[MyData & Open Data] Workshop on June 10 & 11

stef s at ctrlc.hu
Thu Apr 3 14:22:35 UTC 2014 

howdy,

On Tue, Apr 01, 2014 at 11:06:13AM +0100, Mark L wrote:
> On 1 Apr 2014, at 02:05, stef <s at ctrlc.hu> wrote:
> > first there must be clear red lines. stuff that is untouchable by default (no
> > consent by default), the dividing line being: only data subjects that hold
> > privileges over other data subjects are to be made public to the subjects they
> > are having control over, 
> 
> Yes, as you mention (in a previous post)  the language is inherently biased.  Data Subjects is a terrible term to describe the data I create and control.   As oppose to Master Controller which in my opinion is much more appropriate. 

i'm sorry for being overly abstract, but the context here for control is to be
able to influence the data subject. as in the words often quoted Yochai
Benkler: 
privacy=protection of weak from scrutiny by powerful.
Transparency=exposure of powerful to scrutiny by weak.

> > the amount of transparency depends on the privilege
> > level, this data should be according to the open data principles, but
> > initially only available to the data subjects under control of the privileged
> > one,
> 
> The privileged one is perhaps more appropriately described as the Master Controller, not just the data controller, seems much more appropriate than the data subject.  Especially in the context of Open Data. 

i meant rather the privileged one in the context of above Benkler quote:
anyone having power over groups of people (society, communities), deans,
police, judges, politicians, etc.

> > the same transparency should also apply to companies handling personal
> > data. 
> 
> Yes, the relationship between the Master Controller and the Data Controller .  Perhaps fixing the language a little will go a long way. 

first i must fix the confusion i caused by not being specific enough. ;)

> > - privacy-by-default regulation (as in data minimization)
> > - decentralized storage and control of data by the data subject
> > - mandatory "datenbrief"
> > - fines for data leaks should be much higher, like the EC proposed.
> 
> I think we need to go beyond fines.  We need the ability to withdraw consent and enable each individual to hold the company liable. 

how you mean? consent should be withdrawn by default and only with consent can
this be exempted. 

> > would be a nice start.
> > 
> >> I am sure there are many ways to apply rights in the digital age. 
> > 
> > the problem is they're not very much enforced.
> 
> Enforcement I agree is the key.   

sadly it is.

> I would propose looking at ways in which this can be crowdsourced.   In other words co-regulation. 

well, we just had the GDPR in the EP, there was lot's of possibilities to
participate, and the results and the discussion around it is still very
enlightening, i recommend to look at http://policingprivacy.org

> For instance, what if we all started asking for a  consent receipts (which is our legal right in most jurisdictions)? 

datenbriefs are much better, every data handler has to report annually about
the data being processed. it's like with opt-out vs opt-in systems, in one
case you benefit business in the other civil liberties.

> Like a commercial transaction receipts  we can use them to hold the data controllers accountable. 

for that we need fines. like 10% of the annual turnover or so...

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt

More information about the mydata-open-data mailing list