PARIS — On the Internet we accumulate, whether we want it or not, a multitude of information: date of birth, name, pseudonyms, but also our address, our taste in movies, our CV, location of our last vacation ... to cite just a sampling. The data coming from us stems from informed consent but is often based on information asymmetry. Our personal data has become the basis of an economic model of the digital age: the promise of an audience that is both qualitative and quantitative is enticing, especially to advertisers.
Some digital companies have been able to violate the rights of citizens, indulging in the realization of a generalized electronic surveillance of the population, tracing and filing away information for commercial or sometimes even political purposes. In China, the state now subjects citizens to a social credit system which identifies and classifies tens of millions of individuals using more than 170 million cameras.
On May 25, 2018, the General Data Protection Regulation (GDPR) was implemented in all 27 states of the European Union. This is significant progress since we know that the French are worried: 70% think that the confidentiality of their personal data is not properly ensured on the Internet; 47% even believe the U.S.-based Big Tech companies, like Google, Amazon and Facebook, have more power than the EU itself.
This exposes the poorest citizens to having less privacy.
Arguments against the current Internet model, which makes profit from our personal data, have already been raised. Some demand for a "right of ownership" of our personal data, which would allow us a choice between selling or keeping it. In France, this right does not exist! The GDPR and the law for a digital republic are clear: Personal data answers to personality rights (right of publicity) unique to each individual. The use of one's data, under this approach, is meant to be fully revocable. But recent scandals such as Cambridge Analytica and FaceApp highlight the difficulty of trying to abide by this guarantee.
You don't have to sell your data — Photo: Markus Spiske
French start-up Tadata promises royalties to young people in exchange for their data in a similar fashion as certain states or large digital companies. It is up to France's National Commission for Data Processing and Rights (CNIL) to assess compliance with this approach, but one ethical problem has already materialized: Other companies have built their models around the idea of charging money to guarantee the protection of our data. In both cases, this exposes the poorest citizens to having less privacy. In one case, they would not have the means to protect their personal data; in the other, it makes them extremely vulnerable to exploitation from companies in hopes of hypothetical financial gain.
Preventing our personal data from being sold guarantees the preservation of its integrity.
In the eyes of French law, one's body cannot be considered like an object. French law protects human dignity, thus prohibiting the sale of organs and preventing misery from driving some of society's most vulnerable people to mutilate themselves for money. The Court of Cassation regularly highlights their policy on "the human body being inviolable," and the possible legal ramification of seven years imprisonment and 100,000 euro fine for selling organs.
Therefore, we can assume there shall be no more regulation of our personal data than that which exists for our body, seeing as the consequences of ceding them are still too weighty and instrumental in widening the inequalities of the digital world. As with organs, preventing our personal data from being sold guarantees the preservation of its integrity, regardless of personal assets and income level.
*Nicolas Chagny is president of the NGO Internet Society France.
See more from Opinion / Analysis here