I was struck by the headline of a recent post by Elizabeth M. Renieris. The headline read “Sensitive, says who”. I knew immediately she was talking about data and loved. It’s a great post, which I’d encourage you to read as it raises the question of who decides what is and isn’t sensitive data.
Now because Elizabeth is a brilliant lawyer, she talks about how many of our legal frameworks, including GDPR, try to define for us what is and isn’t sensitive data. I would say this is done with good intent and yet as Elizabeth points out, the notion of ‘pre-determined sensitivity is a relic of the past’. She goes on to argue “the biggest problem with all of these efforts is that they approach privacy from the wrong perspective. In a self-sovereign world —a world in which there is still a degree of human autonomy — only I (alone) can determine what data about me is “sensitive” or “non-sensitive.”
I am struck by how often we want to make decisions for other people. In my world of humanitarian aid, we do this all the time – we want to control how people affected by a disaster use the aid we give them. For instance, I regularly get asked, “If you give people cash instead of stuff, how do you know if they will use it appropriately?” Funnily enough, the definition of appropriately rarely get discussed, but it is assumed my definition is the same as yours. We need to ask – who is determining the definition – is it the person affected by the disaster or you?
Whether we are working we data or aid, at minimum we need those who are affected by our decisions involved in the defining the terms and ideally they should be the ones deciding, not the rest of us.