data sovereignty - Tending An Unquiet Mind

**Data sovereignty** is an evolving paradigm for the Internet that users should have full [[Agency]] and ownership over the data they produce through their online activity. Currently, almost every online platform collects and hosts data on user behavior as part of their services. In this model, users have little influence or consent in how the data is used, shared, or stored, including its security. Data sovereignty proposes an alternative in which users own and store their data, and service providers must disclose how data is used and request access to it for those purposes. Data sovereignty is related to but distinct from [digital ownership](https://www.citationneeded.news/we-need-to-talk-about-digital-ownership/). Ownership typically refers to the agency a person has over items in their possession. Digital technology has complicated the term, creating conflict between creators, consumers, and the platforms that host both. Consumers expect access, availability, and resale rights when they purchase a digital product. Creators are entitled to copyrights, licensing, sellability, portability, and destructability rights to their work. Meanwhile platforms need an incentive to host content and be compensated for the providing the infrastructure that brings consumers and creators together. The 21st century model for this is that platforms own the data they host. The central issue with technocratic data management is that data *about* a user does not *belong* to the user. A platform retains all the rights associated with that data including knowledge, consent, access, limitation of use, destructibility, and sellability. The end user of a platform has no agency on how such data is used. In this environment, data has the potential to become [a toxic asset](https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html). The data sovereignty model is part of the ethos of the [[The Semantic Web|semantic web]] in storage applications such as [the Solid project](https://oceanprotocol.com/), as well as blockchain technologies such as [Ocean Protocol](https://oceanprotocol.com/). ### Principles - [Files First](https://stephango.com/file-over-app): The content a user creates is fully within their possession and control. When users don't own their files they run the risk of [having their life's work deleted](https://www.techdirt.com/2023/12/12/google-promises-unlimited-cloud-storage-then-cancels-plan-then-tells-journalist-his-lifes-work-will-be-deleted-without-enough-time-to-transfer-the-data/). The file is the basic unit of any computing system and applications should respond to basic data types (such as `.txt`) rather than forcing users to adapt to a proprietary format. An app merely facilitates discoverability and publishing. Files first allows the user to return to the analogue of [a paper notebook](https://mariusmasalar.me/plaintext-markup-languages-the-why-5c261ede5ff9/) when software outlives its trend. Simple formats [such as plaintext are portable, reliable, flexible, compatible, independent, and durable](https://sive.rs/plaintext). - [[Local First computing]] - [Protocols, Not Platforms](https://knightcolumbia.org/content/protocols-not-platforms-a-technological-approach-to-free-speech) ## Thoughts Web 3 is the **interdependent** web. Decentralization improves diversity. Diversification of services improves competition, the prime driver of the free market. **Music** A platform hosts a music library. The listener defines their preferences. Simplest relationship. The users profile *belongs* to the user, hosted on their device or POD service. The user grants access to their profile. The profile includes a digital identifier (DID). The profile includes the users playlists, likes, etc. More complex, the user defines the recommendation algorithm. Their subscription could include the platforms, or they can purchase their own on a marketplace. This is also included in the profile. This profile can be shared with other platforms using the same protocol or API. Ex: a user creates a playlist on Spotify then plays it on an AMI jukebox. Privacy between platforms isn’t an issue because the user dictates how much information they share via the DID. Storage isn’t an issue because the service connects to a profile, it doesn’t keep user data in its system. Money is in a small connection fee for one-time or periodic use. A subscription fee for regular connections. Additionally, a platform may collect and anonymize data for resale. Security and encryption are biggest hurdles. How to ensure a service doesn’t scrape more data than authorized. How to ensure a DID profile isn’t hacked. Does the DID hold info of value? Only as a means to perpetuate fraud. %% ## Notes