John,

Great.

Yes, there are very powerful interests at play. They include "foreign" (from a EU perspective) and domestic interests, including web merchants, banks, conventional businesses and governments. The Payment Services Directive also involves important reorganization of economic interests. Europe has repeatedly shown, for better and occasionally for worse, that it is capable of making these kinds of economically disruptive decisions.

Keeping in mind that I am a non-expert on all elements of this:

My sense is that the information economy can function as well, probably better, and certainly more securely, via decentralized exploitation of personal data. A cascade of me -> my concierge -> my bank -> our country -> my region -> the world is likely to work better for me and for each of my representative levels, including my neighbors and my country.

For this to work, it is critical that each of those levels gets out of its own way. I understand that at least one European bank understands that it should get out of the software business and view itself as a conduit - a trust (and wisdom) provider. That will be rough on revenues, but the alternative is worse. Again, I am not advocating for banks, merely doing my best to analyze.

As to the exploitation of big data, transversal organization permits all the data about all my operations to be hosted with whomever I want, locally, with "regulated databases" (Circle's phrase for banks) under supervision that includes my national regulators. My sense is that the comprehensive nature of the data and the mass of historical information can be more effective at providing helpful insights regarding important decisions.

But whatever the relative advantages of the two approaches, data security and national interests coincide, so I guess that Europeans are likely to make the GDPR stick. I note that it is possible for the Commission to make a categoric decision that another country's laws provide adequate protection (Art 45), which is a pressure, or short-circuit, point.

I didn't know about and am delighted to see the CCICADA initiative!

On Sun, Aug 7, 2016 at 12:34 PM, John Wunderlich <john@wunderlich.ca> wrote:

James;

I’m unaware of such a group collaboration with respect to the GDPR, but would also love to find out about it if it exists. I’ve had to read the GDPR end to end a number of times recently for an engagement I had. It will be interesting to see how what you call, I think correctly, “a powerful point of view”, interacts with the also powerful forces of commercial inertia that have build the personal data ecosystem based on a de facto treatment of personal data as property. My experiences with large enterprises suggests that we are at the confluence of a number of development curves:

Personal Data Economy: This is how the Internet was monetized and is fully mature. It is predicated on contracts of adhesion or terms of use that enable one way doors for the collection of personal information by entities that then get to use that data as they see fit, with marginal constraints that appear occasionally if a particularly heinous security or privacy incident reaches a regulator or the press.
This is in many ways a mature market.

Big Data: Moore’s law has put affordable big data on the table. Despite the hype in the media and with VC’s my suspicion is that actual useful big data installations are still at the Early Adopters stage. Much of the predicted profit from Big Data comes from the personal data economy and assumes unfettered access to data lakes of personal information
. This is where ‘innovation’ is happening. And it’s not good for the GDPR or our personal data autonomy generally.

Notwithstanding nattering about these innovations, large organizations with a dependency on the status quo will push back hard against anything that might require a change in business model or business processes. Similarly, startups seeking VC money tend to articulate their MVP in terms of existing schema for profit and monetization. A couple of cliché’s come to mind involving rocks and hard places or immovable objects and irresistible forces.

This is why the Kantara Incubator is so necessary and exciting. It presents researchers and startups with an opportunity to innovate against the mature personal data economy itself, rather than try and come up with news ways of monetization (which is essentially all that the current big data initiatives appear to be). I don’t know what the successor to the Personal Data Economy will be. It may be as simple as the Personalized Data Economy, where the locus of control shifts from the data controller to the subject. But it seems clear that the GDPR and the Personal Data Economy as it is currently constituted are mutually incompatible.

Sincerely,
John Wunderlich
@PrivacyCDN

Call: +1 (647) 669-4749
eMail: john@wunderlich.ca

On 7 August 2016 at 11:51, James Hazard <james.g.hazard@gmail.com> wrote:
Yes, nice summary. The official introduction to the GDPR - the legislative whereas-es - is as good a work of digesting a complex legal subject matter as I have ever seen. In its _173_ sections of introduction, it touches on a great deal of the landscape - interactions of privacy, security, national differences, technology, judicial systems, legislation, etc. Yet still present a powerful point of view and specific positions.

Is anyone aware of a place where this - the GDPR as a whole or the introduction - is collaboratively commented? I would love to know of it.

http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

On Sun, Aug 7, 2016 at 6:47 AM, John Wunderlich <john@wunderlich.ca> wrote:
Nice summary

http://www.dataprotectionreport.com/2016/08/article-29-working-party-releases-opinion-on-the-revision-of-the-eprivacy-directive/

John Wunderlich,

Sent frum a mobile device,
Pleez 4give speling erurz

"...a world of near-total surveillance and endless record-keeping is likely to be one with less liberty, less experimentation, and certainly far less joy..." A. Michael Froomkin

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

_______________________________________________
WG-InfoSharing mailing list
WG-InfoSharing@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-infosharing

--
@commonaccord

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

@commonaccord