Instead of the “Right to be Forgotten,” We Should Focus on How to Use Data
The focus of data privacy should be how companies use that data rather than simply deleting or anonymizing it, according to Differential Ventures.
Human behavioral data is everywhere, capturing through web browsers, retailers, banks, and social media apps we use every day. Governments have been protecting people from the abuse of their data by adding various regulations. The European Union launched the General Data Protection Regulation two years ago to regulate digital human behavioral data. California conducted its California Consumer Privacy Act.
These regulations, however, have overly focused on the “right to be forgotten” and the “anonymization of personally identifiable information.” They are dedicated to limit the ability of firms collecting and using that data. Regulations attempting to limit the availability of data would operate effectively only on the “Honor System” as people assume that companies are complying with those data collection rules.
Companies could attribute violations to accidental errors, and the ways of auditing compliance of these rules are extraordinarily hard to perform. The focus of that problem should be how people use that data. Through machine learning algorithms, we can encrypt our data and decided whether to give companies permission to use it.
“We require everyone who has even a scrap of human behavioral data to attach the identity of the person who could be identified by that data. Then encrypt that data with a key associated with that person. … And every time an algorithm needs to use that key to decrypt the information, it needs to get permission from the human being to decrypt the data.”
Companies could develop automated or semi-automated tools to respond to permission requests based on an individual’s preferences. In addition to controlling how companies use human behavior data, the “decryption-by-use” approach builds an audit trail to examine whether every algorithm being used is abiding by regulations. Companies can trace, explain, and justify each use of data when they are accused of misusing.