On 19 March 2015 the international law firm Taylor Wessing organized the first IT/IP Open Mic in Berlin and I was honored that Paul Voigt asked me to hold the keynote. I mean, in the last years I got several invitations to the Open Mic in Hamburg, a popular evening get-together for IP/IT experts, but never made it. Luckily, the event came to me now. And for those of you, who couldn’t make it to join the relaxed discussion circle, I sum up my main theses about „Internet of things – Internet is everywhere, privacy is nowhere“.
1. Anonymity on the Internet is a privilege of the educated and wealthy part of the society
Last year I spend some time in California and one day I went for a stroll at the Golden Gate Bridge. Suddenly, I hear a weird humming sound. I was looking for the source of it. Left, right, on the ground… and in the air. There it was: a drone. And what did I do? I took a drone video and tried to tweet it. Btw: At these days, it was only possible to tweet a link to a video, not the video itself, unfortunately.
Expect the fact, that I disclosed information about myself with this very „digital“ reaction, it is a perfect example for evolution of privacy: We do not just cause data and information by actively doing something, by using a wearable like a fitness tracker, a smart device like an intelligent fridge, a voice recognition service like Siri, Cortana (or Barbie) or a video home surveillance system. We are subject of a huge information collection even if we don’t know it.
The consequence can be, that we are not anonymous anymore. Whatever we do, especially on the Internet, we leave a trace of data, of information that can be combined with other information and supposedly individualize us. However, information that can be used to single out an online user doesn’t mean, that this profile is „personally identifiable information“ (PII). PII is a legal term that is subject of tedious and tiresome discussions especially in Europe. Is the cookie ID PII, or the IP address? Unfortunately, we still stick to this term drafting the European data privacy regulation instead of shaping a legal framework that reflects the reality. Internet causes information and data. Still, not every data is PII although it might be connected to other data and might „single out a user“.
In many cases a profile leads to a device, not to a person. For instance, a data set with IP addresses, browsing and ad view history is not equivalent to a data profile, which contains my complete home address and information from my health insurance company. The latter is unavoidably connected to me as a person, an individual, whereas the first example is connected to a device and is only able to show „digital me“. I mean, that is the reason why targeting, recommendation, and personalization work only if they are based on real (first party) data (e.g. Amazon’s recommendations) or very good analytics.
Consequently, data profiles can affect different levels of „privacy“ and shouldn’t be treated like PII just because data could be used to „single out a user“.
But does that lead to the end of anonymity? I don’t think so. Anonymity is and will be feasible for those of us, who understand 1.) the impact of information collection and the effects on our human rights like free speech and free information, and 2.) how to hide or at least confuse data collectors and therewith influence the data profiles. It might sound rude, but the understanding requires a big chunk of intelligence and education, because the Internet is simply complicated. To use given privacy settings is quite easy. Browser settings and add ons, e.g. to block tracking, are means used by more advanced Internet users. And what about the rest: fingerprinting, encryption of communication, flash cookies and DOMs, Internet router upgrades etc.? Well, either you are smarter than the average, or, if you are not, you have the money to ask someone to teach you or to do the complicated work for you to „disguise“ yourself or create several „digital mes“.
And yes, even the intelligent and wealthy people are very often to lazy to use several browsers, clear histories, patch, or upgrade software, use privacy and security tools etc.. However, that is a deliberate decision to have a more convenient life and not to be anonymous. A decision, which is understandable in a stable society and a peaceful era. We might change our opinion if the mood and the personal feeling of freedom switches.
2. If data is the oil of the future, data protection is energy saving.
Big data and smart data – buzzwords like cloud computing. Nothing new but the term sounds modern. Actually, data is needed to provide good services. And we love convenience! If you don’t like to type, you use voice recording and recognition services. If you want to find a nice restaurant around you, you need to be localized. And if you want to find a new partner without leaving your flat, you create an online dating profile about yourself.
Data is crucial for convenience, for new products, for the economy. And many call it the „oil of the future“. That is true, but it reminds me also of the history of oil: Once it was discovered, it was used for various purposes: mainly for energy and fuel, to create plastics like Tupperware containers, linoleum floor and silicon. And we love(d) it! But the more we consume the less we have. Oil is a limited resource and we have already started to limit the energy consumption, are searching for alternatives without giving up our economic status and standard of living.
Regarding data we experience the contrary: The more data we collect and have, the more problems and challenges we see. And data isn’t limited. However, I have barely heard of someone who suffered from or got damages directly caused by data collection or data use. We still struggle with creating a direct link between data collection and damages. And I don’t talk about copyright infringements, illegal use of a personal picture or security breaches that disclose credit card data. In these examples data is involved, yes, but data profiles or massive data collections is not the direct reason for damages. Actually, it is different with governmental surveillance programs. But people haven’t understood yet (due to a lack of intelligence or for whatever reason), that this „big data“ causes very painful damages to our human rights.
For the time being, data caused damages remain intangible. And where we don’t feel pain, we don’t react or take preventing measures. I guess, it will take several years that protection of privacy will really influence everybody’s behavior and life, like energy saving already does.