The Data Trust Deficit [pdf]

From the paper:<p><pre><code> The premise of informed consent is that people will grant permission to organizations to use their data after information about data uses has been provided to them. </code></pre> No! The idea of informed consent is that real consent should not be optional, and you can&#x27;t have real consent if the person being asked for consent is not aware of all of the relevant information.<p>The premise should <i>not</i> be &quot;if we just tell people what we&#x27;re doing, they&#x27;ll let us do it&quot;. That&#x27;s looking at it from a &quot;how do we manipulate people into doing what we want&quot; point of view, not a &quot;we should do what&#x27;s right&quot; point of view.<p>The entire paper comes off to me as having this sort of stance to it, and so I think it&#x27;s also one of the things that reduces trust.

First, reform HIPPA (one of the rare privacy laws that the US actually has) to remove those blanket exceptions that grant governments, large companies, and research institutions the legal ability to abuse medical information without informed consent for every specific use. Remove the loopholes that allow &quot;deidentified&quot; data to not be treated as personal information. And specify that any time consent is asked for, there must be an equally presented option to deny it.<p>Second, adopt a version of EU&#x27;s GDPR, perhaps importing the text wholesale if congress is really unable to keep lobbyists from neutering the idea. Make sure it applies across the board, even to things like the traditional financial surveillance industry (paving over the &quot;Fair&quot; Credit Reporting Act), such that it&#x27;s actually possible for an individual to delete themselves from these surveillance databases. Create a private right of action that superceeds any mandatory arbitration clauses, and empower the relevant regulatory agency so that we fast forward through this currency phase of companies attempting to continue business as usual figuring it will go away.<p>After these basic steps, then we can <i>start</i> to talk about what else it takes for individuals to have trust in centralized systems to not abuse their data.