Decentralising Data Online

Our personal data is being abused & misused; from Cambridge Analytica to racially biased facial recognition tech. BUT - what if I told you there is a way we can control our data, instead of companies & governments? (Spoiler: there is!)

Here’s a rough outline of how things work right now: When you sign up to a web service, you will often provide some PII (Personally Identifiable Information) such as your name, home address, or some ‘linked’ PII (e.g. your IP address). This data is stored on a database managed by the organisation that provides the web service and can be used for any purpose declared in the terms & conditions that you technically agreed to when you signed up.

Unfortunately, you don’t always get to decide what data said organisation can keep. It’s all or nothing; if the terms allow sharing of your data to third parties, it’s not just the web service who’re using your data either. Over the last decade this storage and sharing of PII and linked PII has resulted in the proliferation of targeted advertising, data breaches and systemic misuse.

GDPR highlights some of more common uses of our data, but it does little to provide effective granular control over our data in practice. Thankfully, a better future for our personal data is possible with a decentralised approach. I’m not talking about COVID-19 contact-tracing apps here, though indeed this is an extremely relevant topic right now. Rather, I’m talking about a complete systemic overhaul of how the internet is used ‘under the hood’.

As I mentioned earlier, data is often stored on databases by the web services we use. This is a centralised approach; each web service has it’s own system for managing and controlling the data (or uses a third-party service to do so). A decentralised approach is different - instead of storing all user data in one place, the web service must request the data as and when needed from a specific user. This approach not only has vast benefits for data privacy, security and better control of our personal data, but it could actually simplify the development of many web services as less data would be stored on an internal database.

Tim Berners Lee, widely known as the inventor of the web, is leading a project called Solid The project aims to reform data usage online, in a decentralised approach where user data is stored in ‘pods’. These pods are like a personal, mini database where you can store your data. The project provides an API that software developers can use; instead of storing PII in a database, WebIDs are used which link to specific pods.

This is a fantastic concept - as you can block or accept requests for data stored in your pod(s) as you wish. Imagine Google, Amazon, Facebook and others used Solid instead of storing user data on their own databases. We need legal changes on the level of GDPR to prevent general webservices storing personal data and force them to adopt such a decentralised approach, whether that’s in the form of the Solid project or something similar.

The future of our personal data should be in our hands, not corporations or governments. There is no alternative for the future of the internet; we need a more decentralised internet now. Checkout

Written on June 26, 2020