By now we’ve all seen the headlines about Facebook’s poor data practices: as many as 87 million users’ personal records affected by Cambridge Analytica, 2.2 billion users’ profiles scraped by third parties, and so on.
But what went wrong isn’t limited to Facebook. The problem is that an internet run by centralized digital superpowers leaves users with little control over their data.
Centralization’s Weaknesses
Think of the internet as an extremely efficient copy machine that anyone can use. This makes it very easy to share information — including information you want to keep private.
That’s why we need rules. When we say “data privacy,” we are referring to the rules set by platforms — determining who has permission to handle data and who gets informed when it happens.
To use a platform, users have to check a box saying they agree to the rules. The problem is tech giants don’t give users real insight into the rules beyond saying, “Trust us!”
As we now know, Facebook gave wildly disproportionate permission to third-party app developers to copy their users’ personal information. By exploiting this permission, Cambridge Analytica was able to use a single app to collect millions of personal records at almost no cost, and nobody was informed until it was too late.
Unfortunately, these types of situations will continue to happen. Centralized platforms lack incentives to properly disclose their data practices, so users will be left in the dark when the “copy machine” falls into the wrong hands again.
The Role of Decentralization
For data that is clearly valuable, users should be able to explicitly set permissions around who can access it, and those permissions should be easy to verify.
We can use blockchain technology for this. The idea is not to store everyone’s private data on-chain;
