Hence, knowledge about people is power over people.
Since we humans used to live in societies rather than alone and in isolation, we have to cede parts of our decision-sovereignty to the community. When living in a representative democracy, citizens delegate this part to elected representatives, who in turn form the governmental bodies.
This insight is neither new nor innovative. The right balance between a sufficiently empowered state and an inappropriate loss of sovereignty however is difficult to achieve. Traditionally a shift in one direction or the other direction is common and inevitable.
Although this task turns out to be challenging enough, not always resulting in the optimal solution to this conflict, the currently available information and communications technology adds yet another component to it. And here we even cannot draw from tradition.
Although innovative minority groups, such as European pirate parties, regarding themselves as the vanguard of an emerging political movement, addressed this issue several years ago and thus for a short period gained some public attention. Only recently the realization has become mainstream that our informational self-determination is at risk if not even already compromised. In the end it was triggered by the far-reaching revelations of secret practices by the US whistleblower and ex-NSA employee Ed Snowden.
The shock struck us hard. It raised the attention of a major part of many nations' societies and caused a lot of indignation. A lasting learning effect however, which would result in consequences to our political philosophy, could not be observed. Apparently, it is not an easy task to complement our basic understanding of self-determined life in the light of the new technical opportunities.
It is common understanding that the basic conditions for a civilised human life include the concept of privacy. We all need some room we call privacy, in which we are "amongst ourselves" where we can freely operate without having to ask someone's permission. By default the outside world should not have any insight here. At least we want to retain control to decide for ourselves who should know what.
The medieval law that "breathing city air for a year and a day” made you a free man was the lure that made whole generations migrate into the cities. And not only were they fleeing the feudal structures in the countryside. The promises of anonymity too directly translated into personal freedom. In the villages everyone knew (almost) everything about (almost) everyone. A foreigner was immediately recognized and met with suspicion. In the cities however, by default, everyone was a stranger. To encounter a familiar face, rather was the exception.
This precious anonymity from the outset was in conflict with governmental obligations. Some compromise had be found, a deal to be closed. In former periods too this deal was not always respected by the parties. The sovereign sniffed on his citizens, the citizens cheated their sovereign. It is not much of a surprise therefore that nowadays secret services, as well as parliamentary supervised institutions succumbed to the temptation to harness the new possibilities of global communication by grabbing all available information. Most puzzling however is that long after its unveiling the public already stands scared stiff.
The need for privacy varies greatly from individual to individual; even more so than the desire for physical freedom or the freedom of speech. On the one hand there are people who hide from the public, almost paranoid of any publicity. Others enjoy living their life publicly – thereby spreading all of their personal information.
As mentioned before, the issue is about setting minimum standards. Even if that should ever be achieved, it will not suit everyone.
Imagine we would, e.g. represented by the United Nations, like to let the world know about our demand for privacy, how then would this look?
As the most fundamental principle we would request that each person owns all personal information. Only he or she can authorize the use of this information by third parties.
Many services in a modern society however cannot be provided to anonymous customers. They require knowledge of some attributes of this person.
Again, we should say that in principle only the person may authorise the use of this data - bound and restricted to this particular service. Here, for the purpose of feasibility and efficiency this consent may well be given implicitly by using the service.
As a rule, the minimum principle applies here too: Only that information may be collected, used and stored, which is necessary for the provision of the specific service. And it may be kept only as long as this necessity lasts.
Any disclosure or sale to and use of by third parties – whether it be commercially or not - for purposes other than those authorized, is hereby excluded.
According to this philosophy these principles apply universally, thus to operators of search engines, social networks or other collaboration platforms as well.
Also these principles should apply to information that has been previously published by the person, however they may be spread across places and times.
The collection and collation of their data allows the generation of information, and in turn knowledge about a particular person. These aggregations and the resulting analysis of any subsequent analysis thus are also subject to the personal data sovereignty.
In order to exercise the right of ownership on information about oneself, another rule is required: a right to information. Contractors, who keep information about a person, in order to provide services, on request must be able to provide this particular information at any time.
On request this information then has to be deleted. Of course, such demand, issued prematurely, may lead to the termination of a business relationship and ultimately also to claims for damages. These secondary legal consequences, however, are seen as subordinate to the "fundamental right" to personal data sovereignty.
In principle this relationship towards third parties applies to states as well. In this sense they are regarded as ordinary contractors. As such, however, they may claim their freedom of contract and, where appropriate, refuse services (for example, to grant a visa or crossing a border), in case that the person is unwilling to provide sufficient information about themselves.
The relationship towards our own state however has to be viewed differently. To this authority we have collectively transferred the monopoly of power. In order to fulfil its associated obligations, it occasionally needs information about the person concerned that goes beyond the "usual level" even without that persons explicit consent. This may be the case in the course of a judicial investigation or a police action. In order to largely rule out abuse in these cases, this extended access to information requires a judicial authorization in each individual case.
This requirement appears so natural, that it is already fundamental to many legal systems. Here rather, it is imperative to find ways to ensure its practical implementation and to keep all parties' operations transparent.
Concluding, we demand legal systems of all countries of this planet to implement the following principles...
- Ownership - The individual is the owner of her personal data
- Control & Consent - Being the owner, he has control over his personal data. Any use by third parties requires his consent.
- Minimal Disclosure & Constrained Use - In this case only those data may be used, which are necessary to fulfil the intended purpose. The data must be kept only during the designated period.
- Justifiable Parties - Personal data, which has been released to a third party for a specific purpose, may be made available to the necessarily involved parties only.
- Transparency - If personal data about an individual are held by a third party, this individual has the right to request information about the type of information and its use at any time. The means enabling him to do so, and it must be provided to him in a reasonable manner.
- Revocation - The individual may withdraw his consent to keep selected personal data once given to third parties at any time.
- Judicial warrant - If authorities equipped with sovereign rights feel an increased need for personal data, while they are pursuing their obligations with respect to the individual, a court order to allow this access should be required.
We deem it necessary to adopt these principles in respective national laws in order to ensure the civil rights, necessary for a free and enlightened civil society, in the digital space as well.
This seems necessary, as information can be derived from the combination of various personal data which in turn may result in knowledge about a person.
Knowledge however is power.
Hence knowledge about people equals power over people.
Consequently the control of their own personal information belongs into the hands of these very people.