Page 109 - ITU Journal - ICT Discoveries - Volume 1, No. 2, December 2018 - Second special issue on Data for Good
P. 109
ITU JOURNAL: ICT Discoveries, Vol. 1(2), December 2018
initial step in this direction is the notion of data beyond its status as mere binary code, which can be
portability, i.e. the right to receive personal data and taken to motivate sui generis laws that codify the
to transfer it from one provider to another, which agent’s ownership of the data she generates [36].
has found its way into the EU General Data The problem with this approach is, however, that
Protection Regulation (GDPR). As Vayena and due to the factual differences between data and
Blasimme paraphrase, mechanisms like this seek to objects, this would currently be a property in title
turn data subjects into data distributors [33]. only. Additionally, since the EU so far does not have
a comprehensive competence for this area, such
These are positive developments in view of the legislation would have to be limited to the national
foregoing insights on the embeddedness of inforgs, sphere. Another, maybe more promising strategy
whose privacy is essential to their integrity, but who involves the proxy/agency model already familiar
also demand ways to share information with others from dynamic consent in which proxies or
and sometimes even donate data for the greater representatives make decisions on behalf of the
good. What could regulators and designers of ICT data subject (cascading consent) [4,5]. The idea
systems do to promote such activities and to put here is to employ surrogate notions for ownership
users in a position to exercise, maintain, and modify in the property sense. This could help to enable data
dynamic consent? We now formulate suggestions subjects to (re)gain and sustain control over their
for two domains. data even without the pains of strenuous and
time-consuming individual supervisory efforts.
5. LEGAL RAMIFICATIONS
6. PATHWAYS FOR GOVERNANCE
Given that technology keeps evolving at an
ever-increasing pace, regulators are faced with an Indeed, attempting to make ICT users data
uphill struggle. This is demonstrated by the sovereigns can appear to overburden the individual.
intensity of the current debates about the GDPR and Ordinary users cannot be expected to have a clear
its ability to ensure the right to privacy under big picture about the complexities of ICT, all the
data conditions. With regard to data sharing, pathways that their information takes, and the
another problematic aspect has to be addressed: sophisticated algorithmic analyses and adjustments
contrary to popular belief and some misleading that are based on the tracks they leave in the
semantics, under the current regulatory regime infosphere. We simply might be asking for too much
there is no ownership of data. The legal concepts of if we demand each ICT user to be data sovereign,
ownership and property are restricted to objects threaten to overestimate the amount of
and real estate, and the specific provisions of responsibility that should be ascribed to individuals
intellectual property (IP) law do not cover mere for their own data integrity, and open the door to
data [34]. This does not mean, however, that there holding them partially responsible for privacy
is no need for clear rules regarding who has control breaches and unconstrained information flows.
over data access and data use and who can profit
from them. Quite the contrary is true. If we keep in The worry can be addressed by highlighting that
mind that under the law as it stands, the consent while data sovereignty is a feature that is eventually
model serves as a substitute for more advanced realized in the individual ICT user, the factors that
usage rights, it becomes obvious that the enable data sovereignty extend beyond the
development of complex and dynamic consent particular data sovereign. They are tied to a
mechanisms already goes a long way to reduce multitude of agents and levels. Governance
friction. And yet even more innovative solutions are mechanisms that strive to realize the normative
both imaginable and desirable. In order to ideal of data sovereignty thus need to be
safeguard the data subjects’ sovereignty, multidimensional [4,5].
supplementary legal mechanisms are needed to
ensure that personal rights as well as rights to Individuals themselves are entitled to be provided
freedom can be enacted, remain respected, and with education that enhances their literacy with
become legally enforceable if necessary. One of the regard to data infrastructures [37]. They cannot be
strategies discussed by legal experts is the sovereigns if they proceed under ignorance of
introduction of genuine data ownership in the central features and abilities of the technology they
property sense [35]. Data is behavior-generated are using. Critical reasoning and power of judgment
and thus encompasses a cultural ontological status are key to evaluate the consequences, risks, and
© International Telecommunication Union, 2018 87