Advancing GDPR with privacy preserving tech
November. 12, 2020 / Solid reorients data to be human-centric, aligning on rights and privileges.
by Davi Ottenheimer, VP of Trust and Digital Ethics
The General Data Protection Regulation (GDPR), as the name implies, provides individuals with a foundation to better protect their own data by formally managing consent. This has been an excellent step towards framing important problems to be solved, providing a wide path and clear incentive for technology innovations. It also begs the question of what should emerge as optimally usable technology to address growing global privacy concerns.
At the same time as the push for better privacy protection there has been more pressure than ever to increase knowledge and insights from analysis of gathered big data. Thus, while honoring the human right to privacy, technology will continue to be expected to deliver data-driven breakthroughs in science that improve the human condition.
Inrupt believes the W3C work on the Solid specification is the best opportunity for technology to both enhance privacy in a human-centric model and also to maintain usability for knowledge through consent and control features for one's own data. Putting your data into a Solid Pod means that by design you get the best of all worlds; you are personally and directly able to manage who and what can see your data and when, at global scale. This exceeds the spirit of GDPR.
In the past we all witnessed the trend to move our data into the largest platforms and let them define and design privacy best practices. This was argued by some as a market-driven safety measure as platform size was believed to represent privacy resources available and responsibility. However it was erroneously assumed those seeking to centralize information could be trusted with data custody and not do obvious wrongs.
Perhaps this period could be described like putting cash in a big bank, where you trust the vault has been built right and trust the staff would protect your assets. This trust model clearly turned out to be misplaced in a world of personal data and platforms. The largest platforms were unsafe, turning into the biggest breaches and also failing to address insider-based violations of privacy. It became a crisis of “centricity”, which is to say all our data being taken and stored by vertically integrated application platforms (e.g. Uber, Facebook, Google) made it more at risk because we lost our choice.
When we saw our data being centered around wrong values, what choice did we have? Under the past models we were locked-in by the platforms, all of them trying to become the center of our lives rather than the other way around. Both privacy and knowledge were lost, or in security terms we witnessed a serious decline in data confidentiality and integrity on large platforms. Solid changes this trend by reorienting data to be human-centric, aligning on rights and privileges. Using Solid for data means flipping control back such that privacy and knowledge both can be gained.
While GDPR has pushed for solutions that honor an individual right to control their own destiny by managing consent to their data, Inrupt's Enterprise Solid Server is now poised to deliver on this and even more. Because the Solid architecture means applications and directories are decoupled from data storage, a whole new market emerges for applications that can serve our best interests, based on our data and consent preferences where we maintain control.