Framing my question:
I think is commonly accepted that the near future will be more and more pervasive. IoT or IoE will be truly a reality.
The approach in the interaction processes between companies and customers will tend to be much more personalized and automated. To this end, recognizing the customer and having information about his profile will be crucial to approach him, in a business context (e.g. in a sales process in a mall). In this context, customers' privacy will emerge as a growing problem to manage, within the legal rights of the customer as a citizen (increased problem when we think in global mobility).
Question: Instead of a model where each customer defines a set of privacy rules for each company; the creation of a single, state-owned database, where citizens can manage their privacy settings; mandatory for all companies, is it a good solution?
Thank you, in advance, for all your valuable comments.
Kind regards,
Carlos
Concentrating information that can be deemed private by a single entity may seem beneficial from a data gathering standpoint. The problem is that once it is consolidated there are no guarantees of misuse, either by authorized entities or unathorized entities.
If the data is distributed among different parties the overall payoff for an attacker is reduced. If the data is consolidated then the incentive to attack increases. It also provide incentives to more sophisticated approaches since the payoff is higher.
Thank you Arturo Geigel
I understand your vision about "payoff for attackers". Still, as a citizen, I already have a set of civil and tax data in state databases. Wouldn't it be a good solution to include privacy data that each citizen can manage centrally and with the assurance that your country will maintain the security of that data (we will have a true IoT world sooner or later)?
What we have today are privacy policies that users often accept in the multiple websites on which they are creating accounts, in a way that is often uninformed and unaware.
I would risk that the overwhelming majority of users no longer even know what they have accepted or how to manage what has been accepted, in terms of privacy. Much less how to manage it ... Thank you for your contribution.
It is a big challenge especially when people don’t know how the technology works and what their rights entail. It is almost safe to say we don’t really have any privacy, we just might not know.
Thank you Olutayo Kadmiel Osunsan I agree that we may not have true privacy. In fact, there is, in what you say, a more philosophical question. We have different generations living with technology. The oldest that values privacy but does not master the technology. Another (the most recent) that was born with technology and that doesn't seem to want to know about privacy (social networks prove this, in my view).
The truth is that we pay for having part of the people who don't master the technology and we pay even more for having a generation that was not educated to know how to manage their privacy. This is the result of an evolution that was too fast. However, the future will be pervasive, ubiquitous with the IoT / IoE. We will have to start including technological (and privacy) disciplines in the formation of young people, since the very start. And it is in this context that I launched my discussion. Should we include our privacy policies in our information as citizens? To accompany us? Cross-cutting to all companies ... and countries?
Thank you for your contribution.
Carlos R. Cunha ,
I think it is a challenge for any government to maintain such security measures. Government salaries are not equivalent to the private sector.Also, it would assume that there are no insider threats within the entity.
Now let me focus on other challenges:
- What incentives does private sector have to unite profiles and make it easier for customers to migrate to other platforms
- Who will dictate the handshake protocol for all applications. Does it force you as a business to upgrade and waste resources every time the protocol is updated? If not, what is the cost of maintaining different versions of the protocol and what side effects can it have when using multiple protocols at the same time for a single use, especially on controls?
- If the centralised account is hacked and it makes the business or customer loose money, who will reimburse the party that lost the money? What is the complexity in restoring an account if the identity is stolen?
- "Instead of a model where each customer defines a set of privacy rules for each company". Who manages this configuration? What if there are collisions in security levels (think accounts with different access rights to other family members)?
Most of these challenges are seen in plugins such as those of Google, LinkedIn but these are optional and its a take it or leave deal. Also, they are only authentication protocols not authorisation protocols.
The centralised repository will hold so much power that it will be a monopoly forcing companies and users to a single option.
Arturo Geigel,
You point some very important issues.
"The centralised repository will hold so much power that it will be a monopoly forcing companies and users to a single option".
Two paths: You can see that repository as a mandatory privacy polices setter. But also if "only" a privacy policies aggregator? Wouldn't it be important, at least to ensure that the security policies that each one (unconsciously) defines on each platform, can appear aggregated in a single platform (of the user as a citizen)? That would allow its management in a centralized way?
Different countries already have mandatory examples of rules that all companies must comply with. See the billing example. In Portugal, each invoice that is issued in the name of a citizen will appear on a citizen's web portal, where the citizen will be able to validate / manage those invoices. Why with privacy policies can't be equal?
Do not forget that the future is made up of reengineering. and that a radically different world will tend to demand an equally different view.
Thank you for your contribution.
- Badges
- Science topic
- Similar topics
- Econ
- Business Economics
- Business