[zerotolerance]

I don't think everyone agrees people have the right to claim ownership to all data exchanged in a multi-party interaction. Further I don't think anyone understands Identity well enough to be able to provide transitively collected data without breaching confidence of similar third-parties.

Nothing is as simple as a quip can make it sound.

[simias]

>Further I don't think anyone understands Identity well enough to be able to provide transitively collected data without breaching confidence of similar third-parties.

I'm obviously not a lawyer or anything but I think that this would be more compeling if Spotify was open source. "You don't want to share this? Well just remove the code then."

Here not only can't I do that but I've been a paying customer of Spotify for years and I had no idea that they even collected 90% of that stuff. In these conditions how can it be argued that I gave them ownership of data I didn't even know existed?

[zerotolerance]

Everything is data. Anybody can remember anything they want. You didn't give them anything, they experience the same reality as you when you chose to interact with them. ... It takes two baby...

[iamdave]

Further I don't think anyone understands Identity well enough to be able to provide transitively collected data without breaching confidence of similar third-parties.

Would you be willing to unpack this statement a bit, please? I'm not quite sure I understand.

[emiliobumachar]

If I may intrude, I think they mean that revealing to you data that involves you and other people could invade the privacy of those other people.

[Silhouette]

This is one of the issues in personal data and privacy that I think we're going to have to acknowledge and confront some time very soon: often, data about an individual in isolation is less telling than data about that individual's relationships, but relationships always involve multiple parties. Right now, we've barely established a consensus on the ethical and legal principles of a relationship between a single data subject and a second party using data about them.

The big social networks have amassed their huge databases not only through information volunteered by individual members, but also by co-opting people who know those individuals (or just happened to be nearby) to provide more. For example, every time a social network's mobile app uploads an address book from someone I know when they install on their new phone, and consequently that social network knows my name and contact details, they have potentially violated my privacy with neither my knowledge nor consent. With the advent of ubiquitous devices with cameras, microphones, network connectivity, GPS and other sensors, and at the same time the developments in automatic recognition technologies based on photos, audio or video footage, the risks of exploiting network effects to gather data on unwilling subjects have increased dramatically.

I'm not sure it's reasonable to expect every person I've ever shared my contact details with or anyone who ever took a photo with me in the background to understand the implications of their devices and the software they run on them. In any case, there are going to be difficult ethical questions about balancing the rights and freedoms of multiple parties.

However, I am quite sure it's fair to require businesses on the scale of Facebook to understand the basic situation and at least not to retain or use personal data for any longer than is necessary. The GDPR and similar proposals starting to appear elsewhere are clearly trying to enshrine something like that principle in law, but everything I have seen so far suggests that the biggest data hoarders are paying lip service but still trying to get away with anything they can.

[iamdave]

Gotcha. Thank you, for some reason that wasn't immediately clicking in my brain.

[Klathmon]

For a bit more context, this was recently discussed a LOT with the Cambridge Analytica Facebook scandal.

The issue being that if you text me, and I give that to Facebook, does facebook have the right to ask me for permission to give it to a 4th party? Should facebook be required to give you that information if you don't have a facebook account and request it?