Browser cookies are not consent: The new path to privacy after EU data regulation fail

Published at: Dec. 5, 2021

The endless cookie settings that pop up for every website feel a bit like prank compliance by an internet hell-bent on not changing. It is very annoying. And it feels a little bit like revenge on regulators by the data markets, giving the General Data Protection Regulation (GDPR) a bad name and so that it might seem like political bureaucrats have, once again, clumsily interfered with the otherwise smooth progress of innovation.

The truth is, however, that the vision of privacy put forward by the GDPR would spur a far more exciting era of innovation than current-day sleaze-tech. As it stands today, however, it simply falls short of doing so. What is needed is an infrastructural approach with the right incentives. Let me explain.

The granular metadata being harvested behind the scenes

As many of us are now keenly aware of, an incessant amount of data and metadata is produced by laptops, phones and every device with the prefix “smart.” So much so that the concept of a sovereign decision over your personal data hardly makes sense: If you click “no” to cookies on one site, an email will nevertheless have quietly delivered a tracker. Delete Facebook and your mother will have tagged your face with your full name in an old birthday picture and so on.

What is different today (and why in fact a CCTV camera is a terrible representation of surveillance) is that even if you choose and have the skills and know-how to secure your privacy, the overall environment of mass metadata harvesting will still harm you. It is not about your data, which will often be encrypted anyway, it is about how the collective metadata streams will nevertheless reveal things at a fine-grained level and surface you as a target — a potential customer or a potential suspect should your patterns of behavior stand out.

Related: Concerns around data privacy are rising, and blockchain is the solution

Despite what this might look like, however, everyone actually wants privacy. Even governments, corporations and especially military and national security agencies. But they want privacy for themselves, not for others. And this lands them in a bit of a conundrum: How can national security agencies, on one hand, keep foreign agencies from spying on their populations while simultaneously building backdoors so that they can pry?

Governments and corporations do not have the incentive to provide privacy

To put it in a language eminently familiar to this readership: the demand is there but there is a problem with incentives, to put it mildly. As an example of just how much of an incentive problem there is right now, an EY report values the market for United Kingdom health data alone at $11 billion.

Such reports, although highly speculative in terms of the actual value of data, nevertheless produce an irresistible feam-of-missing-out, or FOMO, leading to a self-fulfilling prophecy as everyone makes a dash for the promised profits. This means that although everyone, from individuals to governments and big technology corporations might want to ensure privacy, they simply do not have strong enough incentives to do so. The FOMO and temptation to sneak in a backdoor, to make secure systems just a little less secure, is simply too strong. Governments want to know what their (and others) populations are talking about, companies want to know what their customers are thinking, employers want to know what their employees are doing and parents and school teachers want to know what the kids are up to.

There is a useful concept from the early history of science and technology studies that can somewhat help illuminate this mess. This is affordance theory. The theory analyzes the use of an object by its determined environment, system and things it offers to people — the kinds of things that become possible, desirable, comfortable and interesting to do as a result of the object or the system. Our current environment, to put it mildly, offers the irresistible temptation of surveillance to everyone from pet owners and parents to governments.

Related: The data economy is a dystopian nightmare

In an excellent book, software engineer Ellen Ullman describes programming some network software for an office. She describes vividly the horror when, after having installed the system, the boss excitedly realizes that it can also be used to track the keystrokes of his secretary, a person who had worked for him for over a decade. When before, there was trust and a good working relationship. The novel powers inadvertently turned the boss, through this new software, into a creep, peering into the most detailed daily work rhythms of the people around him, the frequency of clicks and the pause between keystrokes. This mindless monitoring, albeit by algorithms more than humans, usually passes for innovation today.

Privacy as a material and infrastructural fact

So, where does this land us? That we cannot simply put personal privacy patches on this environment of surveillance. Your devices, your friends’ habits and the activities of your family will nevertheless be linked and identify you. And the metadata will leak regardless. Instead, privacy has to be secured as a default. And we know that this will not happen by the goodwill of governments or technology companies alone because they simply do not have the incentive to do so.

The GDPR with its immediate consequences has fallen short. Privacy should not just be a right that we desperately try to click into existence with every website visit, or that most of us can only dream of exercising through expensive court cases. No, it needs to be a material and infrastructural fact. This infrastructure has to be decentralized and global so that it does not fall into the interests of specific national or commercial interests. Moreover, it has to have the right incentives, rewarding those who run and maintain the infrastructure so that protecting privacy is made lucrative and attractive while harming it is made unfeasible.

To wrap up, I want to point to a hugely under-appreciated aspect of privacy, namely its positive potential for innovation. Privacy tends to be understood as a protective measure. But, if privacy instead simply were a fact, data-driven innovation would suddenly become far more meaningful to people. It would allow for much broader engagement with shaping the future of all things data-driven including machine learning and AI. But more on that next time.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Jaya Klara Brekke is the chief strategy officer at Nym, a global decentralized privacy project. She is a research fellow at the Weizenbaum Institute, has a Ph.D. from Durham University Geography Department on the politics of blockchain protocols, and is an occasional expert adviser to the European Commission on distributed ledger technology. She speaks, writes and conducts research on privacy, power and the political economies of decentralized systems.
Tags
Related Posts
Digital sovereignty: Reclaiming your private data in Web3
As the Fair Data Society puts it, we are laborers in the data economy. Our personal data — basically, the digital blueprint of our lives — gets collected by platforms we interact with, most often in a non-transparent way. At best, it is used to improve our user experience. At worst, our privacy gets breached, monetized and even weaponized against us. It all started with the emergence and growth of the user-generated web, as seemingly free social media networks, search engines and companies saw a new opportunity of profiting and went into the business of gathering, storing, analyzing and selling …
Decentralization / May 7, 2022
Genomics company explores NFTs in hopes of advancing precision medicine
It’s predicted that nonfungible tokens (NFTs) will have a vast impact on society. Given this, it shouldn’t come as a surprise that the trillion-dollar healthcare sector has begun to explore NFTs tokens to advance medicine. It’s also important to point out that blockchain technology can play an increasingly important role within the healthcare sector. This was recently highlighted in a report from the European Union Blockchain Observatory, which specifically documents how blockchain applications can solve challenges facing the healthcare industry. For example, the paper notes that patient engagement and transparency of how data is stored, along with the effective distribution …
Decentralization / May 23, 2022
Identity and the Metaverse: Decentralized control
“The Metaverse” and “Web3” are the buzzwords of the moment, with their concepts permeating across the worlds of fintech, blockchain, and now even mainstream media. With decentralization thought to be at the core of the Web3 Metaverse, the promise of a better user experience, security and control for consumers is what’s driving its growth. But with users’ identities at the heart of the Metaverse, coupled with unprecedented amounts of data online, there are concerns over data security, privacy and interoperability. This has the potential to hinder the development of the Metaverse, but both regulated and self-sovereign identities could play an …
Decentralization / May 28, 2022
Blockchain-based solutions aim to address US disaster relief
Natural disasters in the United States are becoming more prevalent, resulting in increasing costs, a lack of transparency between state and government organizations, and a slew of other issues impacting relief systems. The Pew Research Center found that the Federal Emergency Management Agency’s (FEMA) public assistance program spent 23% more on natural disasters between 2010 and 2019 than it did from 2000 to 2009. Data from Climate.gov further shows that 2021 was the third-costliest year in history for natural disasters in the U.S., totaling over $145 billion in damages from 20 weather-related incidents. But as disasters become more common and …
Decentralization / July 14, 2022
Crypto companies aim to build trust within future products and services
The cryptocurrency ecosystem underwent a turbulent year in 2022. Criticism inside and outside of the crypto industry was fueled following the collapse of FTX, Celsius, Three Arrows Capital and the Terra ecosystem. A number of losses have been recorded from these events. Blockchain analytics firm Chainalysis released a report in December of last year, which noted that the depegging of Terra’s stablecoin, Terra USD Classic (USTC), saw weekly-realized losses peak at $20.5 billion. Findings further show that the subsequent collapse of Three Arrows Capital and Celsius in June 2022 saw weekly-realized losses reach $33 billion. While these events may have …
Decentralization / Jan. 6, 2023