I think there's a lot of room for a faceted identity model in which the user is in control of what attributes get shared.
Think about shopping at Amazon where they get a payment authorization from your bank and a shipment authorization from your shipper and never know your name, your bank account number or even your home address. It's technically very doable...the problem is that there isn't much incentive for Amazon to let go of all of that metadata.
> the problem is that there isn't much incentive for Amazon to let go of all of that metadata
I think there's some ideas going around that might work here.
Make companies responsible for securing that data, and make it _expensive_ if/when they get breached. Make storage of personal data "toxic", so companies will _only_ keep it for the minimum amount of time required for whatever use it was gathered (where only companies like FB & Google, and to a lesser extent Amazon would admit to themselves that it was collected for the express purpose of creating a historical record of individually identified PII).
Here (in .au) we have "mandatory breach disclosure laws", which while having fewer teeth that I'd personally prefer, and a reasonably useful "first start", they're quite useful in the context of discussions around "So why are we asking for cusomer's date of birth? Is that something you'd want to explain in a mandatory breach report if our database gets hacked?" and "So what's our retention policy on this data we're collecting? Forever? Really? What's our plan around reporting data breaches, and do you want to ever have to explain why we've got 5 years worth of records breached when we only needed to store that data for 90 days after which most of the details were never needed again?"
I'm _hoping_ sometime soon the GDPR is going to quite publicly go through it's due process, giving some company every chance to become compliant, be continually ignored, and then eventually hit them with an eye-wateringly big existentially threatening fine that the offending company has absolutely no grounds to claim it didn't know about, didn't have several appropriately escalated warnings, and were just blatantly abusing their users personal data without any regard for personal privacy or European Law - and have zero public support for their complaints about the fine.
(Personally and perhaps somewhat pettily, I hope this happens to Uber or Facebook, but pragmatically I'd settle for anything matching that description, to "pour encourager les autres" and for use in meetings and documents when clients or cow orkers suggest doing shady things with other people's personal data...)
> Make companies responsible for securing that data, and make it _expensive_ if/when they get breached. Make storage of personal data "toxic", so companies will _only_ keep it for the minimum amount of time required for whatever use it was gathered (where only companies like FB & Google, and to a lesser extent Amazon would admit to themselves that it was collected for the express purpose of creating a historical record of individually identified PII).
You're assuming they won't just mitigate the risk by spending more on securing the data and then still keep it all and hope their security is enough to avoid getting pwned.
Moreover, many smaller entities won't even bother with trying to secure it and then just hope it doesn't happen to them and declare bankruptcy if it does. Some of which will just have had no idea the liability even existed to begin with because they don't read HN and didn't have the money for lawyers.
The solution to this is better when it comes from the demand side. People should refuse to give this information to these companies; then they won't have it and can't use it for anything nefarious. So the question then is how to convince people of that.
Certainly a good first step would be to eliminate any existing rules that require companies to collect this type of information on people.
> Certainly a good first step would be to eliminate any existing rules that require companies to collect this type of information on people.
Yeah. That's one place we here in .au are fucking ourselves over. As well our mandatory breach reporting laws, we _also_ have mandatory meta-data retention laws. It you're an ISP (which thankfully I'm not), you are _required_ to retail all you user's metadata...
Think about shopping at Amazon where they get a payment authorization from your bank and a shipment authorization from your shipper and never know your name, your bank account number or even your home address. It's technically very doable...the problem is that there isn't much incentive for Amazon to let go of all of that metadata.