How much control do we have over our data?

Digital traces are created in different ways, and this affects how much control we have over them.

Last Updated: 20 Oct 2016

Once digital traces are created and transmitted, they leave our immediate control and generally land up in the hands of others, stored on servers that don't easily forget.

Not all digital traces are equal, however. How much control we have over a digital trace depends on how the trace was created, and where it is stored.  

Six types of data = six levels of control

In his book Data and Goliath, Bruce Schneier outlines six different types of data (digital traces), based on the different ways in which they are created.  Looking at these in more detail can help us understand how much control we have over traces, where we can take control or which ones are out of our hands.

SERVICE DATA is information you provide in order to receive a service. Service data can include your legal name, your age, the country you live in and your credit card number. 

For example, to get a sim card for your phone, in many countries you need to provide your mobile phone provider with both your passport and bank details.

DISCLOSED DATA is content like photos, messages and comments that we post on a webpage, blog or website we own and host. Here we can decide what is shared and for how long; as well as who else can have access to the infrastructure and the content itself.

ENTRUSTED DATA is data that we post on a platform we do not control. As such, someone else can decide what happens to that data.

For example, we do not control the commercial platforms like Facebook and Twitter, yet millions of people post content on it. We can decide whether we will post things on these platforms but we can not control what the companies subsequently do with our traces.

INCIDENTAL DATA is data about us, shared by others. Think about being tagged in a picture on Facebook, mentioned in a tweet or quoted in a blog or an article. We did not create this data and we do not control the platform it's been posted on.  

Note: incidental data can also be shared by others without them realising it. For example, a friend might allow Whatsapp (owned by Facebook) or Google Maps (owned by Google) access to their phone's address book, which has your name, number and email address in it.

BEHAVIORAL DATA is created when we interact with our computer or mobile phone. This kind of data gives insight in what we do, with whom, how often and where.  

The moment you turn on your mobile phone, it starts creating data traces about you. Where you are, who you are talking to, when and for how long, where you are and where you go, and even what time you wake up and go to sleep. Read more about mobile phone tracking here.

DERIVED DATA is data about us that is inferred from other data. Data brokering companies create group profiles on the basis of shared characteristics, based on social media networks, location data and/or browsing behaviour. Our individual profiles can get tied to one or more group profiles, binding the group characteristics (data traces) to us. We have no control on what group profiles we belong to, nor what inferred data traces are created.  

For example: let's take a fictional person, Renata. Renata lives in Rio de Jenairo, and spends most weekdays studying at the Universidad Federal. Her phone reports her location from there. On Friday and Saturday night, however, her phone reports back from the area Santa Teresa until around 4am, before returning to the location where it normally 'sleeps' (Renata's home on Rue Bento Lisboa).  A data brokering company knows that many people who study at the Universidad Federal and go out in Santa Teresa also browse for vegetarian recipes and search for the latest rock concert. Based on Renata's movements, the company decides that she fits the profile of this group and labels  her as a vegetarian rock-music fan.