Alice
in Dataland

Version française

Drops of sweat are running down Alice’s forehead. Her legs hurt. She’s out of breath. But there’s no way in hell that young woman is giving up so close to the goal. According to her smart watch, she has already run a full 9.8 kilometers. Only 200 meters to go.

“DING! 10 kilometers in 43 minutes and 55 seconds. New personal best!” declares the synthetic yet familiar voice of her smartphone. The young woman grinds to a halt, grabs her phone, and opens the app synchronized with her smart watch. A golden trophy sparkles on the screen and then disappears, revealing the GPS route of her run of the day and charts indicating elevation and her average speed in the different sectors of the course.

As always after her workout, she spends the fifteen-minute walk back to her Bordeaux apartment analyzing her performance numbers. It’s the first time she’s run it under 44 minutes - and the very thought makes her giddy.

A good shower to “We Are The Champions”, a touch of make-up around her eyes and a car keys search later and she’s on her way to her parents’ house… and to her own birthday party.

The poisoned chalice: “I’m late, I’m late (for a very important date)”

A deep breath in, an even deeper breath out, and it’s another triumph! Alice has successfully blown out the thirty candles dotting her birthday cake in a single breath. Everybody present – her mother, father, sister, and older brother – cheers for the champion of the day before setting on the table a small package the size of a remote control. Alice tears the wrapping paper with one quick yank and opens it to reveal a new watch. “It’s a smart watch like yours. But it’s from a different brand, and this one can measure your heart rate,” her mother details.

What is GDPR?

General Data Protection Regulation, which came into force on 25 May 2018, provides a legal framework for the collection and processing of personal data (name, first name, email, address, GPS location, etc.) within the European Union. Any European or foreign company that wishes to obtain data on Alice or any other European resident must first obtain their active and positive consent, inform them of the use that will be made of their data, and then ensure their protection. Under the GDPR, Alice may thus, at any time, request a copy of its data, require their modification or deletion.

More info

But Alice has already stopped listening. With one hand, she has removed the plastic sleeve protecting the watch. With the other, she has started downloading the app which will synchronize it with her phone. A few tinkers later, the watch turns on and a message pops up on her smartphone screen offering to link the two devices via Bluetooth and to set the time.

But something’s not quite right. “What’s wrong honey?,” her mother asks when she sees her frantically skimming through the user’s guide. “I can’t find how to export my data from my old app to the new one…” she frets. “I had asked the salesman about that,” her mother admits. “He told me that the makers of these two watches had blocked that type of transfer because they’re competitors.”

A news that does not please Alice:

When I change phone providers, I can transfer my phone number seamlessly. When I buy a new phone from a different brand, I can transfer my contact list without a hitch. And when I change banks, I can transfer my money from one to the other. But with my watch, I can’t export my old sports data? It makes no sense.

“He said you could enter your data manually in the app.”

“No way! I’ve been wearing this watch nearly every day for two years now. It would take days.” In total, Alice has traveled 5,000 kilometers with that watch on her wrist. She has recorded her performances running, swimming, cycling, kayaking, and working out at the gym. She has saved her favorite routes and her corresponding times. With this new watch, she’s going to have to start from scratch, as if her personal best from this very morning had never happened, no more than those from previous weeks.

Online profiles: the copy and paste network

A feeling of weariness mixed with disappointment comes over the young woman. It was just the same feeling that had come over her a few days earlier when she had decided to sign up on three new freelancing marketplaces to advertise her services as a graphic designer. Those three separate websites each asked her for the same information without allowing her to export it from one platform to the other. So, three times in a row, she had to enter her first and last name, her email address, her past work experience with the corresponding dates and the names of the relevant businesses, her degrees, her bank details, her company’s registration number, to upload a profile picture, to copy a description…

APIs: the future of portability

APIs are Application Programming Interfaces (APIs) that allow software, sites, or machines to communicate with each other and share data. They allow application developers to retrieve data on behalf of the user to include it in the user experience. Problem: very few companies that process personal data offer users and application developers the ability to retrieve their data via their APIs. "Opening" these APIs would make it possible to automate the transfer of data from one service to another and thus make the GDPR right to portability (art. 20) a simple, transparent and fast technical reality for the user.

More info

And when she has a new piece of information to add, she has to update the three platforms separately. She hasn’t done it for six months, and her online résumés are missing a dozen job experiences that she would like to showcase. “Well I’m in for a full morning of copy and paste!” she thinks to herself as she sits down to her computer. With one hand on her cup of coffee and the other on her mouse, it would take her three hours to update her LinkedIn account and her various profiles. Three hours to enter exactly the same information three times over. “What a productive half of my day!” she thinks sarcastically as she wraps up this tedious chore.

Alice noticed several new freelancing marketplaces she’s interested in these last days. Some have a nicer layout, others are better designed. But when she saw that it still wasn’t possible to export her data from one service to the other, the graphic designer ended up not completing their entry forms. The thought of having to fill in again and again information she has already entered elsewhere deterred her.

David the entrepreneur versus Goliath the monopoly

“If it’s to spend even more time copying and pasting, thanks but no thanks,” she remarks to her friend Bob after telling him about her quite unproductive day of work. As they often do on Friday nights, Bob and Alice are catching up with a drink at the Hopper, a lovely bar-restaurant. “My day hasn’t been much better than yours”, Bob admits after taking a sip from his beer.

This “serial entrepreneur”, as he likes to describe himself, has just launched “YumAdvisor”, a service that will “revolutionize” the way we look for and book a good table. “Our users can enter their favorite foods, rate and filter restaurants based on a ton of different markers, see the menus directly in the app, and book online,” he explains. “The layout is super simple, but super effective!”

But there’s one problem: after several weeks spent showcasing his app to the best-rated restaurants in the city, very few restaurant owners have signed up on YumAdvisor.

And I get it! They’ve already taken steps to be listed on dozens of websites. Some of them have garnered hundreds of good comments and equally good ratings there, and some platforms block us from retrieving those and transferring them onto our own service. Can you believe that these data are the restaurants’, but that it’s the platforms that decide what data they’re allowed to automatically transfer over to us? Even though our app’s better, it’s tough to convince restaurant owners to start from scratch and lose their painfully earned reputation. I’ve got a friend who’s trying to launch an apartment rental business. He’s got the same problem. Without free access to the data from Airbnb or Booking, he’s having a hard time recruiting the SuperHosts or the best-rated guests… When we’re starting a business, we start with a huge disadvantage!

Painting by Edward Hopper NightHawks reproduced in the game Second Life

Without data to enrich his application, Bob has a hard time convincing restaurant owners and clients to join YumAdvisor. © ArtBox / Flickr

The War of the Buttons

Social-logins: more buttons, fewer forms

"Connect with Facebook / Twitter / Amazon"… These buttons are "social logins" that allow a user to authenticate to a service using the login information of another service. Today, anyone with a Google or Apple account can quickly create an account on The New York Times website in one click without having to re-enter their first name, last name, email, or invent an umpteenth password. To work, these social logins use OAuth, an open standard that allows a site or application to authorize a service's API on behalf of a user.

More info

“I see,” Alice agrees. “I had the same problem with To-Do List apps.” Forever unsatisfied, the graphic designer tries out a new one every six months or so, and each switch forces her to leave behind her task history on the old app and to rewrite by hand her active ones. “But look, I’ve just found one that allows you to export your data from loads of different services,” she explains as she points to a dozen of “export data from” buttons on her screen. “I tapped the name of the service I used before, logged in, and in a few seconds all my tasks appeared in my new app!”

Bob grabs the phone and goes through the names of the supported services: “Hmm… It’s still far from perfect. It doesn’t work with the app I’m using at the moment for example.”

“It’s infuriating,” she groans. “Your data does exist. It’s out there on a server somewhere, and it’d be of much more use to you in this new app. You see, that’s what I don’t understand: how is it possible that I can deposit my money anywhere I want, I can spend it however I choose, but I can’t do the same with my data?”

A gift is a gift, but GDPR is a blessing

Even more so that, while the young woman knows the exact amounts deposited on her bank accounts, she still doesn’t know how much of her data has been stored, by whom, or on which servers.

Cambridge Analytica data scandal

87 million: this is the number of Facebook users whose data was retrieved without their direct consent by the British company Cambridge Analytica, which used it to psychologically profile individuals and sold it to parties and politicians to enable them to influence voting intentions during polls. This information would have been used in 2016 by the campaign teams of White House candidate Donald Trump and by some of the pro-Brexit elites in the United Kingdom.

More info

She recently became aware of this lack of knowledge through Oxford Analytica, a new scandal involving the theft of hundreds of millions of pieces of personal data on several social networks by the eponymous company. “Who in the world has data on me? What type of data? And what do they use it for?” she then asks herself, and vows to get an answer somehow.

Grandmagate

For years, Facebook has been pushing its users to import or sync contacts from their address book to their smartphone on the social network. As a result, the multinational company keeps on its servers the email address and phone number of Alice's grandmother as well as many other people who have never created an account on the platform, allowing access to all contacts on the phone with a single click.

More info

Her first target – the most obvious one – is Facebook. After a few minutes fumbling around in the social network’s settings, Alice finds the “Download a copy of your Facebook data” feature. One click and two hours’ wait later, she receives a 2GB-large file containing 12 years’ worth of posts, comments, friend requests, photos, videos, phone numbers saved in a phonebook that at one point had been synchronized with the social network (including Grandma Margaret’s number, even though she never even had a Facebook account), names of ex-boyfriends grouped in a “Previous relationships” category, names of pages she had liked, of groups she had joined… In short, there was all the data collected on her life by this multinational corporation, in its entirety, since she had joined its network. “That’s insane! I never imagined that Facebook had so much data on me,” she thinks, feeling at once fascinated and terrified.

Cookies taste bad

A cookie is a small piece of data stored on the user's computer while browsing a website that allows, for example, a site to "remember" a user from one page to another and thus avoid him to enter his login credentials at each page change or to recreate an abandoned basket when he returns to an e-commerce site. Problem: some cookies, called "third-party cookies", are also used to track users from one site to another to better target them. This is what happens, for example, when you receive travel ads for a week after searching at an online booking site. This is also the case with Facebook's "Like" buttons that track users through different sites even if they don't have an account on the platform.

More info

Since she’s been old enough to browse the Internet, Alice always accepted EULAs (End-User License Agreements) without reading them, accepted cookies without knowing what they were for. And in brick-and-mortar shops, she has always accepted free loyalty cards in exchange for her name, surname, home address, email, phone number, shopping preferences… making for as many companies that potentially have some of her data.

And so, Alice lists. On her phone, she finds the must-have Google apps (Gmail, Gdrive, Maps…), messaging apps like WhatsApp, apps for hotel or flight booking, apps for streaming platforms, dating apps, to-do list apps, food delivery apps, Instagram, LinkedIn, Twitter, Slack, Waze and Plan… a total of 88 apps for which she created an account, and that’s not even counting the ones she’s removed. Between her handbag and the drawers of the dresser next to her doorway, she finds 22 loyalty cards. Each one points to a company that has recorded at least her name, her email, and a partial purchase history. In her wallet, she also singles out her transit pass, her insurance card, her credit card, her neighborhood library card. And then there are public services – IRS, Social Security –, her city hall’s office, her family physician, the hospital where she went to get her broken arm fixed. In the “Ads” section in her Facebook data, she notices brands that she’s never heard of but that, apparently, have some data of hers. “I’ll count them too,” she decides. In all, Alice lists more than 200 companies, public or private, that likely have information ranging from her email address to her GPS location, from her wardrobe choices to her sexual preferences.

Image of a sticker mentioning Big Data is watching you

Several hundred companies likely have information about Alice.

Data Protection Officer

Under the GDPR, any company or administration that handles personal data on a large scale and/or sensitive data must appoint a DPO, or Data Protection Officer. He is responsible for ensuring the proper management and protection of the data under the control of his structure. He also deals with requests from citizens who wish, for example, to assert their GDPR rights by requesting a copy of their data. If Alice requests information about her data, it is with the DPO of each company that she must deal with.

More info

As the deep-sea data fishing expedition begins, there comes a first surprise. All businesses’ websites don’t have a “Download your data” button. Scratch that: the overwhelming majority of businesses don’t offer any way to automatically retrieve your data. The demand has to be addressed by email to the DPO, the Data Protection Officer. Some companies seem to enjoy concealing this piece of information. For the medical information kept by her family physician, Alice even has to ask for it by registered letter!

A month goes by. Barely half of the companies she messaged have responded. Alice sends follow-up messages in which she refers to the GDPR.

Another month goes by.

Right of access: legal time-limit

Under the GDPR, companies have one month to answer a right of access request. However, the company may extend this time limit by an additional two months if the "complexity" and "number of requests" warrant it and only after informing the requester. Some companies play on delaying user requests over and over again to discourage users.

More info

All the companies haven’t responded, but the folder in which she gathers the copy of her data has grown considerably. It now weighs 70GB. It includes her full Google search history, dated and timed, her Amazon and Walmart purchase history, her tweets, her interests – real or algorithm-presumed -, her doctor’s appointments, her bank loan history… It’s an immense amount of data, which outlines a virtual Alice in whom she at times sees little of herself, and at times too much.

“Well what now?” wonders Alice. “What do I do with all this?”

Edward, the personal cloud

Year 2022. Foldable phones are sprouting in every consumer’s pocket, driverless car tests are proliferating all over Paris, and data transfer buttons are popping up all over the Internet.

Data fragmentation spoils the user experience

Because the data are not centralized and the individual has not much control over it, there is what is called fragmentation of the experience across all the applications he uses, which exhausts the user because he has to repeatedly enter the same information and load the same photos and documents into different applications. If the data were centralized in a personal cloud, it would be the applications that would update themselves against the data and consolidate that experience.

“You see, now I can export my LinkedIn data to any freelancing marketplace. But they’re still not updating automatically, and I spend hours keeping my online résumés up to date. It takes forever. It’s tedious. And it’s unnecessary,” Alice complains to Alan, a software developer friend of hers.

“Lately, solutions have been developed to solve the problem you’re facing,” he explains with a learned tone. “If you want, I’ll show you.”

Alice takes out her laptop and sets it in front of them while Alan begins his thinking:

Do you know how Google Drive or Dropbox work? You save files on those clouds, and then you can access them from any device with an internet connection. Today, you have services that work a little like Google Drive, but for your data. They’re called personal clouds. I use one called ‘Edward’. It’s a secure and open-source system. You sign in through it to your different services, like Facebook, LinkedIn, your freelance platforms, Instagram, Twitter, Tik-Tok, your university account… And then it automatically downloads all the data you have on these services. It’s just like what you did two years ago, except here it does it on its own.

Five minutes later, Alice had set up her account and linked Edward to her main online services.

“And what about that ‘2 days’ button, what does it do?” she asks.

“It allows you to set the frequency for your data updates. Every two days, as it’s set here, Edward will download all the new data created on your services and save them for you. But that’s going to be less and less relevant because more and more websites automatically send Edward a sort of notification informing him that new data can be downloaded. So, your information updates itself almost live. It’s a bit like receiving a text: you don’t have to refresh your messaging service to receive it. With your personal data, it means that if you add a job experience on LinkedIn, it’ll appear on Edward within five minutes. It’s very efficient.”

Syncing your data everywhere

“That’s great, but it doesn’t really solve my problem. My résumé details are up to date on Edward, but they’re not syncing on all my platforms, are they?”

VRM: the power to the customer

Unlike CRM (Customer Relationship Management), Vendor Relationship Management (VRM) is a marketing concept in which the customer controls his relationship with companies. In the context of personal data management, this means that it is the customer who centralizes his data and defines who has access to it and how it is shared and used, in total control.

More info

“That’s where it become really interesting. Edward doesn’t just download your data; it also becomes their guardian, and can manage access authorizations to your data.”

“What does that mean?”

“Basically, Edward also has an API, a program which allows it to automatically engage with other bot software. Thanks to that, your data can be accessed by the bots from Facebook, YouTube, your freelance platforms, government agencies…”

“But wait. All my data can be accessed by all my services?”

GDPR and Consent: Marriage allows for divorce

The processing of personal data is only possible if it is based on one of the six legal bases defined by the GDPR: contract (the processing is necessary for the fulfillment or preparation of a contract with the data subject), legal obligation, public interest mission, legitimate interest, safeguarding of vital interests or... consent. In this case, the data controller is able to demonstrate that the data subject has given his consent "by a statement or by a clear affirmative action". The data subject may withdraw his consent at any time.

More info

“No, it can’t, because, as I was saying, Edward is your data’s guardian. All you have to do is to tell him: ‘I want this specific service to have access to this specific data for this type of use and for this specific duration in time.’ It’s a little like when you share a Google Doc: you can manage who can view it or alter it. Thanks to Edward, you can grant a new supermarket access to your purchase history at other supermarkets so that it can suggest products to you that fit your consumer profile, all while denying it access to your education history. And you can revoke an authorization any time you want. Look, I’ll show you how it works by signing you up to a new freelancing marketplace.”

On her screen, Alice brings up the homepage of Barley, a freelancing service she noticed a little while ago. Among the sign-in options is a button stamped “with Edward”. Click. A new page opens with the following questions:

Edward
Do you allow Barley to upload your name, surname, date of birth, work experience, ratings, and client comments?
Edward
Do you allow Barley to automatically update this data for the next two years? (You can revoke this authorization at any time on your Edward account.)
Edward
Do you allow Barley to use this data for targeted advertising purposes?

Alice clicks to confirm. In just a few seconds, the information on her new account appears automatically. She even already has a 4.8/5 rating, and comments left by her clients on other platforms pop up on her profile page. On her Edward account, the dashboard now displays a new tab entitled “My data transactions”.

Here is where you can see all the services that you’ve authorized to access some of your data. It works just like a bank statement, except here the transactions aren’t money transfers but personal data transfers, based on accesses granted or denied by you: you can see the date of a transaction, which data you’ve granted access to, for how long, and the name of the beneficiary service. Now try adding some new piece of information to your LinkedIn profile.

Alice complies, then refreshes the page on her new freelance service. And the information magically appears on her Barley profile, without her having anything to do. “Thanks a million Alan, and thanks a million Edward!” she thinks.

Photo of a library

Edward manages the user's personal data in the same way that a library manages its books: only authorized persons may consult them, for a defined period of time and for specific purposes.

Data control is the future

Users are increasingly aware of personal data issues. More than 80% of users are willing to share their data for a smoother digital experience and up to 88% for personalized experiences. The management of data by a platform and the fact that data may or may not be exportable to other platforms in a simple way (such as the fact that Alice is disappointed that her new watch can't receive data from her old watch) will become more and more significant selling arguments.

More info

After Alan is gone, she decides to set up as many of her accounts as possible to be in sync with Edward. The only problem is that one of the freelance platforms she’s on does not allow data transfers to or from personal clouds. “Too bad,” she reflects before deleting her account. “But there’s no way I’m going to update all my information manually, or have to constantly reexport all my data from another service.” She’s made up her mind: from now on, she will only sign up to services compatible with Edward.

Reliable data: Bots on the march

Year 2028. The first European directive on the free circulation of SAE Level 5 Autonomous Vehicles has finally been transcribed into French law, and passersby are less and less surprised to see cars without pedals or even a steering wheel. On the issue of personal data, the GDPR has been expanded and now dictates that any business or administration that gathers data from European citizens must be compatible with personal clouds. That’s great news for Alice. It took her a few years, but she’s done it: all of the services she uses now have to go through Edward, which she can manage from her smartphone, in order to access any of her data.

In fact, her phone starts buzzing; she’s just received an alert. It’s from Edward, her bot:

Edward
Do you allow Mistral Entertainment to access to your education history:

Mistral Entertainment is a Bordeaux-based video game developer. Alice is supposed to meet their CHRO the next day for a job interview.

“Thank you for accepting our request to access your education history,” says Karen, the CHRO for Mistral Entertainment, as Alice is sitting down to her interview. “It allows us to certify that the education information on your résumé is real and accurate.” Last year, the ‘law to guarantee the accuracy of state-registered diploma information’ imposed on all training centers, universities, and schools that they dematerialize all their diplomas, attributing to each one its unique ID code, and making them compatible with personal clouds. That way, any company can ask an applicant to grant them access to their education history. “You’d be surprised by how many applicants used to lie on their résumés in the past,” Karen goes on. “But everything’s in order with you, and your previous work qualifications are very impressive.”

Alice exits her interview with Mistral Entertainment brimming with joy and confidence. It is noon, and she’s hardly just sat down to a table in a restaurant in the center of Bordeaux when she hears a familiar voice booming behind her: “Hello! Would you spare two minutes of your time? I’d like to introduce you to YumAdvisor, the app guaranteed to bring you the best clients!”

“Bob! It’s been so long!” cries Alice. “How’ve you been? How’s YumAdvisor doing?”

The startled entrepreneur turns around and flashes a large smile to his friend: “Well, I’m not going to lie. YumAdvisor nearly went bust. But I held on tight and now the widespread use of personal clouds has really helped it get off the ground. Thousands of restaurants are registered on the platform, and new ones sign up every day.”

“To be honest, I’ve tried setting up a YumAdvisor account a few years ago, confesses Grace, the restaurant manager. But I gave up on it. You had to fill in a form worth a month of Sundays, and I couldn’t even export my establishment’s ratings and comments from elsewhere online. It’s a shame really, because I loved the concept and it had a great layout.”

“You know what, I’m going to set a timer down on the table. If you haven’t managed to sign up in less than two minutes, I’ll take my leave and you’ll never hear from me again,” Bob declares as he hands a touchscreen tablet to Grace, who takes up the challenge.

“You’re on!” Grace taps the “Sign in with Edward” button, the only one on the homepage. She types in her username and password, and selects the information she wants to import into the service: her restaurant’s name and address, its consumer comments and ratings from other platforms, its menu and daily specials, each with their ingredients list. When she taps “Confirm”, the timer reads 1:02. Five seconds later, her restaurant’s profile page appears. Her business is instantly displayed on a map along with her average rating in bold numbers, next to her most positive comments and a list of all the dishes served that day.

“There, I’ve found you,” Alice smiles as she points to the YumAdvisor app she’s just launched on her own phone. “By the way, while you’re here, I was wondering: I’ve recently developed a peanut allergy. Could you show me which dishes on your menu don’t contain peanuts?”

“Wait a minute,” Bob chimes in before Grace could even speak. “You haven’t tried our new ‘anti-allergy’ feature? Tap the ‘What can I eat?’ button just below the restaurant’s name.”

Alice complies and receives an alert from Edward:

Edward
Do you authorize YumAdvisor to access your medical information in relation to food allergies and intolerances?

Alice agrees. On the app, all the restaurant’s dishes now appear either in green or in red. The green ones are safe for her to eat; the red ones contain at least one peanut-based ingredient. “Oh wow! You can’t imagine the stress this does away with!” she exclaims before ordering chicken Columbo, guaranteed peanut-free.

Her lunch now over, she needs to head to the airport to meet her cousin Dennis. In the past, she would have ordered a car on an app like Uber. Thanks to their numerous users -both drivers and clients- these platforms used to control the information on supply and demand; they knew the number of available drivers and clients waiting in the area, their precise location, requested trips, traffic info, rush hours and journeys… As much information that the app’s users didn’t own, which forced them to exclusively use these platforms as intermediary between supply and demand. An asymmetry that allowed these services to take a commission of around 25% per trip.

Times have changed. Thanks to his personal cloud, an authorized driver can now show as available, geolocative and offer his rate on as many apps as he wants. Drivers have taken back control. Intermediaries have disappeared, and, with them, ridiculous commissions. Meaning -prices have gone down for clients while drivers’ wages have gone up.

Image of an old car driving on an Arizona highway

Thanks to personal clouds, drivers no longer need to use platforms charging exorbitant commissions. © Pexel

Alice enters her destination on her phone. A few seconds later, a list of drivers in the area pops up, along with comments and ratings for each of them from all similar apps. She picks the best rated. Two minutes later, she’s on her way to the airport.

Edward silverdata

The terminal is rammed already. Alice is scuffling her way through the crowd while glancing around to spot her cousin when her phone buzzes: “Hey, I’m waiting for you at the VIP lounge!”

“What on earth is Dennis doing at the VIP lounge? It’s usually reserved for business-class travelers…”, she ponders as she arrives there.

“Hello!, Dennis chuckles. What’s with that face?” Smart suit, spanking new watch, latest smartphone and a glass of champagne in hand -Alice can barely recognize the perpetually broke frail student she sent off to the Philippines a year before.

“Did you win the lottery or what?” Another loud chuckle from Dennis. “Not even.”

“Then what?”

These past few months, Dennis has become an adept of “data-discounts”, discounts that are given by companies in exchange for broader access to individual’s personal data. “Air France, for instance, offered to upgrade me if I authorized their bot to retrieve on my personal cloud the history of my plane tickets over the last two years, he explains. If I had granted access to the entirety of my train and bus trips, I could even have had a coupon on their website.”

“Did you only do that with Air France?”

“Of course not. I got a 50% discount on my phone by letting the brand check my purchase history on competitor app stores. And I got the smartwatch cheaper in exchange for granting the brand access to regularly check data from my running app. According to them, they’re trying to understand why a majority of users prefer synchronizing their smartwatch to another service rather than theirs.”

“I saw these offers but I haven’t dared try yet.”

Dennis continues to speak:

I think it’s only the beginning, Dennis adds. I heard that some people in the US accept to sell their data to Asian and American universities that are using them to train algorithms or to companies to help them improve their marketing. Some get several hundreds of euros a month from it. In Africa and Asia, this type of trade even allows some people to improve their everyday life and to get out of poverty.

The digital Labour

If you're not paying for the product, you are the product! We don't know it, but we all work for digital giants who don't pay us directly. Each of our clicks, each content consulted online, each page viewed is analyzed by digital platforms to resell this attention time to companies ready to pay for it. They consider that the free product is the indirect remuneration of the user for his work. What if, in the future, we became aware of the value we bring and asked that this work be remunerated at its fair value?

“I see, Alice adds. All our clicks, comments, ratings, purchases -all of this represented a sort of work that we used to perform for free for the benefit of big corporations who used our data more or less however they fancied without asking for our opinion. Now they have to go through our personal clouds to retrieve this precious data. The advantage is that it allows us to keep track of where our data is tracked/stored and how it’s used.”»

“Precisely”, Dennis concludes.

Post-mortem data management: Digital heritage

Alice’s phone is ringing. It’s her dad. He is in tears: “Mum died today, or maybe yesterday, I’m not sure.” She was visiting a friend in the North but her train stopped in the middle of nowhere but never left again. She must have spent the night in some shabby hotel. Her heart stopped in the night around midnight. Not knowing what to do with her evening, Alice scrolled on social networks, browsing through her Facebook feed without seeing it. Until this balloon-release like notification: “It’s her 62nd birthday. Don’t forget to wish her a happy birthday.” On the post, her mum’s face. The real one is gone, but the digital one still exists.

Digital death

In France, the Data Protection Act states that the heirs of a deceased person may request that the deceased's data be updated. On Facebook, for example, it is possible to transform a profile into a "memorial". The management of data that can be stored without limit, has implications beyond our physical person... when will a digital testament be drawn up?

More info

The reading of the will is at 10am. Alice meets her brother, her sister and her father in front of the pretty stately home the lawyer uses as an office. Property, money, jewelry... Mr. Pouzin enumerates the deceased’s last wishes. “We will now proceed with Madam’s wish regarding post-mortem management of her personal data,” the lawyer declares. After struggling with Twitter management to delete a deceased friend’s account without any known relatives, Alice’s mum decided to prepare everything. “Madam’s data are all stored and managed by Edward bot. Before her death, Madam organized for the possibility for me, as lawyer, to delete some of her data. Tonight, the entirety of her social media accounts will be deleted to the exception of Facebook which will be turned as a memorial page. Access authorizations to her pictures on her Apple Cloud, her documents saved on Google Drive and Dropbox will, in their case, be transferred to your personal clouds.”

Once the paperwork is over, Mr. Pouzin adds: “Preparing for post-mortem personal data management is a procedure that is still somewhat rare, but that will make your life easier. Without it, you would have had to request, service by service, to delete Madam’s account by providing proof that you belong to her family and a death certificate. And the account remains visible until the platform takes the request into account. This can make grieving difficult for many families.” On Facebook alone, 8,000 to 10,000 people signed up die every day. And the number of ghost accounts could exceed that of living users by 2070.

Majority Report

Year 2029. Alice is invited to her friend Karen’s, whose son is celebrating his 18th birthday today. As for every transition to adulthood, the family has gone all out -200 people are invited for drinks and nibbles in the reception hall of a Renaissance castle. Suited waiters offer amuse-bouches with extensive names while pouring generously champagne and wine.

Following the family’s tradition, children get for their 18th birthday a car and a letter to hand to the bank. The latter end the parents’ power of attorney over their children’s bank account who has now become an adult able to manage their funds the way they want to.

“Why two letters this year?” Alice asks Karen.

“You don’t know? Thanks to personal clouds, we also had power of attorney over Steve’s data. As soon as an app requested access to his data, we could validate or cancel his decision. We didn’t want any random service to abuse his credulity to use his data. Today he’s officially an adult. So, it’s up to him to manage his money as well as his data responsibly. Well, the letter is mostly symbolic because in reality, I can delete the power of attorney in two clicks.” Karen smiles.

Alice thinks back on everything she had to do to get the right to control her own personal data back. “Nowadays he has all the necessary tools to manage them in an informed way. He’s much better equipped than we were at his age. Back then we didn’t even know who had this data about us and what was done with it. Companies had control over how it was shared and laws were trying to protect us without handing its management over to us though, without trusting us to take informed decisions for ourselves.” She stops to think for an instant:

Actually, we were treated as underage for way too long.

On her way back, her phone starts buzzing and two Edward notifications pop up on her screen:

Edward
The national institute for voice recognition would like to access your voice data stored on your connected speaker Alexis to help move IT research forward.
Edward
MaxIceCream is offering you to share your data regarding your job and hobbies in exchange for a 15% discount on their Everything-Chocolate range:

Alice hesitates: “A few years ago only the institute would have struggled to retrieve useful data for research, she thinks. On the other hand, it’s likely MaxIceCream would have been able to use my data and create value through it without me even knowing it. Back then I was robbed of any control over my data, I couldn’t manage it consciously according to my ethics and beliefs. Now the law, my understanding of the stakes around personal data and digital tools allow me to make my own informed choices. Such progress! We’ve grown collectively and gained both freedom and rights.” Rights she is intending to use. She decides to accept the institute’s request but to deny that an agri-food company knows about her personal and professional activities. In less than five seconds, Edward has saved her choices. Glad she’s been able to help research and to protect her personal life in complete transparency and awareness. Alice puts her phone away and her headphones back on, then walks on humming, finally getting a grasp of her newly gained freedom -but this realization isn’t a scary sight anymore. She is able to choose consciously, and understands now more than even that for personal data too, to choose is to forsake.

Edward