Abstract

 Recent privacy scandals such as Cambridge Analytica and the Nightingale Project show that data sharing must be carefully managed and regulated to prevent data misuse. Data protection law, legal frameworks, and technological solutions tend to focus on controller responsibilities as opposed to protecting data subjects from the beginning of the data collection process. Using a case study of how data subjects can be better protected during data curation, we propose that a co-created data commons can protect individual autonomy over personal data through collective curation and rebalance power between data subjects and controllers.
 
Highlights
Rapid technological innovation in our data-driven society (Pentland, 2013) has changed how data subjects, interact with data controllers
We introduce the commons as a potential framework for bridging the data protection divide, before detailing data curation as a use case for the data commons, examining what similar frameworks have been established in this space and how our data commons can aid better data protection for data subjects
We conclude that a co-created data commons can protect individual autonomy over their personal data through collective curation and rebalance power between data subjects and controllers, establishing the requirements of a data commons to help data subjects and explore how this could work in the context of data curation
Summary
Rapid technological innovation in our data-driven society (Pentland, 2013) has changed how data subjects (those about whom personal data are collected), interact with data controllers (those who collect and determine what these data are used for). While certain laws and technologies attempt to encourage data subject participation and provide them with the ability to control their personal data, this is insuffcient as it relies on data subjects having a high-level of understanding of both the law and the resources available for individual redress Such redress usually arises after data collection and sharing, after which time the damage may already have been done. Under existing legislative frameworks and the available technological solutions, data protection focuses on putting responsibilities on data controllers and enforcement This continues to place pressure on individual data subjects to protect their own personal data and seek individual remedies in case of breaches, rather than including them in discussions that can help shape data protection policies and better protect personal data
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
