Karl Steinacker explains that in a society of rapid technological change personal data accounts should become the cornerstone of digital interactions, much like a personal bank accounts of today which have transformed beyond recognition in the last 40 years. The key, he argues to change is government legislation and, critically, civil society involvement.
As someone who has lived the transition from the analogue to the digital age, I remember money in paper bags, rental books, and discount stamp booklets. Hiding one’s savings under a mattress or in bed linen was common in a society in which – at least for the wage-earning and rent-paying segments of society – cash was the only thing that mattered.
Although cashless payment transactions have been the norm for most for several decades, it is only recently that consumers in the European Union have gained the legal right to a basic bank account. Also, today’s bank accounts offer customers confidentiality and thus the right to regulate payment transactions and financial circumstances privately, without third-parties spying. The fact that the tax office might have access is no contradiction since there is also an obligation to pay taxes and to contribute to the maintenance and further development of the community.
Data collection about us is changing rapidly
Government legislation is trying to keep pace with increasingly rapid technological development. Since 2018, thanks to the General Data Protection Regulation (GDPR) of the European Union, each citizen should have sovereignty over his sensitive data. But where did need for such a law arise from and does it work?
By way of explaining, a quick story: I travel a lot. I lived abroad for many years. My typewriter was stolen in East Africa in 1989. It went without a trace or shred of evidence connecting it to me. Now consider today: I have several digital identities and have left digital traces on four continents, plus the cyber world. Since I don’t keep a diary, Facebook helps me: every log-in, I am a customer since 2009, is meticulously listed, no matter if I log in from Western Europe or East Africa. Thanks to GDPR Facebook must share this comprehensive logbook so I am aware which data Facebook has collected about me. But, and it is a big but, this doesn’t give me any sovereignty over this data.
Thinking ahead, one day my self-driving electric car will whir through the streets of tomorrow and leave data at each sensor it passes. Twin questions arise; who stores that data and who has access to it? The questions don’t end there, in fact, those are just for starters, consider:
- If I wanted to know who was sitting beside on a certain day at a certain time, would a CCTV operator be able to pull an image and would I be allowed to view it?
- What does data sovereignty mean if my digital patient file is stored with the health insurance company and my credit score data with a ranking agency?
- Do I have the same access to my time account at work as I have to my bank account?
- How many passwords do I need to memorise so I can track last year’s financial statements or monitor my child’s performance at school?
The need for digital identities
By now it should be clear that the data sovereignty of the individual will only work if there are appropriate infrastructures, legal regulations and profitable business models.
First of all, there is a need to define “digital identities”. Some questions should prompt what they might be. For example, who can and should know who is behind an IP address and who owns the data of a smart electricity meter that buys and sells electricity? Is it possible to make anonymous purchases on the Internet, replicating cash transactions on high street and vending machines? Clear names make sense for online tax returns and other interfaces between citizens and administration. But beyond that, is it just the government-certified identity of my ID card, or do we accept that the big tech companies set up parallel worlds of crypto identities and currencies on their platforms?
It is normal to set up and use accounts that banks operate for us. Modern consumer societies would be unthinkable without the integration of millions of workers and consumers into cashless payment systems. Global trade too. Banks are regulated by the State.
Consumer protection is part of any government’s agenda. This is a well-established system that we take for granted.
In the digital society, where everyone leaves digital traces everywhere and constantly, intentionally and unintentionally, a comparable system is lacking. It is, therefore, necessary to rethink Data Protection and Trust, individual responsibility and State protection, and the associated business models in a new and, above all, practical way.
An EU regulation (eIDAS) largely unknown to the public paves the way for private electronic trust services and a transnational research project (www.LIGHTest.eu) is working on the necessary digital infrastructure. Start-ups and IT companies are proposing a new technology for this purpose: Blockchain. But technological and technocratic solutions alone will not suffice, we need a broad discussion in our societies. At the same time, quick and bold decision making is called for. Otherwise, a few companies will once again roll-out technologies in a regulatory void and, once again, try to impose a fait accompli to our societies.
Personal data account
The concept of an personal data account is the cornerstone for effective data sovereignty for the simple reason that I can only control what is with me. This applies not only to my money but also to my personal data. My data account is the place where my patient file belongs – and only there. Data retention? Yes – if the storage takes place in my data account!
Politicians everywhere need to realise that access to the mobile Internet is a basic need, comparable to access to bank accounts. But really, this is yesterday’s talk. Today, our societies need to create sufficient and inexpensive storage space on a massive scale, so that data accounts can be set up for everyone. The digital infrastructure for effective cloud computing should, as the provision of electricity and water, roads and public transport, be regarded as a public utility.
The task is gigantic, but not illusory: new laws and regulations must be drawn up. We need institutions that represent the interests of citizens in the digital space while private providers develop profitable business models for each of us managing his digital privacy. Civil society groups, associations, academia, schools – everyone is called upon to participate in this key project for a democratic and digital society.
I have arrived at the end of my short journey through time. I confined myself to the era of cash payments and typewriters. I could have looked further back, to Mesopotamia before our time, for example. There, according to the ethnologist David Graeber, the account was invented in temples before even the money was invented. I cannot judge whether this is the historical truth, but I am convinced that the concept of the account will still be needed for a long time to come: Only data accounts for everyone’s personal data can bring practical meaning to the concept of data sovereignty.
Karl Steinacker
Digital Advisor
International Civil Society Centre
Karl Steinacker is currently the Digital Advisor of the International Civil Society Centre. He studied political science at the Free University of Berlin and international law at Cambridge University. He then spent three decades working for the United Nations (UNDP, UNRWA, DPKO, UNHCR) in the fields of development, peacekeeping and refugee protection. At the UN Refugee Agency, he held positions in Africa and at its Headquarters and was responsible for Registration, Statistics, and Data and Identity Management as well as for Camp Coordination/Camp Management.
