GDPR: Privacy by force or design?

Everyone has had their email inboxes filled with GDPR-related privacy notices. The systemic failure is multiplying: how to divide it instead?

I know that everyone’s email inbox is absolutely heaving right now with GDPR-related privacy and opt-in notices. Hence I shall keep this sermon brief.

GDPR is an imperfect initiative, bearing some resemblance to Net Neutrality (NN). The underlying desire is a legitimate one: to ensure that the terms a business relationship are clear, consensual and enforceable. The problem with both is in the execution.

Both GDPR and NN impose a one-size-fits-all solution on the world, which in reality is complex and diverse in need. To counterbalance the power of a corporate provider, they constrain their action in ways that may be unhelpful, and even counter-productive.

In the case of GDPR, you are experiencing a flood of requests to give your assent to use of your private data. There is no way you or I can possibly process all of these in a meaningful manner. By imposing a single hard deadline, and an inflexible requirement, the effect is the exact opposite of informed consent.

The fundamental conflict is that neither the corporate world nor the agents of the state will ultimately protect your privacy from being ravaged. You have to take responsibility for your own self-sovereign identity: there is no other long-term option. It means making difficult choices, in the same way I dumped LinkedIn for poor privacy practises.

In the case of GDPR, I suggest that companies who are now retrospectively asking for permission to use your contact details should be denied that opportunity. Send them a signal: their mailing list will collapse in size, because you don’t accept their past bad behaviour. Your identity has been abused, and your continued consent legitimises that past wrongdoing.

To solve this privacy problem properly, we need a paradigm change. GDPR attempts to solve identity management by force, and it’s a very blunt instrument. Instead, we need a design-centric model, one that starts with the needs of the citizen and consumer; those of the corporation are secondary.

In order for us each to get a “lawyerbot” guardian avatar to manage our privacy, we first have to want one. That means becoming aware of the present (failed) corporate identity harvesting paradigm, so that we may reject and transcend it. You own your sovereign identity — both physical and virtual — so take control: act more like a landlord, and less like a powerless tenant serf.

For the latest fresh thinking on telecommunications, please sign up for the free Geddes newsletter.