We present a solution to data ownership in the surveillance age in the form of an ethically sustainable framework for managing personal and person-derived data. This framework is based on the concept of Datenherrschaft – mastery over data that all natural persons should have on data they themselves produce or is derived thereof. We give numerous examples and tie cases to robust ethical analysis, and also discuss technological dimensions.
A.Acar, H.Aksu, A.S.Uluagac and M.Conti, A survey on homomorphic encryption schemes: Theory and implementation, ACM Comput. Surv.51(4) (2018). doi:10.1145/3214303.
2.
A.Acquier, T.Daudigeos and J.Pinkse, Promises and paradoxes of the sharing economy: An organizing framework, Technological Forecasting and Social Change125 (2017), 1–10, http://www.sciencedirect.com/science/article/pii/S0040162517309101. doi:10.1016/j.techfore.2017.07.006.
3.
D.Adrian, K.Bhargavan, Z.Durumeric, P.Gaudry, M.Green, J.A.Halderman, N.Heninger, D.Springall, E.Thomé, L.Valentaet al., Imperfect forward secrecy: How Diffie-Hellman fails in practice, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, ACM, 2015, pp. 5–17. doi:10.1145/2810103.2813707.
4.
N.AlFardan, D.J.Bernstein, K.G.Paterson, B.Poettering and J.C.Schuldt, On the security of RC4 in TLS, in: Presented as Part of the 22nd USENIX Security Symposium (USENIX Security 13), 2013, pp. 305–320.
5.
J.S.Baik, Data privacy against innovation or against discrimination?: The case of the California Consumer Privacy Act (CCPA), Telematics and Informatics52 (2020), 101431, https://www.sciencedirect.com/science/article/pii/S0736585320300903. doi:10.1016/j.tele.2020.101431.
6.
P.Bain and P.Taylor, Entrapped by the ‘electronic panopticon’? Worker resistance in the call centre, New technology, work and employment15(1) (2000), 2–18. doi:10.1111/1468-005X.00061.
7.
J.Ball, J.Borger and G.Greenwald, Revealed: How US and UK spy agencies defeat internet privacy and security, The Guardian, 2013, Accessed 30.10.2014, http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security.
8.
Z.Bauman, Globalization: The Human Consequences, Columbia University Press, 1998.
9.
C.J.Bennett, The public surveillance of personal data: A cross-national analysis, Computers, surveillance, and privacy (1996), 237–259.
10.
J.Bentham and M.Bozovic (eds), The Panopticon and Other Prison Writings (Wo Es War), Verso Books, 1995.
11.
H.Berghel, Malice Domestic: The Cambridge Analytica Dystopia, Computer51 (2018), 84–89.
12.
K.Birch, M.Chiappetta and A.Artyushina, The problem of innovation in technoscientific capitalism: Data rentiership and the policy implications of turning personal digital data into a private asset, Policy Studies41(5) (2020), 468–487. doi:10.1080/01442872.2020.1748264.
13.
R.Boyne, Post-panopticism, Economy and Society29(2) (2000), 285–307. doi:10.1080/030851400360505.
14.
R.Bull and E.Gibson-Robinson, The influences of eye-gaze, style of dress, and locality on the amounts of money donated to a charity, Human Relations34(10) (1981), 895–905. doi:10.1177/001872678103401005.
15.
T.C.Burnham and B.Hare, Engineering human cooperation, Human Nature18(2) (2007), 88–108. doi:10.1007/s12110-007-9012-2.
16.
L.Cao, Data science: A comprehensive overview, ACM Computing Surveys (CSUR)50(3) (2017), 43.
17.
A.Case and G.G.Richard, Memory forensics: The path forward, Digital Investigation20 (2017), 23–33, Special Issue on Volatile Memory Analysis. doi:10.1016/j.diin.2016.12.004.
18.
W.Christl and S.Spiekermann, Networks of control. A report on corporate surveillance, digital tracking, big data & privacy, facultas, 2016.
19.
R.Clarke, Information technology and dataveillance, Commun. ACM31(5) (1988), 498–512. doi:10.1145/42411.42413.
20.
EU Commission, Building a European data economy, European Commission (2019), https://ec.europa.eu/digital-single-market/en/policies/building-european-data-economy.
21.
N.Couldry and U.A.Mejias, Data colonialism: Rethinking big data’s relation to the contemporary subject, Television & New Media20(4) (2019), 336–349. doi:10.1177/1527476418796632.
22.
T.H.Davenport, R.G.Eccles and L.Prusak, Information politics, The strategic management of intellectual capital (1998), 101–120. doi:10.1016/B978-0-7506-9850-4.50010-5.
23.
P.De Hert, V.Papakonstantinou, G.Malgieri and L.Beslay, The right to data portability in the GDPR: Towards user-centric interoperability of digital services, Computer Law and Security Review34 (2018).
24.
A.De Mauro, M.Greco and M.Grimaldi, A formal definition of big data based on its essential features, Library Review65 (2016), 122–135. doi:10.1108/LR-06-2015-0061.
25.
Y.-A.de Montjoye, L.Radaelli, V.K.Singh and A.Pentland, Unique in the shopping mall: On the reidentifiability of credit card metadata, Science347(6221) (2015), 536–539, https://science.sciencemag.org/content/347/6221/536. doi:10.1126/science.1256297.
26.
W.Diffie and M.Hellman, New directions in cryptography, IEEE transactions on Information Theory22(6) (1976), 644–654. doi:10.1109/TIT.1976.1055638.
27.
M.Ernest-Jones, D.Nettle and M.Bateson, Effects of eye images on everyday cooperative behavior: A field experiment, Evolution and Human Behavior32(3) (2011), 172–178. doi:10.1016/j.evolhumbehav.2010.10.006.
28.
European data protection supervisor, ePrivacy Directive, 2019, https://edps.europa.eu/data-protection/our-work/subjects/eprivacy-directive_en.
29.
M.Foucault, Disclipine and Punish: The Birth of the Prison, Random House LLC, 1977.
30.
B.Galna, G.Barry, D.Jackson, D.Mhiripiri, P.Olivier and L.Rochester, Accuracy of the Microsoft kinect sensor for measuring movement in people with Parkinson’s disease, Gait & Posture39(4) (2014), 1062–1068, http://www.sciencedirect.com/science/article/pii/S0966636214000241. doi:10.1016/j.gaitpost.2014.01.008.
31.
O.H.Gandy, The surveillance society: Information technology and bureaucratic social control, Journal of Communication39(3) (1989), 61–76. doi:10.1111/j.1460-2466.1989.tb01040.x.
32.
N.Gilens, The NSA has not been here: Warrant Canaries as tools for transparency in the wake of the snowden disclosures, Harv. JL & Tech.28 (2014), 525.
33.
M.Goddard, The EU general data protection regulation (GDPR): European regulation that has a global impact, International Journal of Market Research59(6) (2017), 703–705. doi:10.2501/IJMR-2017-050.
34.
S.Greengard, Weighing the impact of GDPR, Communications of the ACM61(11) (2018), 16–18. doi:10.1145/3276744.
35.
W.A.Günther, M.H.R.Mehrizi, M.Huysman and F.Feldberg, Debating big data: A literature review on realizing value from big data, The Journal of Strategic Information Systems26(3) (2017), 191–209, http://www.sciencedirect.com/science/article/pii/S0963868717302615. doi:10.1016/j.jsis.2017.07.003.
36.
K.D.Haggerty, Tear down the walls: On demolisihing the Panopticon, in: Theorizing Surveillance. The Panopticon and Beyond, D.Lyon, ed., Routledge, 2007, pp. 23–45, Chapter 2.
37.
K.D.Haggerty and R.V.Ericson, The surveillant assemblage, The British journal of sociology51(4) (2000), 605–622. doi:10.1080/00071310020015280.
38.
A.Hakkala, On Security and Privacy for Networked Information Society – Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes, PhD thesis, University of Turku, 2017.
39.
A.Hakkala, O.I.Heimo, S.Hyrynsalmi and K.K.Kimppa, Security, privacy’; drop table users; – and forced trust in the information age?, ACM SIGCAS Computers and Society47(4) (2018), 68–80. doi:10.1145/3243141.3243150.
40.
K.J.Haley and D.M.T.Fessler, Nobody’s watching?: Subtle cues affect generosity in an anonymous economic game, Evolution and Human behavior26(3) (2005), 245–256. doi:10.1016/j.evolhumbehav.2005.01.002.
41.
L.Hempel and E.Töpfer, CCTV in Europe, Urbaneye project final report15 (2004).
42.
M.Hildebrandt, Profile transparency by design? Re-enabling double contingency, in: Privacy, due process and the computational turn: The philosophy of law meets the philosophy of technology, M.Hildebrandt and K.de Vries, eds., Routledge, 2013.
43.
V.Ho, Facebook’s privacy problems: A roundup, The Guardian, 14.12.2018, https://www.theguardian.com/technology/2018/dec/14/facebook-privacy-problems-roundup.
44.
JP 3-0 Joint Operations, US Joint Chiefs of Staff, 2018.
45.
V.Kainu and J.Koskinen, Between public and personal information-not prohibited, therefore permitted? in: Privacy and Surveillance-Current Aspects and Future Perspectives, 2012, pp. 45–59.
46.
B.Kaplan, How should health data be used?: Privacy, secondary use, and big data sales, Cambridge Quarterly of Healthcare Ethics25(2) (2016), 312–329. doi:10.1017/S0963180115000614.
47.
J.Koskinen, Datenherrschaft – An Ethically Justified Solution to the Problem of Ownership of Patient Information, PhD thesis, Turku School of Economics; University of Turku, 2016.
48.
J.Koskinen, The concept of Datenherrschaft of patient information from a Heideggerian perspective, Journal of Information, Communication and Ethics in Society17(3) (2019), 336–353. doi:10.1108/JICES-04-2018-0031.
49.
J.Koskinen, O.I.Heimo and K.K.Kimppa, Rawls’ view in context of Datenherrschaft over personal patient information, in: Proceedings of 10th International Conference on Computer Ethics–Philosophical Enquiry: Ambiguous Technologies: Philosophical Issues, Practical Solutions, Human Nature, Lisbon, Portugal, 2014, pp. 184–194.
50.
J.Koskinen, V.M.A.Kainu and K.K.Kimppa, The concept of Datenherrschaft of patient information from a Lockean perspective, Journal of Information, Communication and Ethics in Society14(1) (2016), 70–86. doi:10.1108/JICES-06-2014-0029.
51.
J.Koskinen and K.K.Kimppa, An unclear question: Who owns patient information? in: Technology and Intimacy: Choice or Coercion, Springer, 2016, pp. 3–13. doi:10.1007/978-3-319-44805-3_1.
52.
J.Koskinen, S.Knaapi-Junnila and M.M.Rantanen, What if we had fair, people-centred data economy ecosystems? in: 2019 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), 2019, pp. 329–334. doi:10.1109/SmartWorld-UIC-ATC-SCALCOM-IOP-SCI.2019.00100.
53.
R.Kurzban, The social psychophysics of cooperation: Nonverbal communication in a public goods game, Journal of Nonverbal Behavior25(4) (2001), 241–259. doi:10.1023/A:1012563421824.
54.
S.Lee, Y.Shin and J.Hur, Return of version downgrade attack in the era of TLS 1.3, in: Proceedings of the 16th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT ’20, Association for Computing Machinery, New York, NY, USA, 2020, pp. 157–168. ISBN 9781450379489. doi:10.1145/3386367.3431310.
55.
T.Lehtiniemi and J.Haapoja, Data agency at stake: MyData activism and alternative frames of equal participation, New Media & Society22(1) (2020), 87–104. doi:10.1177/1461444819861955.
56.
L.Levinson, Secrets, lies and Snowden’s email: Why I was forced to shut down Lavabit, The Guardian (30.03.2014), https://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email.
57.
J.Locke, Two Treaties of Government, 1690, Digitized by Gowan D. (2005) as “The Project Gutenberg EBook of Second Treatise of Government, by John Locke”, available at: http://www.gutenberg.org/files/7370/7370-h/7370-h.htm (accessed 7.10.2018).
58.
D.Lyon, An electronic panopticon? A sociological critique of surveillance theory, The Sociological Review41(4) (1993), 653–678. doi:10.1111/j.1467-954X.1993.tb00896.x.
59.
D.Lyon, Everyday surveillance: Personal data and social classifications, Information, Communication & Society5(2) (2002), 242–257. doi:10.1080/13691180210130806.
60.
D.Lyon, Surveillance, snowden, and big data: Capacities, consequences, critique, Big Data & Society1(2) (2014), 2053951714541861.
61.
D.Lyon, Surveillance After Snowden, John Wiley & Sons, 2015.
62.
J.Mayer and P.Mutchler, MetaPhone: The sensitivity of telephone metadata, Web Policy, 2014, http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/.
63.
J.S.Mill, On Liberty, Longman, Roberts & Green, London, 1869.
64.
B.Möller, T.Duong and K.Kotowicz, 2014, This POODLE bites: Exploiting the SSL 3.0 fallback.
65.
N.Moore, The information society, 1997, pp. 271–284, World information report 98.
66.
A.Narayanan and V.Shmatikov, Robust De-anonymization of Large Sparse Datasets, in: 2008 IEEE Symposium on Security and Privacy (sp 2008), IEEE, 2008, pp. 111–125.
67.
D.Nettle, Z.Harper, A.Kidson, R.Stone, I.S.Penton-Voak and M.Bateson, The watching eyes effect in the Dictator Game: It’s not how much you give, it’s being seen to give something, Evolution and Human Behavior34(1) (2013), 35–40. doi:10.1016/j.evolhumbehav.2012.08.004.
68.
D.E.O’Leary, Artificial intelligence and big data, IEEE Intelligent Systems28(2) (2013), 96–99. doi:10.1109/MIS.2013.39.
69.
D.Perez-Botero, J.Szefer and R.B.Lee, Characterizing hypervisor vulnerabilities in cloud computing servers, in: Proceedings of the 2013 International Workshop on Security in Cloud Computing, Cloud Computing ’13, Association for Computing Machinery, New York, NY, USA, 2013, pp. 3–10. ISBN 9781450320672.
70.
A.M.Pettigrew, Information control as a power resource, Sociology6(2) (1972), 187–204. doi:10.1177/003803857200600202.
71.
A.Poikola, K.Kuikkaniemi and H.Honko, Mydata a nordic model for human-centered personal data management and processing, 2015, http://urn.fi/URN:ISBN:978-952-243-455-5.
72.
C.Posey, U.Raja, R.E.Crossler and A.Burns, Taking stock of organisations’ protection of privacy: Categorising and assessing threats to personally identifiable information in the USA, European Journal of Information Systems26(6) (2017), 585–604. doi:10.1057/s41303-017-0065-y.
73.
N.Rakotondravony, B.Taubmann, W.Mandarawi, E.Weishäupl, P.Xu, B.Kolosnjaji, M.Protsenko, H.De Meer and H.P.Reiser, Classifying malware attacks in IaaS cloud environments, Journal of Cloud Computing6(1) (2017), 1–12. doi:10.1504/IJCC.2017.083901.
74.
J.Rawls, A Theory of Justice, Harvard University Press, 2009.
75.
T.C.Redman, The impact of poor data quality on the typical enterprise, Communications of the ACM41(2) (1998), 79–82. doi:10.1145/269012.269025.
76.
EURegulation, 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46, Official Journal of the European Union (OJ)59 (2016), 1–88.
77.
E.Ronen, R.Gillham, D.Genkin, A.Shamir, D.Wong and Y.Yarom, The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations, in: 2019 IEEE Symposium on Security and Privacy (SP), IEEE, 2019, pp. 435–452. doi:10.1109/SP.2019.00062.
78.
J.B.Rule, Privacy in Peril: How We Are Sacrificing a Fundamental Right in Exchange for Security and Convenience, Oxford University Press, 2007.
79.
J.Sadowski, When data is capital: Datafication, accumulation, and extraction, Big Data & Society6(1) (2019), 2053951718820549. doi:10.1177/2053951718820549.
80.
F.Schauer, Fear, risk and the first amendment: Unraveling the chilling effect, BUL Rev.58 (1978), 685.
81.
B.Schneier, Data and Goliath, W. W. Norton & Co., New York, United States of America, 2015.
82.
B.Schneier, The Eternal Value of Privacy, Scheneier on security (blog), 18.05.2006, https://www.schneier.com/essays/archives/2006/05/the_eternal_value_of.html.
83.
B.Schneier, Metadata Equals Surveillance, Scheneier on security (blog), (23.09.2013), https://www.schneier.com/blog/archives/2013/09/metadata_equals.html.
84.
P.M.Schwartz, Global data privacy: The EU way, New York University Law Review94 (2019), 771–8181.
85.
J.Scott and G.Marshall, A Dictionary of Sociology, Oxford University Press, USA, 2009.
86.
D.J.Solove, “I’ve got nothing to hide” and other misunderstandings of privacy, San Diego law review44 (2007), 745–772.
87.
T.Spangler, Facebook Under Fire: How Privacy Crisis Could Change Big Data Forever, Variety.com, 2018, https://variety.com/2018/digital/features/facebook-privacy-crisis-big-data-mark-zuckerberg-1202741394/.
88.
A.Sparks and P.Barclay, Eye images increase generosity, but not for long: The limited effect of a false cue, Evolution and Human Behavior34(5) (2013), 317–322. doi:10.1016/j.evolhumbehav.2013.05.001.
89.
E.Stoycheff, Under surveillance: Examining Facebook’s spiral of silence effects in the wake of NSA Internet monitoring, Journalism & Mass Communication Quarterly93 (2016), 1–16. doi:10.1177/1077699016630255.
90.
P.A.Strassmann, The Politics of Information Management, The Information Economics Press, 1994.
91.
Surveillance, Dictionary.com, Random House, 2019., https://www.dictionary.com/browse/surveillance.
92.
L.Sweeney, Simple demographics often identify people uniquely, Health (San Francisco)671 (2000), 1–34.
93.
J.Tala, Lakien Laadinta Ja Vaikutukset, Edita, 2005.
94.
Z.Tari, Security and privacy in cloud computing, IEEE Cloud Computing1(1) (2014), 54–57. doi:10.1109/MCC.2014.20.
95.
L.Taylor, What is data justice? The case for connecting digital rights and freedoms globally, Big Data & Society4(2) (2017), 2053951717736335. doi:10.1177/2053951717736335.
96.
L.Trakman, R.Walters and B.Zeller, Is privacy and personal data set to become the new intellectual property?, IIC-International Review of Intellectual Property and Competition Law50(8) (2019), 937–970. doi:10.1007/s40319-019-00859-0.
97.
F.Webster, Theories of the Information Society, 3rd edn, Routledge, New York, United States of America, 2006.
L.Xia, C.-C.Chen and J.K.Aggarwal, Human detection using depth information by kinect, in: Computer Vision and Pattern Recognition Workshops (CVPRW), 2011, IEEE Computer Society Conference on, IEEE, 2011, pp. 15–22.
100.
H.Xu, T.Dinev, H.J.Smith and P.Hart, Examining the formation of individual’s privacy concerns: Toward an integrative view, in: ICIS 2008 Proceedings, 2008, p. 6.
101.
X.Xu, R.W.McGorry, L.-S.Chou, J.-H.Lin and C.-C.Chang, Accuracy of the Microsoft kinect for measuring gait parameters during treadmill walking, Gait & posture42(2) (2015), 145–151. doi:10.1016/j.gaitpost.2015.05.002.
102.
S.Yin and O.Kaynak, Big data for modern industry: Challenges and trends [point of view], Proceedings of the IEEE103(2) (2015), 143–146. doi:10.1109/JPROC.2015.2388958.
103.
G.Zappalà, Killing by metadata: Europe and the surveillance–targeted killing nexus, Global Affairs (2015). doi:10.1080/23340460.2015.1080035.
104.
S.Zuboff, Inthe Age of the Smart Machine: The Future of Work and Power, Basic Books, 1988.
105.
S.Zuboff, Big other: Surveillance capitalism and the prospects of an information civilization, Journal of Information Technology30(1) (2015), 75–89. doi:10.1057/jit.2015.5.
