GRC Viewpoint

eosedge Legal: It’s Time to Retire Privacy and Embrace Digital Identity


Cyberlaw Attorney | LLM, JD at eosedge Legal

Douglas DePeppe is a practicing cyberlaw and data privacy attorney who is also involved in sport data, NIL, cyber risk, and other cyberspace and blockchain initiatives. He was a cyberlaw advisor during a career in the US Army JAG Corps, later advised US-CERT with the US Department of Homeland Security, and served on the Lawyers Working Group as part of the White House 60-day Cyberspace Policy Review. He was also inducted into the cyber Information Sharing Hall of Fame in 2018. He has published a series of articles on the property rights of data owners on Medium.       

Web3 Plus Staking a Claim is a Better Model

The next reboot of the Internet will be the most transformative yet.  The opportunity to own and profit from owning your data represents a decentralization of control and power.  It is a democratization of the Internet.  And it is known as Web3.  However, it is critical to first stake a claim of ownership, an approach we’ve championed as Digital Identity Sovereignty™, to fully benefit from the changes to come.  Notwithstanding how data-as-property is designed into the Web3 architecture as a transaction-based system, property rights under the law require attentiveness and management.    

The thrust of this article is not to describe the attributes of the decentralized Internet. That has already been done by others, and in my prior writings, just follow the links from here. Instead, the point here is to cut through the white noise surrounding the “metaverse” so as to illustrate how tremendously transformative and empowering Web3 will be for data owners.  Ownership and monetization of data, enabled by Web3, is the central idea.  But nearly as important, Web3 needs to be appreciated for how it will enhance trust around privacy – because data owners will have an incentive to protect their data.       

Properly understanding the cybersecurity and empowerment dimensions of Web3 is especially important at this juncture to put a positive spin on the future at a time when distrust surrounding NFTs and crypto and the metaverse are tainting the popular perception.  All the hype arising from them has undercut the trust virtues of Web3.  Accordingly, this piece will refer to “Web3”, rather than “blockchain”, “crypto” or “the metaverse” to help positively characterize the looming transformation.  So, let’s first look at Web3 through a cybersecurity lens.         

Web3 using blockchain technology has the attributes of being decentralized, permissionless, and trustless.  Some background reading about these features can be found here.  It also includes encryption, traceability – great cybersecurity features; but, perhaps the most exciting is the ability to own one’s personal data!  Here is a use case illustrating these characteristics.  By disintermediating the big Silicon Valley Web2.0 platforms (e.g., Facebook, now Meta), users can interact (or interconnect) with other users to exchange data, including personal data, without creating a separate profile on a third-party’s platform.  All the separate profiles on other’s platforms, under Web2.0, enable the platforms to monetize the data while depriving financial benefit for the data provider.  In Europe, controlling the data origination, at least for privacy data, is the central idea behind the General Data Privacy Regulation (GDPR).  Yet, even under GDPR, the data subject merely possesses certain legal rights concerning authorized uses of privacy data.  GDPR does not impose a mechanism for financial compensation over use of the originator’s data.  GDPR would become a stronger institution for protecting data privacy were data subjects owners of their data under property law.  

Here is another use case for illustration that involves the controversy around social media content and societal harms.  In the UK, there is the Online Safety Bill which seeks to address harms caused from unconstrained social media activity, among other fixes.  In the US, the Biden Administration seeks to remove the immunity afforded to social media companies under Section 230 of the Communication Decency Act.  Meanwhile, the US Court of Appeals for the 5th Circuit just upheld a Texas law which bars social media companies from removing certain social media posts based on the poster’s political beliefs.  There is a better way to solving online harms than through regulating content.  It is through Web3 data ownership, and particularly from users staking a claim of ownership.  

If all online users owned their digital identity and appropriately protected it by staking a claim, then there would be rights against transgressors and infringers of one’s property.  If, for example, a social media poster defamed another entity or improperly sullied that brand, a claim for redress would be available.  Hence, property ownership and Digital Identity Sovereignty™ (which includes claim staking), affords a less objectionable way to combat disinformation/misinformation because the individual possesses the incentive to protect brand or privacy interests.  

The foregoing use cases involve redress mechanisms AFTER a violation has occurred.  Advance planning is needed, however, to protect brand and privacy interests and to AVOID unauthorized uses of one’s property.  Perhaps the Name-Image-Likeness (NIL) craze in the US, aka Image Rights, presents the ideal scenario for Digital Identity Sovereignty™.  By its very nature, NIL data can incontrovertibly become a digital asset, and therefore property.  However, college athletes in the US, and players and athletes all around the world, are failing to protect their property rights when they fail to stake a claim of ownership.  Data flows all around the Web2.0 world, leading to counterfeiting and uncompensated uses of the athlete’s NIL.  As I noted previously, professional footballer Zlatan Ibrahimovic has famously called out his lack of compensation for corporate use of his NIL.  The time has arrived, alongside the rollout of Web3, for data ownership protected under property law to replace antiquated privacy-based notions involving government regulation of content and assets.  Cybersecurity will also be enhanced when users possess an incentive to protect data.       

In conclusion, Digital Identity Sovereignty™ as a concept is disassociated and disinterested in the debate about whether Bored Ape Yacht Club NFTs are simply a fad – indeed Web3 and Digital Identity Sovereignty™ need to be understood as important transformations that will solve a multitude of problems that have plagued Web2.0 cyberspace.