The digital self: a new dimension of the human being
The human nature, though its meanings have varied across history and fields, is assumed to have at least two dimensions: the material body and the mind. Over the decades, many efforts involving data about individuals to be manually filled with forms, have provided an understanding of human physical characteristics and behavioral patterns in connection with these dimensions. Now, we rely on digital technologies for fulfilling our daily tasks, social interaction, transportation, healthcare, and far more, hence generating a massive amount of data. Our GPS location, shopping, health, emotion, etc., are collected from our interaction with digital devices, making up our digital-self, a projection of our human nature, increasingly used in the social sphere. Accordingly, the digital-self constitutes a further dimension as it describes part of human being characteristics, various aspects of human lives, and much more unexpected discoveries about our inner selves. Ultimately, it encapsulates the personal data. And just like the material body and the mind of a human being that cannot be surrendered, sold or transferred to another entity, these personal data have inherited the inalienability feature embedded in the charter of fundamental rights of the European Union1.
Pervasive data collection as a threat to the digital self
Yet, this right is hardly enforceable in our surveillance society where personal data are routinely collected for governing, regulating, or influencing individuals' behavior towards planned results. Data sovereignty is assumed by dominant players, which operate like centralized power structures with absolute control over the personal data and defining the access rules. This power asymmetry raises serious concerns, the most significant being the erosion of the exercises of individuals' autonomy and self-determination on decision making. The primary cause is that digital services and processes are intentionally designed for enhancing surveillance on individual behavior.
Consequently, the economy of commercial surveillance is continuously fed with personal data. Moreover, individuals are increasingly dependent on digital technologies with no control over their data flow and usage. These processes, services, and data are, seldom, if ever, open to ethical assessment or privacy compliance. However, personal data, collected by organizations, are more valuable for improving people's lives, while consumed by value-added services for individual needs. They can also enable a rebalancing of power as the individual awareness of data collection and processing purposes will be leveraged.
While a paradigm shift for more individual’s privacy protection and empowerment over personal data at the regulatory level are ongoing, the well-established data monetization still prevails in our capitalism surveillance society, brushing aside the privacy and ethical issues threatening the digitalization process of our society. The General Data Protection Regulation (GDPR), while in its infancy and prone to loopholes, has the potential to create regulatory and economic conditions that allow social and democratic value to succeed in this data economy. For now, many of those processes and services being claimed as ‘GDPR compliant’ right now, likely are not. They focus primarily on obtaining individuals' consents for data processing without evaluating the potential harms that some unethical and opaque data analytics may have as consequences.
It is vital to design services and analytics that enable individual privacy protection and self-determination over their data, in such a way that enhances data synergy and empower weaker parties (individuals and small organizations for which it is hard to comply with the GDPR) to access and consume data in a fair and responsible way.
Solutions are also emerging within different domains for alternative ways to build data analytic ecosystems with regards to privacy, fairness, and accountability. Among them are the best approaches for setting up ecosystems which by design enhance privacy, self-determination, as well as transparency over ubiquitous data flow. Furthermore, the emergence of privacy-preserving techniques offers new promise for enabling data analysis while preserving the privacy of sensitive data. There is, nevertheless, the need to enable ethical data analytics, which guarantees the data processing transparency and the purpose's fairness. Individuals will no longer be the mere byproduct of our contemporary environment of pervasive surveillance but will acquire effective control over their data.
The Swiss Data Custodian for ethical and responsible data processing
In this regard, the Swiss Data Science Center (SDSC), which promotes the use of data science and machine learning techniques, is taking one step further toward designing a framework for privacy-preserving data sharing and analysis in multi-stakeholder ecosystems. The project called the Swiss Data Custodian (SDC) is a framework for building a multisided platform that enables non-mutually trusting actors such as individuals, data providers, data consumers, etc., to achieve mutual benefits and gain knowledge from sensitive data sharing and analysis. It encompasses a security-based ecosystem that provides the tools for secure data storage and computation with a particular focus on privacy protection. It also enables trust-based data governance that monitors and maintains compliance with data regulations while enforcing fair and ethical data analysis.
Above all, the SDC is meant to protect individual data rights and to foster the emergence of new economic and societal opportunities for the common good. As many of the organizations are reproducing the data monetization models where individuals are the byproduct, the SDSC promotes a different approach for responding to this societal challenge. We are offering in Switzerland a tool for building ethical and privacy-preserving data analysis ecosystems consistent with our social and democratic values, and that contributes to the enhancement of individual control over their data. With this solution, we will also inform them about the potential risk of data disclosure and data misuse.
The SDC design is based on several overarching principles that prevent monopolistic dominance from any party and enhances data synergy. It provides environments to parties for doing data analytics in a privacy-conscious way while avoiding the GDPR compliance burden. The SDC enforces the inalienability of personal data by providing transparency and auditability of data throughout the data processing lifecycle, from data collection to the delivery of data analytics results. Individuals have full access to their data, which can be processed by integrated value-added services leveraging on the SDC features. Another critical feature of the SDC is the enforcement of ethical data analytics based on data governance models that draw on ethical principles, social norms, and privacy rights.
While challenges are on the path to human data rights, we, the people, have the responsibility to define and make enforceable together what is good for us in a digital world deeply intertwined with the physical one.
- Charter of Fundamental Rights of the European Union OJ C 326, 26.10.2012, p. 391–407 (GA), https://eur-lex.europa.eu/eli/treaty/char_2012/oj.