- Intellectual property rights are eroding in the digital age.
- Terms of service agreements do not benefit the end user.
- Data fiduciaries can restore confidence and individual rights.
Do you give up certain legal protections when your personal records wind up in the cloud? Have personal property and privacy rights transformed in the advent of cloud computing?
“Intuitively, most people think that their data belongs to them,” she observes. “They have a very natural idea about what property is, and will become aware only late that by storing their data in the cloud they are giving up the most important means of control and are fully at the mercy of the cloud service provider (CSP).”
Global cloud traffic will exceed 6.5 zettabytes (541 exabytes per month) by 2018, with 53% of internet users (2 billion people) opting for cloud-based storage, according to a Cisco estimate. No longer housed in your desk or on your mantel, these personal effects are on a server many miles away — abstracted and alienated from their source.
The difficulty with cloud computing – and what makes it distinct from other communication intermediaries (say, the post office or phone company) – is that “there is no comparable legal paradigm that protects individuals’ personal records when at rest under the control of a third party,” Irion says.
The private individual and the CSP share control over these digital artifacts. Moreover, most terms of service (TOS) favor the CSP's interests and “reinforce the client’s dependency on the service provider and thus only entrench the loss of control over her data,” Irion says.
A cloud service provider can effect immediate change to the standard terms of service, in many cases without notice. They have unfettered permission to use your data, including sharing it with another party.
In an article published September in International Journal of Law and Information Technology, Irion worries that, absent a strong legal protection, consumers run the risk of exploitation as data is increasingly commodified. As CSPs move to make money from advertising, they’ll have little obstacle to pilfering your information (as Google has, for instance) in order to find more effective methods of marketing to you.
Given the consumer’s lack of negotiation power, Irion believes the solution may be a data fiduciary, a concept that's gaining traction among legal scholars lately. Much like a trust fund or lending institution, a data fiduciary would take care of consumer information, and respect the concepts of sovereignty and privacy we’ve come to expect in our modern democracies.
Like other fiduciaries, information fiduciaries would work on our behalf, writes Jack Balkin, director of the Information Society Project at Yale University. Lawyers, doctors, and accountants already function in a similar capacity — wielding our personal information with our best interests placed first.
If data fiduciaries were installed, then TOS agreements would reflect the rights consumers expect: CSPs, if structured as a data fiduciary, would be limited in what information they could collect, use, and sell.
We would regain our confidence that our data is protected, yet fluid enough to enable the modern information marketplace. We could expect our data to remain in our sole possession, and not be handed over to a third party without a warrant. But until a data fiduciary legal framework is created, we yield control when agreeing to the TOS.
Want to delete the data you’ve stashed in the cloud? That’s up to the CSP. Want to decide where your data resides? Forget about it — that’s up to the CSP. What happens to your data if you declare bankruptcy and your service relationship terminates? Do you even know how many copies there are? You probably don’t, since that’s the purview of the service provider.
So in what sense do you control your own data? And in what meaningful sense is it yours if you can’t control it?