Sometimes I think about data privacy and the internet, and sometimes I think about ways companies are handling our data. At the end of the day though, my take on data privacy is that it still starts with you. Once it’s out of your hands, you really no longer have control over it.
So let me start with a definition of what I think “true” or “complete” data privacy is: I have complete control over the data. Only I can do anything with it and can give permission for anyone else to have some form of access to it.
But herein lies a problem, what about other data that someone else has in addition to mine? How do I know this data, we’ll say in the form of files, also doesn’t contain my data? How do I know someone else’s files also doesn’t contain my data? It may not happen, but if I’m going down this paranoia rabbit hole, I need to verify which data of the entire data set is mine so I can control it. Requiring this means every piece of data requires read and write privileges for everyone. I have to be able to read everyone else’s data and be able to write out whatever data is mine, should that my data be in there.
To me, paradoxically, complete data privacy requires that data must be completely transparent. Which means all data has to be public and that seems to conflict with the very idea of privacy.
Now you might go “but Google, Apple, etc. lets you delete your data!” as if to complete how much access you have to it. Except, I have no way of verifying that the company actually deleted my data. They obviously won’t allow me into their databases to verify. On top of this, any large company has a backup plan in place. Unless they go through and wipe my data off their backups, I am truly not off their data stores. So I don’t have complete access to the data I sent to them.
You could say end-to-end encryption methods could solve this. Maybe you could generate an asymmetric encryption key and pass out your public key. Except what’s stopping someone from obtaining your public key and decrypting whatever information you put out in the wild? Asymmetric encryption is useful for verifying data, but not necessarily for securing it. Though I suppose the double lock box method could resolve this.
All in all, this leads me to the title of the post: Privacy still starts with you. As much as you’d like to think you have control over your data once it’s on the internet, I believe you have no control over your data once it’s out there. If you want something to remain completely private, just don’t let it out at all.
Or find some other means of communication.