Home  |  Sarah  |  Services  |  Blog  Contact

Wednesday, 21 Oct , 2020

Musing: Personal data ownership, virtual employment, and digital symbiotes

Share this article

This is a post grown from a marmite-ish predecessor. A reaction to the drive to turn our personal data into a market priced commodity.

Paying to play with our personal data – is it ok?

A segmented unit of product that we are supposed to share for the price of a posh coffee. A price unlikely to reflect the revenue generated and potential harm from never-ending  re-use, via invisible international supply chains

That past post calls for a change in thinking. A shift to consider the data we share as a direct extension of our very real selves. Because, to all intents and purposes, in the harm that can be caused and the money that can be earned through selling personas for profit, it is. Like an astrally projected arm, or cloned leg.

I worked through different ways of thinking about this to  manufacture mental hooks, but the crux of it all? We shouldn’t sell bits of our personal data, any more than we should sell a kidney to a friend. The way in which our virtual identities are currently used is mainly, as I said back then, indentured labour. “Free” access, social media interaction, games, tools, and information in return for making us dance like puppets for them and their outward rippling web of special friends.

Did that sound distasteful? That’s almost certainly because it is.

So what am I practically proposing? I’m proposing a fundamental rethink of the way we digitally interact. I’m proposing, when the interaction surpasses the merely personal, that we drop the pretence of fairly bartering away our rights for ‘free’ service. I’m suggesting. to more rationally, safely, and usefully allow for ever more embedded and immersive physical or digital interaction, a concept of being partly or fully, employed.

When you think about it, what else could reusing us to generate direct or indirect commercial value for a third party, really be?

We HATE it when someone uses our personal data without permission. We hate that companies see us as their property. Even when we share details publicly it doesn’t equate to a green light to scoop us up, dump us into cloud buckets, and sell us to the highest bidder. A bidder that passes judgement on our inherent worth, either by direct analysis, or by mapping to separate ‘findings’ about ‘people like us’. They will segment us by personality, interests, sexuality, wealth, religion, political leanings, mental health, criminal tendencies (looking at you Clearview). But what are we really railing against? I’ll take an educated guess: We are railing against the risk of abuse and the more general feeling of flagrant, dismissive, and impersonal disrespect. We are railing against being judged by people we don’t trust. We are railing against feeling powerless to ever set a damaging record straight and not knowing who we will be sold to and judged by next. If not for us, then for our young ones, who are leading lives so indivisible from the lives they lead online, the difference is disappearing.

But it’s not the same as employment is it. Online we can replicate ourselves, or the segmented portion of ourselves, as many times as needed. It is not a finite resource. Nor is any digital content until access and usage is appropriately limited. But we don’t want to make this about licensing or copyright, so  back to that employment question. Not quite employment on a one to one basis. More like acting as an employment intermediary for an army of partial clones. But again, it’s not really about clones is it, nor would children work as an analogy. That’s how I came round to the concept of sybiotes (thanks Stargate).

From the time of our birth, each and every one of us has been existing with a legion of more or less mature symbiotes. Parts of us, some sophisticated enough to be an entire persona, some the merest sketch of a descriptive phrase. All of these more or less complex pieces are able to combine with others to become more a more sophisticated  entity. They do not exist and have value without their link to us and if someone attempts to sever that intrinsic tie, they begin to die (accuracy bleeds away over time). We often suffer fallout for how they are abused. How their parts are harvested and reused until time drains away the integrity of their enduring link to who we become. That is, except for some of our most precious passengers, those imbued with immutable parts of who we are.  Those involving our DNA, or discrete genes.

In between those unchanging elements and the  more transient building blocks (our address, our place of work, our bank details, our email address, our favourite shop, linked people), are other things that change, but very much more slowly (our gait, our iris, our voice, our signature), then things that will remain the same, in their government registered form, unless we make them change (e.g. our  name, our national insurance number, other government issued IDs). Individual elements of our existence in physical or virtual space and time, each more or less valuable singly, or in combination. Many working as uniquely identifying anchors for other elements to coalesce around. Each entity of more or less durable value to another person, when allowed out of our sight, and out of our control.

So symbiotes, for hire, ok, but at what price? With what conditions of employment? With what enduring rights? With what right to redress for a breach of whatever will serve as contract? With what collective bargaining to redress the horrific inequality that shows no signs of abating?

Of course there can still be free data use for a good cause, but not without limits and respect, the same kinds of limits and guardrails we put in place for flesh and blood volunteers. Our SymbIDs (ooh, I like that), entitled to protection under rights that link back to our primary host entity. Remuneration negotiated collectively to fairly reflect SymbID utility, longevity, specified purpose, and, yes, market scarcity. We can voluntarily link our SymbIDs to those belonging to others via a partnership agreement. Recognising the relative value each of us, with our huge variation in physical and online skills, experiences, networks, and creations.

Does that mean we should ask the market to decide the value for any more or less complex SymbIDs, or a combination of all of our SymbIDs, plus us, as the originating physical host? How about we don’t, at least at first. How about we examine the nature of current and potential employment, the pitfalls inherent in the imbalance of power, and reimagine that for a world where this concept may one day, with the likelihood of a fully uploaded consciousness, that might end up working alongside our pre-existing physical self. become very, very, real. 

And that is where I am going to leave this for now. I’m fascinated to hear what others think about this concept of a future symbiotic world of work. A place where both physical and virtual are imbued with proper respect for all we can physically, psychologically and symbiotically be.

Whether you see this as indulgent rubbish, science fiction, or a potential path, we have to put on our thinking caps, because if we don’t, the data oligopoly will be more than happy to sort it for us.

Related articles about about personal data ownership and personal data as property:

You could also see the recently released Social Dilemma for details, depending on your tolerance for all of the 2020 hindsight from techies who have morally moved on.

Opinion: Paying to play with our personal data – is it ok?

We’ve migrated from ‘Hot or Not?’ to being held virtually hostage by many of the digital platforms we rely on today. In the midst of that a new processing paradigm has emerged. Myriad startups want to pay to play with your personal data. Can this tackle on-going...

In AI we will blindly trust…

...and the architects, designers, data scientists, and developers will think we are nuts I've been driven back to the blog to talk about one very specific aspect of privacy, data protection and Artificial Intelligence (exchange for Machine Learning or Algorithms as...

Data Protection, Security, and the GDPR: Myths and misconceptions #2

Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back again over my pre-privacy IT and InfoSec career to spot things likely...

Where and to whom does the GDPR apply?

Yeah, I doubted my sanity going at this one too, but here I am, because working out whether or not the GDPR would apply in different practical and geographical circumstances is proving harder than it really should...for everyone. This regulation has been my almost...

GDPR – You’ve analysed the gaps, but can you close them?

  There is a critical gap for most firms: An inability to interpret and leverage gap analysis, data discovery, and mapping output to actually implement technical data processing change. This article is about the challenges most large firms are facing when trying...

GDPR – The Compliance Conundrum

There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR 'good' is straightforward. In many others we are asked to respect principles of fairness and...

Opinion: The role of automated data discovery in a GDPR programme

Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you...

When Business Culture Eats Cybersecurity For Breakfast – Part One

A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security. Wild Speculation & IT Transformation Do you remember Nick Leeson? On February 23rd 1995 he sent a fax telling bosses at Barings Bank he was ill and wanted...

Cyber Insurers Dictating Cybersecurity Standards?

A run down of the key challenges with choosing and using cyber insurance called out in the last few months. It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using...

There Is No Such Thing As Information Security Risk

Having worked in IT and Information Security for 13 years, I've come to the conclusion that there is no such thing as information security risk. There are just business risks that have one or more security or IT related causes. There is a fundamental and persistent...