This book addresses a topic of vivid public discussion at both national and international levels where an information technology revolution comes together with pervasive personal data collection.
This threat to privacy is peculiar and the old tools, such as consent for personal data processing, fail to work properly in the context of online services. This was clearly seen in the case of Cambridge Analytica which uncovered how easy the procedural requirements of consent and purpose limitation can be abused on a mass scale.
The lack of individual control over personal data collected by online service providers is a significant problem experienced by almost every person using online services: it is an ‘all or nothing’ choice between benefiting from modern digital technology and keeping their personal data away from the extensive corporate surveillance. If people are to have autonomous choice in respect of their privacy processes, then they need to be able to manage these processes themselves.
To put individuals in the driver’s seat, the book first conducts a careful examination of the economic and technical details of online services which pinpoints both the privacy problems caused by online service providers and the particular features of the online environment. Then it devises a set of measures to enable individuals to manage these processes taking into account economic, technological and legal considerations. The proposed Privacy Management Model consists of three interlocking functions of controlling, organising, and planning.
This requires a mix of regulatory tools: a particular business model in which individuals are supported by third parties (Personal Information Administrators); a set of technological/architectural tools to manage data within the ICT systems of the online service providers; and laws capable of enabling and supporting all these elements.
The proposed solution remedies the structural problems of the Internet arising from its architectural and informational imbalances and enables the effective exercise of individual autonomy. At the same time, it facilitates the effective operation of online services and recognises the fundamental importance of the use of personal data for the modern economy.
All of this is designed to change the way decision-makers think about Internet privacy and form the theoretical backbone of the next generation of privacy laws. It also shows that technology is not intrinsically privacy invasive and that effective regulation is possible.