September 2018 - Data Protection & Privacy

Data Sovereignty: Does the Use of My Data Always Require My Consent?

Martin Przewloka of msg Group explores data ownership, data sovereignty, and issues with consent and anonymization of personal data.

Data Sovereignty: Does the Use of My Data Always Require My Consent?

© ipopba |

Again and again, the question arises as to the right to the ownership of data. This question is formally rejected by many countries in legal terms, in which case the right to data ownership deviates from the principle of data sovereignty. There is thus a very complex question that goes far beyond the legal examination: Can I always retain the sovereignty over my personal data? Or, in simpler terms, does the use of my data always require my consent? It is not yet possible to give a final and unequivocal answer to this question. On the other hand, in this article essential and in particular ethical aspects of this topic will be exemplified. Furthermore, a technology-based approach will be presented in order to deal with this problem in a solution-oriented way.

Data sovereignty vs. traffic safety in the connected car

Highly networked and autonomous driving necessarily requires a communication from vehicle to vehicle and from vehicle to infrastructure (“car2X”). Even from the perspective of society's security needs, it can be argued that, in this case, there can be no possibility of withdrawing consent for the exchange of data in as far as it serves the purpose of secure and efficient mobility. Limiting the exchange of personal data, however, in particular of the driver or the passenger – i.e. a complete anonymization – is difficult to ensure.

The currently ongoing discussion of permanently sustainable anonymization and the caching of data on neutral servers, with the aim of allowing the user to decide later on the re-use of their data, is not a solution for real-time systems. 

Furthermore, each vehicle, as a data-generating unit, will also be integrated into the communication flow by means of a unique identification. Can one still even speak of complete data sovereignty, let alone demand it? An ethical view shows immediately that here the individual interest collides directly with the guarantee of a traffic infrastructure that meets society’s needs.

The limits to the feasibility of anonymizing genetic data

The problem becomes even clearer when we look at data processing in medicine. Genetic engineering, and genetic diagnosis in particular, has reached a level today that is indispensable in medical practice. This is not only due to the fact that a significant proportion of diseases can safely be assigned to genetically representable constellations, but in particular due to the fact that the diagnostics and laboratory equipment has experienced a rapid decrease in price. Genetic engineering has become affordable in the truest sense of the word.

But, at the very latest, at this point the question of stringent data sovereignty by the patient becomes paramount. From the point of view of the legislator, anonymization of the data prior to a transfer is required in order to free it from the restrictive consent of the patient for the purpose of legitimized data exchange. Especially in the context of research, this approach seems sensible. 

However, the problem and the initially ethically acceptable solution is overshadowed by a substantial fact: With virtually every anonymization of genetic data - even if it happens, for example, via the reduction to partial data -conclusions can be drawn through reverse engineering to the identity of the individual, due to the uniqueness of the genetic code. Anonymization is therefore not technologically feasible to the full extent. Rather, what need to be highlighted are trust and abuse prevention techniques. 

User legitimation of personal data as a technical solution

Which possible solutions can now be provided technologically in order to at least alleviate the ethical conflicts of a stringent data sovereignty of personal data that is probably no longer sustainable in the long term? We've taken the lead with myData and created a data management platform that is neutral in the flow of data-generating to data-using units. Any exchange of data between the data source and the data destination can be legitimized by the user in the sense of ensuring data sovereignty ex ante and ex post. This legitimization is rule-based, situational, or completely automated. If anonymization of the data becomes necessary in order to fulfill the requirements of the legislator, as is necessary today, myData is in the position to carry this out and at the same time document it permanently. It does not matter whether the processing is based on static data packets or real-time based data flows. But even in the event that a limited data sovereignty should be necessary, as was exemplified in the two case studies discussed, myData will fulfill a further increasingly important requirement for the future: data transparency. The user has the visibility of the data flow "of his/her data", at any time, in any situation.

As an industrial manager and university professor, Martin Przewloka has more than 20 years of experience in the successful development, launch, and scale-up of technologies. His special technical expertise and scientific interests lie in the fields of digital assistance systems, sensor technologies, smart data, and Artificial Intelligence.

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.