Privacy regulation continues to spread around the world. EU Data Strategy, for example, tries to navigate the shoals of China-style central control vs. US-style private mega platforms. Consumer advocates like MyData are getting organized around Principles and technically-inflected policy groups like the MyData Operators that are still a work-in-progress.
By way of example, here's a brief comment of mine to the MyData Operators discussion:
"Separation of Concerns" or SoC might be clearer.
I think this is the elephant in the Operators room. I would approach this elephant from two directions based on a clear interpretation of the MyData Principles:
1 - "How many entities aggregate information about me?" Aggregation of data (dossiers, in the Stasi sense) is very different from processing. Right now, GDPR and the EU data strategy both allow for a million Stasi dossiers about me. I can't believe that is consistent with our Principles and we need to be clear about that with the EU.
2 - "Changing Operators should not require moving data." This is the essence of SoC. It is also a deal-breaker for almost all of the proto-operators because they don't get to add value as processors. Furthermore, it makes little sense to consider decentralized governance as a Principle if governance has to combine both control and processing. Combining the control and processing concerns into one entity creates impractical regulatory systems like China or Facebook. Does EU really want to do one of those?
My apologies for being so blunt. I don't oppose an incremental approach to MyData Operators but if SoC is not the clear goal from the start, and if EU doesn't see that, then we're not likely to do anything much.
As we work through the scope of Identity Hubs and related Secure Data Storage standards, I hope we can reconcile our design with the rubrics for decentralization at the core of DIF.
tplooker
commented
4 years ago
Privacy regulation continues to spread around the world. EU Data Strategy, for example, tries to navigate the shoals of China-style central control vs. US-style private mega platforms. Consumer advocates like MyData are getting organized around Principles and technically-inflected policy groups like the MyData Operators that are still a work-in-progress.
By way of example, here's a brief comment of mine to the MyData Operators discussion:
As we work through the scope of Identity Hubs and related Secure Data Storage standards, I hope we can reconcile our design with the rubrics for decentralization at the core of DIF.