We all have a “data double”. But how well do you really know this other aspect of your identity? Unless you know what your entirely digital identity looks like, you should take responsibility for finding out and, at the same time, contribute to a digital drive to ensure that we all gain better control over our online, digital, lives. Very often it is our data doubles, not our physical selves, that will be assessed by the future employers, new flames, or benefits officers who make decisions about us.
A data Picasso?
A large number of businesses, public sector bodies, and multinational companies collect and process the information that we provide when we shop online, use social media, or make card payments. Your “data double” is the sum of all these digital footprints. What picture of you does this “data double” provide? And is it a desirable picture? Despite all the algorithmic modifications designed to ensure the accuracy of the data gathered, these types of automated analyses can be completely erroneous and produce a kind of Picasso-like distortion of the real you. A simple Google search for your name will generate many correct and incorrect results. With the help of tools such as Applymagicsauce, developed by the University of Cambridge, we can see, for example, how Facebook appears to believe that the first-listed author of this article is most likely a homosexual man.
The wrong profile may have undesirable results
The main result of the inaccurate assumption made about one of the authors of this article is that she receives an increased numbers of irrelevant adverts. This is not particularly significant, but these kinds of distorted digital profiles cause potentially major problems if you have the “wrong” name, have visited the “wrong” website, or perhaps have sent a slightly unfortunate tweet. It might lead to, for example, that the United States, which now wants to routinely ask for your Twitter and Facebook IDs before granting entry, bar you for the wrong reasons. There have also been incidents, with very unfortunate consequences, where benefits officers check their clients’ Instagram profiles before authorizing payment of disability benefits. Such examples make it clear that getting acquainted with your “data double” may be worthwhile.
To put it simply, there are three choices for dealing with our “data doubles”: we can ignore them and hope for the best; we can take relatively simple steps to try and amend them so that they better represent how we want to appear; or we can be more thorough and invoke our statutory rights to find out exactly what data is registered about us by various parties.
Simply ignoring the issue will not necessarily have undesirable consequences, but there is a real risk that you may be denied entry to a country you want to visit because of a tweet, or lose your job due to an inappropriate Facebook update. Reports of such incidents are increasing now that employers and governments are making ever-more-systematic attempts to monitor people online.
Accordingly, you would be well advised to take at least the basic steps to familiarize yourself with, for example, the privacy settings in your web browser, email software and social media platforms so that you can better control who knows what about you.
The legislation is in place
Preferably, we should take more thorough action and use our statutory rights to gain access to information held about us. The necessary framework, in the form of statutes, supervisory authorities and ombudsmen is already in place so that those who gather personal data can be held accountable. However actually taking control of your “data double” can be extremely difficult. Theoretically, in most cases your statutory rights allow you to access information when someone has gathered your personal data. If, for instance, you have visited the Oslo City shopping centre, you have the right to see the images of you captured by the shopping centre’s surveillance cameras. If your car is registered with the Norwegian police, you have the right to know what information they hold about you. In addition, you have the right to insist that inaccurate information is corrected. Despite these theoretical rights, experience suggests that access is not gained so easily in practice.
As part of a major European research project, we have systematically tested these statutory rights of access in relation to a range of Norwegian public- and private-sector entities. The result was somewhat disappointing. The process was long, difficult and, at the end of the day, futile. In general, the people responsible for recordings made by surveillance cameras and data held in databases, knew little about their obligations and delayed the processing of requests for access. Such delays were either caused by staff – intentionally, ignorantly, or through lack of understanding of their responsibilities – or by absent or defective routines for dealing with such requests. In other words, even if you opt for the third approach and make a major effort to take control of your digital life, there is a significant chance that you will not get very far at present.
A digital campaign
We believe that one explanation for our disappointing results is that too few people invoke their rights of access. Accordingly, we are proposing a digital campaign. The logic is simple: if more people invoke their rights of access, procedures for supplying this data should improve. Then, the rights of access would become a real and valuable tool for gaining control of our digital identities. The Norwegian Data Inspectorate supplies a standard form for requesting access to personal data and initiatives such as nettvett.no and slettmeg.no can provide guidance if you feel that your rights have already been violated online. Check the settings on your social media platforms, investigate what credit agencies know about you, find out what Facebook thinks you like, and be aware of your online privacy settings. Ask friends to delete photos and tags on inappropriate posts, call your phone company and ask them to delete your five most recent inaccurate addresses, and update or block access to your contact details on the official registers at Brønnøysund. In short, be inquisitive and tidy up!
This type of campaign, a kind of collective raising of awareness, is a win-win situation: it can give you as an individual better control of your “data double”. Also, the people who control digital information about us will become better equipped to fulfil their obligations, ensuring that we can exercise our democratic rights of access. Finally, if our “data doubles” ever cause any of us serious trouble, the legal remedies will be in place both in theory and in practice.
- This text was published in Norwegian in the daily Aftenposten 21 November 2016: ‘Bli kjent med din datatvilling!‘
- Translation from Norwegian: Fidotext