burden on the app supplier of undue sensitive data liability or any violation of consumers’ personal rights.

As the article points out, when we know what’s going to happen with our data, we’re probably more likely to share it. For example, I’m much more likely to invest in voice-assisted technologies once GDPR hits in May:

Paradoxically, the internet will become more private at a moment when we individuals begin to exchange more data. We will then wield a collective economic power that could make 2018 the year we rebalance the digital economy.

This will have a huge effect on our everyday information landscape:

The more we share data on our terms, the more the internet will evolve to emulate the physical domain where private spaces, commercial spaces and community spaces can exist separately, but side by side. Indeed, private-data accounts may be the first step towards the internet as a civil society, paving the way for a governing system where digital citizens, in the form of their private micro-server data account, do not merely have to depend on legislation to champion their private rights, but also have the economic power to enforce them as well.

I have to say, the more I discover about the provisions of GDPR, the more excited and optimistic I am about the future.

Source: WIRED

Venture Communism?

As part of my Moodle work, I’ve been looking at GDPR and decentralised technologies, so I found the following interesting.

It’s worth pointing out that ‘disintermediation’ is the removal of intermediaries from a supply chain. Google, Amazon, Facebook, Microsoft, and Apple specialise in ‘anti-disintermediation’ or plain old vendor lock-in.  So ‘counter-anti-disintermediation’ is working against that in a forward-thinking way.

Central to the counter-anti-disintermediationist design is the End-to-End principle: platforms must not depend on servers and admins, even when cooperatively run, but must, to the greatest degree possible, run on the computers of the platform’s users. The computational capacity and network access of the users’ own computers must collectively make up the resources of the platform, such that, on average, each new user adds net resources to the platform. By keeping the computational capacity in the hands of the users, we prevent the communication platform from becoming capital, and we prevent the users from being instrumentalized as an audience commodity.

The great thing about that, of course, is that solutions such as ZeroNet allow for this, in a way similar to bitorrent networks ensuring more popular content becomes more available.

The linked slides from that article describe ‘venture communism’, an approach characterised by co-operative control, open federated systems, and commons ownership. Now that’s something I can get behind!

Source: P2P Foundation

GDPR could break the big five’s monopoly stranglehold on our data

Almost everyone has one or more account with the following companies: Apple, Amazon, Facebook, Google, and Microsoft. Between them they know more about you than your family and the state apparatus of your country, combined.

However, 2018 could be the year that changes all that, all thanks to the General Data Protection Regulation (GDPR), as this article explains.

There is legitimate fear that GDPR will threaten the data-profiling gravy train. It’s a direct assault on the surveillance economy, enforced by government regulators and an army of class-action lawyers. “It will require such a rethinking of the way Facebook and Google work, I don’t know what they will do,” says Jonathan Taplin, author of Move Fast and Break Things, a book that’s critical of the platform economy. Companies could still serve ads, but they would not be able to use data to target someone’s specific preferences without their consent. “I saw a study that talked about the difference in value of an ad if platforms track information versus do not track,” says Reback. “If you just honor that, it would cut the value Google could charge for an ad by 80 percent.”

If it was any other industry, these monolithic companies would already have been broken up. However, they may be another, technical, way of restricting their dominance: forcing them to be interoperable so that users can move their data between platforms.

Portability would break one of the most powerful dynamics cementing Big Tech dominance: the network effect. People want to use the social media site their friends use, forcing startups to swim against a huge tide. Competition is not a click away, as Google’s Larry Page once said; the costs of switching are too high. But if you could use a competing social media site with the confidence that you’ll reach all your friends, suddenly the Facebook lock gets jimmied open. This offers the opportunity for competition on the quality and usability of the service rather than the presence of friends.

Source: The American Prospect