Consent is not an adequate protection for users even when it is properly obtained - this article explains why instead users must always retain control of their data (core principles of both SolidMIT & SAFEnetwork)
This is a conclusion reinforced by the Supreme Court’s judgment that we have a constitutional right to privacy. But personal information is information about our relationships as well, so information collected about us affects also our families, our friends, and our communities.
This is why “consent” is not a sufficient basis for determining the responsibilities to protect data about people. If I consent to allow a platform company to read all my email in return for giving me free email service, I am also giving away information about the people I correspond with, without regard to their wishes.
Even if I think the chance of harm to me from loss of my information by the platform company is a risk worth taking in order to have free email service, that may not be acceptable or appropriate for my children or my friends. Nor can I possibly know how future events in my life, or changes in technology or society, might affect my understanding of my safety or my best interests. Today’s easy consent might very well be tomorrow’s disastrous mistake.
So, the law we need is not about getting, managing, or automating consent. The objective is not consent, but control. People should be able to control access to information about them
Agreed to the legal principle. But: I lose control to information when I send it to another. That is impossible to change because it is true in mathematical sense. Law can’t solve.
Yes and no. You lose control if they make a copy, but the law can prevent them from doing that without your consent or require them to delete it on you withdrawing consent etc. This assumes compliance and enforcement of course, so I’m trying to find out if I understand your point?
Misusing data is usually possible without bad guy reveal his identity. Anonymously.
So: Enforcing such law would require complete information about what everybody stores.
So: Real protection for your data would violate the privacy of everybody else!
It’s practically impossible too but that is almost irrelevant to the question.
Yes, thanks for clarifying. It isn’t that law can’t regulate this, but that bad actors can ignore and attempt to avoid being held to account.
This is always the case. At the moment this is one problem, and the lack of appropriate regulation wrt consent and control is also a big problem.
The former is no reason to give up on the latter, so I don’t see your point as undermining the point made in the OP, rather I see it as a separate yet also important problem.
Safe Network will solve lack of appropriate regulation, disagreement about what’s appropriate, and the regular unlawful overreach by authorities. Though: Only when we chose to deny access or to reveal information. Not when misusing data already accessed. It would be irresponsible to consider such data anything less than completely out of control.
For protecting people. Let’s imagine: I send you something. You can verify it’s from me. If you pass it on to 3rd party, they can also verify it’s from me. Could we do it so that the 2nd part is not true? For example: After some time, I share the keys anonymously. When you received my message: It was useful to verify my identity. Rater: It’s public knowledge: No longer proof I’m the sender. But this only works if content itself doesn’t identify me.