Data privacy seems like a subject that has only recently received attention, but it has been a part of the internet from the beginning. Trust and privacy were central to the creation of the internet. Web 2.0 brought with it an explosion in the collection and use of user data with companies beginning to see the large value placed on it. As a result, both the US and Europe have slowly taken steps to protect users from bad practices. Web 3.0 may bring a totally new system for data privacy concerns but may also solve many of the problems we have today.
Brief History
In the early days of the World Wide Web, network speeds were slow, storage space was expensive, and webpages were only really built for displaying information as opposed to allowing interactions. In this environment, most websites did not collect as much user information and did not think of it as valuable in the way that it is thought about today, though people were still concerned about privacy. In 1973 a report called “Records, Computers, and the Rights of Citizens” was written, which now forms the basis for many of the privacy laws that we have today. Even back then researchers were beginning to see the value that could eventually be placed on user data.
Web 2.0 brought interactions, collaboration, social media platforms, and consolidation by the major players that we have today (Google, Facebook, etc.). These major players began collecting massive amount of information on user activity and also began to find lucrative ways to use that data. The value of user data has now trickled down to smaller players, resulting in user data being collected by most of the websites and mobile apps a user interacts with.
The United States and Europe
This increasing focus on user data has put pressure on governments to regulate these practices. Europe and the United States approach data privacy in very different ways. Europe’s General Data Protection Regulation (GDPR) takes an active role to ensure users data is handled safely and is not collected or used in excess. GDPR has specific rules about when data can be collected, what data can be collected, how long data can be saved, and how that data can be processed.
The United States generally relies more on self-regulation when it comes to data privacy and does not have as many broad, overarching laws. In the US there is a patchwork of regulations mostly targeting specific industries, such as financial data or medical records. There are also a number of different government agencies responsible for ensuring data privacy laws and guidelines are followed. In addition to all of this, each state in the US also has its own laws and even their own ways of defining what “personal information” even is. In general, most states have laws against collecting information on minors, for example, and many have also begun to pass new data privacy laws in the wake of the GDPR protections.
The self-regulation mechanism used most often in the United States at this time is notice and consent which is the driving force behind privacy policies. The privacy policy itself is the notice while the consent is obtained when websites ask if you accept their policies. The thinking behind this is users will read how a website collects and uses their data, for example, and will either conset and continue onto the website or not consent and leave the website. In this system websites with bad data policies would be avoided.
In practice, this is becoming an increasingly difficult and impractical burden on users. As web 2.0 has taken hold, more websites, mobile apps, plugins, AI, and IoT devices are collecting and processing users’ information than ever before. Something like an IoT device may not even have a way to provide notice and consent to a user while being forced to read and keep up-to-date on every website and mobile application’s privacy policy is unrealistic.
Enter Web 3.0
Today web 3.0 is mostly a collection of ideas about what the next generation of the internet could look like. Ideas being talked about include using blockchain or some other distributed ledger technology to provide distributed and decentralized authentication, among a long list of other things, making the system more resilient against hacking and network issues. Augmented, mixed, and virtual reality could play a big role in this new web, as opposed to the mostly text and 2D media that we have today. AR and VR content as well as billions of IoT sensors would be supported by 5G networks. Finally, each piece of web 3.0 would have an artificial intelligence component making the entire system able to learn and react.
Given that description of web 3.0, you can already begin to think about how data privacy might work in this new system. The important thing to remember is that web 2.0 will not be going away, similar to how there are still web 1.0 websites. Each new iteration of the web acts as a layer on top of the previous and the use of user data will most certainly carry forward in some way. However, things such as the blockchain and smart contracts have the potential to put users in full control of what data they allow companies to see. The secure and distributed nature of blockchain may make it possible to store user data securely while also not providing a centralized location for hackers to access all of your information.
The ideal scenario would be to use web 3.0 to solve the data privacy issues we have today while also building it from the start to protect user data in the future and give control back to the users. If this can be achieved users will no longer be forced to be the product and will have a choice about what they share.