People must know
People must be able to know what data is being generated by devices, the networks and platforms we use, and the infrastructure within which devices become embedded. People should be able to know and ultimately determine the manner of processing.
What we would like to see
Data generated by systems will be under the control of the individual within a framework of legal rights and protections, and minimally generated and even more minimally processed. The individual would be able to gain access and see explanations of all data on devices, in networks, and on platforms.
We want a world where the default of computing is that the individual will be able to prevent data generation in the first place, and then be able to access, process, and delete the data (and request its deletion when it is held by other parties). The exceptions to this are permissible, but subject to tests of being fair and lawful in accordance to consumer and human rights protections. Access to such data is essential, in both raw and meaningful forms, as it is the precondition for verifying, identifying, and challenging any, inaccuracies, misuse and non-compliance, for instance with data protection law.
We would like people to be able to know, and ultimately decide when and how data is being used to understand, judge, and control them and others.
What this will mean
No data about the individual and his/her devices and use of systems should be beyond the reach of the individual. This means that the individual can access, process, and delete data on their devices – and exceptions to this must be justified, be necessary and proportionate. You should be able to see all data generated on your smartphone, or all data created by a smart city about you, and know what that data is, and if you object be able to have it modified and removed. You will then be able to know what data is feeding systems that make decisions about you and others.
Listening and always on devices will limit data collection on device, e.g. recording/processing in buffers only, and provide users with access to all data generated and some controls over the personal data.
Essential reform actions
Industry must ensure our systems and services only generate data that is strictly necessary, and that we have insight into that data and its processing.
Industry and governments must provide people with the means to prevent the collection of usage and pattern data without our knowledge and consent, and provide the means for this data to be collected only when privacy enhancing technologies are being applied and informed consent ascertained or lawful measures in place.