Data protection as we have known it for the past 25 years has failed. We have lost control over our personal data. We are of course responsible of this situation. We accept using services that are designed to provide us comfort through processing and reselling our personal data that we fail to value. But when we try to use tools to protect ourselves, like anonymity tools, we are tagged as potential criminals. When we solicit assistance of the public authorities, we are often left in despair. Data protection offices haven’t seen their financial means really evolve while the amount of personal data being produced, recorded and shared has skyrocketed. Regulation itself cannot efficiently protect the interests of individuals. We are facing an industry that mistakenly defined personal data as the “new oil of the 21st century”. Presenting themselves as innovative, governments are promoting the development of a big-data driven industry while participating themselves actively in massive data collection and processing for security reasons. The actual paradigm is comparable to a form of slavery, if we consider that whoever is controlling personal data is able to influence the individuals without them being aware of the manipulation.
Even if we are not registered on a social network, the mere fact that our friends are using one makes it most probably aware of our existence.
Today our digital existence does not depend anymore on our actions alone. While some of the oldest of us were digitally born the day we touched our first computer, our children are born with a digital existence without them being conscious of it. Even if we are not registered on a social network, the mere fact that our friends are using one makes it most probably aware of our existence. Analysis of personal data is so refined that an individual profile can be created without the targeted person having willingly provided any information. It only takes one person to casually share their address book within a social network to trigger the shadow profile creation process. This is not science-fiction anymore. We witness the emergence of generations that have a digital existence before they are actually born. Sharing ultrasound pictures of unborn babies is now a trend. You merely need to mention a pregnancy on a social network for this human being to digitally exist. The medical data generated by a birth and the monitoring of the mother and child is itself impressive. Whether we like it or not, a part of our life is digital. This is why personal data cannot simply be an object that can be owned by someone else. Personal data is part of our individuality, it defines us, tells so much about us. “We” are our personal data and this personal data is “us”.
Previous attempts to take back control of personal data have failed. Defining personal data as an object subject to property laws, as intellectual property subject to copyright law, or even to define them as common good owned by the society instead individuals, all these concepts are hoping to create a tool for the society to gain control of personal data over data-driven companies. But all these concepts are failing to see the human in the data.
Our human rights are built on one overarching right: the “right to life”. This is the most important right. Without it, we cannot benefit of any other right. When this right is present in Human Rights declaration or in Constitutions, it is often followed by the right to respect to physical and mental integrity. It is believed that in order for a human to remain free and autonomous in its actions, it must not fear the society to kill it or harm its integrity in any way. If human beings enjoy a digital existence, we must consider that their right to integrity also expands to the digital dimension. If there is a right to physical integrity and to mental integrity, there must be a right to digital integrity. Exploiting someone’s personal data must be considered a violation of their digital integrity. The simple fact of collecting data could be criminalized.
The consequences of the enforcement of a right to digital integrity are profound. Gathered within the AFAPDP association, the french speaking data protection agencies adopted, on October 18th 2018, a very important resolution on data ownership: personal data are constituting elements of the human person. A human person has inalienable rights over its personal data. This resolution is visionary. The implications are game changing. Personal data is like a part of your body. Personal data cannot be sold.
It should not be the burden of an individual to prove that a mistreatment is indeed a violation of its rights.
The article 10 of our Swiss Constitution already gives us the rights to be respected for our physical and mental integrity. We can add the digital integrity to our Constitution. When added, the right will impose itself to our institutions. It will be given to all individuals, even those unaware of their digital-self. Our institutions will be compelled to treat all with respect their integrity, is it physical, mental or digital. It should not be the burden of an individual to prove that a mistreatment is indeed a violation of its rights.
The existing laws, like GDPR, are complementary. They provide detailed tools and subsequent rights that can be used to enforce the right to the digital integrity. However, the GDPR is incompatible to this right in its article 2 relating to the material scope. Article 2 excludes public institutions to be subject to the GDPR when the data processing is related very loosely to a security related matter. A right to digital integrity cannot allow such large exception.
For Mikuláš Peksa, Member of the European Parliament, the “New Iron Curtain” will divide the world between countries embracing surveillance capitalism and those embracing digital self-determination. True to our humanist traditions, respecting all our own physical, mental and digital integrity, our society can become a strong digital free society with educated individuals autonomous in their choices. Our society should develop and adopt privacy friendly tools and protocols for its interactions available and usable by all. The digital revolution should benefit humanity as a whole. It should not for a privileged few to benefit most from it.
We are at the dawn of a new era. It is still possible to make the decisions that will make these innovations respect individual rights and autonomy. Recognizing and protecting our right to digital integrity is an important first step to make sure that human beings are not the subject of technology. This is definitely a humanistic battle.