Data rights are civic rights: a participatory framework for GDPR in the US?

Elena Souris and Hollie Russon Gilman at Vox: “…While online rights are coming into question, it’s worth considering how those will overlap with offline rights and civic engagement.

The two may initially seem completely separate, but democracy itself depends on information and communication, and a balance of privacy (secret ballot) and transparency. As communication moves almost entirely to networked online technology platforms, the governance questions surrounding data and privacy have far-reaching civic and political implications for how people interact with all aspects of their lives, from commerce and government services to their friends, families, and communities. That is why we need a conversation about data protections, empowering users with their own information, and transparency — ultimately, data rights are now civic rights…

What could a golden mean in the US look like? Is it possible to take principles of the GDPR and apply a more community based, citizen-centric approach across states and localities in the United States? Could a US version of the GDPR be designed in a way that included public participation? Perhaps there could be an ongoing participatory role? Most of all, the questions underpinning data regulation need to serve as an impetus for an honest conversation about equity across digital access, digital literacy, and now digital privacy.

Across the country, we’re already seeing successful experiments with a more citizen-inclusive democracy, with localities and cities rising as engines of American re-innovationand laboratories of participatory democracy. Thanks to our federalist system, states are already paving the way for greater electoral reform, from public financing of campaigns to experiments with structures such as ranked-choice voting.

In these local federalist experiments, civic participation is slowly becoming a crucial tool. Innovations from participatory budgeting to interactive policy co-production sessions are giving people in communities a direct say in public policies. For example, the Rural Climate Dialogues in Minnesota empower rural residents to impact policy on long-term climate mitigation. Bowling Green, Kentucky, recently used the online deliberation platform Polisto identify common policy areas for consensus building. Scholars have been writing about various potential participatory models for our digital lives as well, including civic trusts.

Can we take these principles and begin a serious conversation for how to translate the best privacy practices, tools, and methods to ensure that people’s valuable online and offline resources — including their trust, attention span, and vital information — are also protected and honored? Since the people are a primary stakeholder in the conversation about civic data and data privacy, they should have a seat at the table.

Including citizens and residents in these conversations could have a big policy impact. First, working toward a participatory governance framework for civic data would enable people to understand the value of their data in the open market. Second, it would provide greater transparency to the value of networks — an individual’s social graph, a valuable asset, which, until now, people are generating in aggregate without anything in return. Third, it could amplify concerns of more vulnerable data users, including elderly or tech-illiterate citizens — and even refugees and international migrants, as Andrew Young and Stefaan Verhulst recently argued in the Stanford Social Innovation Review.

There are already templates and road maps for responsible data, but talking to those users themselves with a participatory governance approach could make them even more effective. Finally, citizens can help answer tough questions about what we value and when and how we need to make ethical choices with data.

Because data-collecting organizations will have to comply abroad soon, the GDPR is a good opportunity for the American social sector to consider data rights as civic rights and incorporate a participatory process to meet this challenge. Instead of simply assuming regulatory agencies will pave the way, a more participatory data framework could foster an ongoing process of civic empowerment and make the outcome more effective. It’s too soon to know the precise forms or mechanisms new data regulation should take. Instead of a rigid, predetermined format, the process needs to be community-driven by design — ensuring traditionally marginalized communities are front and center in this conversation, not only the elites who already hold the microphone.

It won’t be easy. Building a participatory governance structure for civic data will require empathy, compromise, and potentially challenging the preconceived relationship between people, institutions, and their information. The interplay between our online and offline selves is a continuous process of learning error. But if we simply replicate the top-down structures of the past, we can’t evolve toward a truly empowered digital democratic future. Instead, let’s use the GDPR as an opening in the United States for advancing the principles of a more transparent and participatory democracy….(More)”.