So, here we are with my pet topic – The proposed EU Data Directive. Its ultimate goal is to protect the privacy of the EU citizen. One of the proposed changes is the ‘right to be forgotten’ so that an individual can request for their data to be deleted. If this change goes through, it will present several challenges to all organizations that collect, process and keep citizen information which is pretty much every single organization in the EU. A happy medium would be where individuals can trust the organizations to use their data for the purposes they have consented to and provide proof that their data has been deleted when requested. Encryption may be the answer here.
Encryption and key management have come a long way since they were first used and are becoming much more powerful, easier and cost effective to set up and use. So, imagine if you as an individual could actually keep your information encrypted with your own key. Organizations could encrypt data based on a different key for each user and either provide the encryption key or allow users to use their own keys. When a user wants ‘to be forgotten’ they could simply withdraw or delete the key. Of course, the encryption will have to be built into the systems as part of the privacy by design objective, but it would provide the user with confidence that their data has been deleted and removes some of the burden from organizations.
Taking this a step further, what if we had portable global identities that we could take with us anywhere we went. For example, when you move to a different country you could take all your data with you – eliminating the need to set up new banking, healthcare, employment history, etc. A friend of mine recently moved to the US and had difficulty getting a credit rating to rent an apartment, buy a car or even set up a bank account because she had no credit history in the US – creating portable identities could alleviate problems like this
I look forward to a day when I can keep me with me but until then be careful with your data…