The New Deal on Data
From Alex `Sandy’ Pentland of MIT Media Lab….
Since last spring’s announcement of EU and US regulatory initiatives around personal data, there has been a great deal of background activity between regulators and industry. As might be expected, there has been some change in positions. The EU, with its legal framework based on human rights, has changed from its initial position the least. The US, with its tradition of regulation only when you need it, seems to have moved to a more gradualist position. The exception is the case of personal data relating to children, where the US seems in very good accord with the EU.
Industry seems to be coalescing around an intermediate position. The dominant industry suggestion seems to be that regulators should focus more on data use than collection, with the idea that all personal data be required to include metadata about provenance and use permissions. Such metadata would allow automatic auditing, and would allow applications to go back to users for additional permissions when required.
However such a metadata structure would not, by itself, support auditing and the right to change permissions (including the right to be forgotten or to not to be tracked). There also needs to be a dictionary of who has collected data about you and the ability to use the dictionary entries to check and change permissions by following the chain of provenance. However industry does not want to make it too easy for consumers to opt out, and a central dictionary is a security risk, so the final form of the dictionary architecture is unclear (but several of the big guys are experimenting with our openPDS architecture). Whatever the final dictionary architecture, everyone believes that there will be the need for new services that keep track of your personal data, and helps you manage permissions.