[MyData & Open Data] Workshop on June 10 & 11
Mark L
mark.lizar at gmail.com
Tue Apr 1 10:06:13 UTC 2014
Hi Stef,
On 1 Apr 2014, at 02:05, stef <s at ctrlc.hu> wrote:
> On Mon, Mar 31, 2014 at 09:26:01PM +0100, Mark L wrote:
>> I agree with Javier view and think that this a great topic for OKfest in Berlin.
>>
>> What can we do, and encourage others to do ?
>
> first there must be clear red lines. stuff that is untouchable by default (no
> consent by default), the dividing line being: only data subjects that hold
> privileges over other data subjects are to be made public to the subjects they
> are having control over,
Yes, as you mention (in a previous post) the language is inherently biased. Data Subjects is a terrible term to describe the data I create and control. As oppose to Master Controller which in my opinion is much more appropriate.
> the amount of transparency depends on the privilege
> level, this data should be according to the open data principles, but
> initially only available to the data subjects under control of the privileged
> one,
The privileged one is perhaps more appropriately described as the Master Controller, not just the data controller, seems much more appropriate than the data subject. Especially in the context of Open Data.
> the same transparency should also apply to companies handling personal
> data.
Yes, the relationship between the Master Controller and the Data Controller . Perhaps fixing the language a little will go a long way.
>
>> In fact this is the session we have started to draft. You can see this session discussion here http://pad.okfn.org/p/Privacy_at_OKFestival_14 (session 5)
>>
>> What will have a real impact? Subject Access Requests on a massive scale? (something Casper Bowden and I once discussed)
>
> - privacy-by-default regulation (as in data minimization)
> - decentralized storage and control of data by the data subject
> - mandatory "datenbrief"
> - fines for data leaks should be much higher, like the EC proposed.
I think we need to go beyond fines. We need the ability to withdraw consent and enable each individual to hold the company liable.
>
> would be a nice start.
>
>> I am sure there are many ways to apply rights in the digital age.
>
> the problem is they're not very much enforced.
Enforcement I agree is the key.
I would propose looking at ways in which this can be crowdsourced. In other words co-regulation.
For instance, what if we all started asking for a consent receipts (which is our legal right in most jurisdictions)?
Like a commercial transaction receipts we can use them to hold the data controllers accountable.
Food for thought.
- Mark
>
>
> --
> otr fp: https://www.ctrlc.hu/~stef/otr.txt
More information about the mydata-open-data
mailing list