I recently attended a lecture by Prof Andrew Clement through IPSI addressing how our current legal/policy frameworks handling personal information are no longer adequate. Using the example of the no fly list used by the US and Canada, Clement presented a number of case studies in which public, not private information, now readily available, searchable and aggregated online, was used to restrict citizens’ entry into the US because of the “security threats” they posed. Notable academic examples include a professor who criticized the Bush admin and another for dropping LSD in the 60s (he published a paper about his findings that came up on Google).

Instead of clinging to an older paradigm of privacy, Clement argues that citizens need to be protected with better models that can address current challenges in managing personal data brought about by new technology. Instead of focusing on privacy, he proposes the idea of identity integrity, which is characterized by a focus on the rights of citizens and a presumption of anonymous entitlement and of innocence. It also calls for policy to be more transparent, or at least for a proper appeals process to be in place e.g. addressing the difficult process of appealing one’s inclusion on a no fly list.

In addition to identity integrity, there is the notion of identity management which people already instinctively do, with varying levels of competency. Identity management is definitely something I’d like to see included in the educational curriculum. It’s also something I believe corporations and online vendors need to become more responsible for instead of constantly placing the onus on users to track their personal data. Especially young users.

Too often I have heard the argument that a free online service should be compensated by a user’s content that has been voluntarily uploaded. Personally, I find it fairly ridiculous to expect - let’s pick on Facebook for example - your average 13 year old to actually read through the FB TOS, which is written in an inaccessible legal language and is excessively long for an online text. And, if youth users want to continue to understand how their personal data is shared, they are also expected to read the TOS of each 3rd party application they add? And are their parents supposed to read them too?

Users don’t want privacy so much as they want control over their online personal data. Would it be so difficult for online apps to be more transparent about how they are using it? More importantly, shouldn’t they?