The end of personalinvasion.

How a technological alliance (and not a legal fight) can boost the data economy without eroding our privacy.

Image for post
Image for post
“Records of Everything, N. 0”, 2021 — A remix of Wikipedia’s definition of privacy.

Recent reports by the Norwegian Consumer Council¹ and the New York Times² evidenced that a part of the digital industry has dramatically given up to “personalinvasion”, the dark side of personalisation. This disturbing deployment is part of a bigger privacy problem which needs to be resolved quickly, to avoid a massive destruction of privacy and trust in the digital space and to prevent the collapse of digital citizenship.

The situation is critical: the digital advertising industry is under the lens; some say that “the Internet is broken”, others say “#quitFacebook!”… data brokers claim they can take our fair share of wealth back and big platforms are transforming… but into what? Apparently, every solution on the table suggests a sort of rebellion against a system that doesn’t represent us anymore.

☞ But what if there was another option? What if there was a solution based on a technological alliance between consumers, business, big platforms and policy makers instead of a legal fight?

☞ Business, and especially big platforms, have the unprecedented opportunity to flip the model of data processing and make “algorithms go to data, not viceversa”³, delivering value to consumers by leaving personal data in their safe hands. To do this, they should make data ownership actionable within their platforms, unlocking an equally intensive participation to the data economy, but with renewed analytical awareness and control over privacy.

The result will be a win-win scenario, where today’s world data will not be destroyed by splits and locks, but where data will become more responsibly, sustainably and efficiently available at scale for business as value transformer.

Multiple and simultaneous allocations of data through code execution will move within the thresholds programmatically set by consumers, who will finally be able to protect their privacy without a trade-off with their digital capabilities.

Through rules and incentives, policy makers will have the pivotal role of making the benefits of data incremental, by stimulating anti-rival behaviours, by enabling positive feedback loops and by promoting the creation of positive externalities for society.

This might lead to the end of “personalinvasion” and to the flourishing of a new sustainable data economy, one of the founding layers of digital citizenship.

Image for post
Image for post

The idea that our digital life have to play on a pervasive and highly performing data gathering stage, engineered to trade our personal data without our clear understanding, is increasingly under pressure. At the same time, despite consumers progressively making privacy the new P of the marketing mix, a change is still far from happening. Is the Internet broken? Maybe yes, but it doesn’t mean it cannot be fixed. Tim Berners-Lee⁴ said:

Against the backdrop of news stories about how the web is misused, it’s understandable that many people feel afraid and unsure if the web is really a force for good. But given how much the web has changed in the past 30 years, it would be defeatist and unimaginative to assume that the web as we know it can’t be changed for the better in the next 30.

Changing for the better is necessary, but it’s also clear that such an enormous change cannot be turned on with a single switch. Who’s in charge of the first move: consumers, business or policy makers? Could it be an heterogeneous group of visionary forerunners?

And while this piece is in progress, Google Chrome has detailed⁵ its plans for “improving privacy and security on the web”⁶ and, more specifically, for introducing new controls for cookies and for protecting against fingerprinting. This is part of a broader initiative⁷, announced on May 2009. Justin Schuh, Director at Chrome Engineering, said⁸:

Technology that publishers and advertisers use to make advertising even more relevant to people is now being used far beyond its original design intent — to a point where some data practices don’t match up to user expectations for privacy.

Well said. The Internet is rising again.

Image for post
Image for post

Within all the possible consumer choices, abandoning digital services won’t probably be the ideal fix. By giving up on digital services or by shutting down our social media accounts we will certainly lose capabilities, while not dramatically improving our privacy. One ideal example of this paradoxical situation is browsing the web: we can be logged out or even have no account and still be tracked in a pseudo-anonymous way⁹, with practical no ownership and zero privacy.

Buying online or simply carrying a phone are other powerful digital behaviours that leave a bold mark which can be traced back to us. There’s a huge difference between not being tracked and being anonymous, because truly anonymous data is a chimera¹⁰.

When our data is “pseudonymised” -i.e. made anonymous within a limited context¹¹-, if the context is sufficiently large and the pseudonymisation technology a standard, our anonymised profiles obtained by federating data through the same id can be extremely rich and, for this reason, also easily linkable to real identities. This is because profiling techniques are very powerful, so powerful that sometimes we feel like someone is spying on us.

Have we ever been worried about apps listening through our smartphone’s microphone? Well, in the most common cases nobody is listening¹² ¹³ ¹⁴, but the effectiveness of profiling is the same as if someone did.

Participating to the digital economy means acting in the digital space and frequently leaving a footprint that can be linked to hundreds of other digital and physical footprints, all technologically associated to the same fingerprint. The only way to avoid footprints is to disconnect completely, at 100%, which is an option opening other side effects that might be hard to accept.

Image for post
Image for post

Let’s make a provocative point here: did we really had more than one option for preserving our privacy? According to a recent report¹⁵, 82% of Americans feel as if they have little to none control over who can access their (1) physical location data, (2) posts and activities on social media, (3) private conversations online and text messages, (4) purchases made online, (5) website visited and (6) terms they use to search online. Practically everything.

But why do many of this 82% have signed up to (and still use every day) all sorts of digital services available if they are concerned about their privacy? It’s the privacy paradox¹⁶, a behaviour known since 2001, occurring when “people have great privacy concerns but they don’t act accordingly”¹⁷. We thought that this was a thing of the past, but a closer look reveals it’s still a popular idle behaviour. And this has practical consequences. “General privacy concerns or individual disclosure concerns do not have a significant influence on the price valuation of personal information”¹⁸.

We say that we value our data, but we are apparently unable to give it a significant value. We read an increasing number of articles saying that privacy is under attack, but our alarm do not turn into action. Why?

☞ Because we are getting used to. We have learned to accept it. The alternatives are unattractive. We are part of a society of mass subscription whose marketing weapons have been gentle words like convenience, ubiquity and smartness. The privacy paradox have shown us that we’ve been unable to defend ourselves against these weapons. We have accepted the bundle. Practically everybody have accepted the same of us.

Image for post
Image for post

Business is making a lot of money out of our personal data and, not surprisingly, one main complain referred to the data economy is the uneven distribution of wealth.

Data brokers claim they hold a solution, but their promise of fair share for us will probably never work at scale¹⁹. The reason of this skepticism? Whenever our data is gone… it’s gone!²⁰ Forever. It would then be the fuel for many value creations beyond our awareness and, consequently, with no fair share waiting for us. But the problem is not in the fair or unfair shares of wealth created through data.

☞ Data, as a non-rival²¹ good, is the perfect raw material for the digital economy but also something to be handled with care and intention. If our data is shared, i.e. “transferred in clear, then copied and stored in somebody else’s system”, and if this system processing the data acts as a black box loosely described by a privacy policy, how can we know how much value is created through our data? How could we seriously claim a fair share of it? How could others do it for us? But most importantly: how could we stop the algorithm A to work on our data, while still benefiting from algorithm B?

The challenge here is to define how non-rivalry of data is put into action, which includes how the wealth resulting from data processing is distributed, but it’s much more than that.

Image for post
Image for post

Policy makers can drive a profound change, but setting up regulations for the digital space is not an easy task. Laws are rapidly improving in both the USA and the EU, but is the sense of protection that GDPR and CCPA are injecting in the system lowering -instead of improving- the sense of urgency for a powerful technological solution?

Legal enforcement is a strong help for consumer privacy, but it only allows to control what happens on the surface of the info-sphere. We still have no granular and real time control over what happens to our data. We don’t know which information is used by which specific algorithm and when. We don’t know the purpose of the hundreds, maybe thousands, of algorithms that process our data every day.

Our digital twin are continuously and efficiently chased, sampled, shared and recombined by black boxes, some of which we will never know the existence of.

Regulations still don’t address the technological layer of the problem: data is processed by code and protocol, while consumer rights are regulated by paper, policies and laws which are slow to act and react. Data processing takes place thousands of times per seconds, while data protection runs at the speed of humans. This is an unfair challenge.

We still don’t have data ownership. Legal enforcement of rights isn’t control. We need regulations acting through code and protocol, we need regulations to be executed in runtime, not on paper.

Image for post
Image for post

Straight from the words of Jones and Tonetti, associate professors of economics at the Stanford Graduate School of Business²³ ²⁴:

(…) when firms own data, they may overuse it and not adequately respect consumer privacy. But another important consideration arises from the non-rivalry of data. Because data is infinitely usable, there are large social gains to allocations in which the same data is used by multiple firms simultaneously.

(…) Yet when firms own such data, they may be reluctant to sell it because of concerns over creative destruction.

(…) the welfare costs arising from limits to using non-rival data can be large. Government restrictions that, out of a concern for privacy, outlaw selling data entirely may be particularly harmful. Instead, our analysis indicates that giving data property rights to consumers can lead to allocations that are close to optimal. Consumers balance their concerns for privacy against the economic gains that come from selling data to all interested parties.

Because the impact of undiscriminated use of data is potentially catastrophic, the crucial point is how to unlock the power of personal data as non-rival good while preventing consumers to lose control over their privacy. As Floridi said²⁵:

(…) my data and my memories are more like my hand, my liver, my lungs, my heart. It’s not that they’re mine as I own them: they are mine because they constitute me.

(…) by making a copy of my data (you are) not taking away those data, but there’s something about cloning here and being intrusive there that has nothing to do with trespassing, but more like kidnapping.

We all probably agree that our prosperity in the digital economy should not lead us to the kidnapping of our selves, right? It seems that, for the utility of both business and consumers, the ultimate goal of data is to go beyond non-rivalry and achieve the so-called “anti-rivalry”²⁶, which implies that multiple and simultaneous use of data could be, as Lessig said referring to software, not just not harmful, but beneficial²⁷. In other words: the opportunity is to start, feed, protect and extend a “positive feedback loop” as described with an abstraction by Weber and Nicholas²⁸:

(…) users in country X send ‘raw’ data to machine-learning companies in country Y as they use digital products. Those companies use the ‘imported’ data as inputs to their systems that, in turn, create higher value-added data products. (…) These value-added data products are then exported from companies in country Y back to users in country X.

Moving the metaphor forward: consumer X authorises the business Y to process his/her personal data in exchange of the service A. Y, according to the agreement with X, shares data with another entity K, creating and distributing another new value B. If the agreement between all parties is respected and takes into account both privacy and profit, then the circulation of the personal data of X has produced more value through multiple allocations. If anti-rival use of data is programmatically enabled by code and protocol, the system can scale beyond the limits of human capabilities.

☞ The foundation of anti-rivalry is trust, the kind of trust which allows to remove locks and limitations in favour of a programmatic circulation of data with no privacy erosion. If there’s the firm belief that the optimal trade-off between privacy and wealth is ensured, consumers and business might chose to leave rivalry behind. But when privacy is compromised, trust is broken and rivalry comes back to defend it. When profitability is compromised, rivalry comes back to defend it.

To avoid that business and consumers slip into rivalry, even when scale makes impossible to know each other, trust can be deployed through a neutral technological middleware ensuring trust between untrusted parties. There should not be any doubt about what is permitted and forbidden. Allocations of algorithms to data (not viceversa) should be operated by machines at speed and scale, within the limits set by contracts described with code and protocol. There should not be any process running stealth, everything should be authorised or forbidden by a protocol or code rule, as it happens when networking is mediated by a firewall. We need a trust deployed through code and protocol to maximise -not limit- the value of data.

Code is law²⁹. Protocol is the new trust.

Image for post
Image for post

Consumers need to set specific trade-offs between privacy and value for each service they subscribe and every preference should be defined by executable parameters, not by a policy. Society, as the combination of all individual choices, need to maximise the use of data for creating and distributing value at scale, in respect of consumer privacy and with an anti-rival approach. These two goals may be adversarial and complex to manage for the majority of people, but good design and generous setup bundles could bring it to critical mass.

Like “executable agents”, consumers (read: data owners) will interact with value creators through an open protocol acting as a trusted middleware, in which their “elabo-relations” are designed so that algorithms go to data, not viceversa¹³. Through this framework, consumers will be able to find and subscribe services in the form of “code-contracts” -agreements written in the language of machines- whose granular execution will be transparently and automatically authorised if trust, as a dynamic parameter associated to the vector [consumer; service provider; contract] is higher than a predetermined threshold.

When executions are authorised, data never leaves the space trusted by the data owner. This “trusted space” could be a personal data pod in the cloud (i.e. Solid), a sandboxed middleware within an app, in the data owner’s mobile device, in the mobile device itself or even in an encrypted deployment in the service provider’s digital space. If properly designed, everything could be a trusted space.

When executions are blocked, algorithms simply aren’t executed because the trusted middleware is a neutral space governed by the protocol executed by both parties. The physical or logical location of the middleware executing protocol and code is irrelevant.

Once this is achieved, the availability of data will be intrinsically dependent on the dynamic trust between parties, incorporating -among others- the value offered by the service provider and its associated costs, whatever their form (money, data, behaviours, etc…).

Assuming (and not affirming) that business is generally unlikely to self-determine a balanced trade-off between corporate revenues and consumer privacy, this model enables business to purse the maximisation of its tangible and intangible profits with a high degree of freedom. This is because business do not have to determine the boundaries of its action in terms of impact on user privacy: consumers will!

The “return on data” is an individual decision, for both business and consumers. Policy makers cannot be neither radically permissive nor radically restrictive, because none of these two approaches leads to an optimum.

Can society leverage on its own the non-rivalry of data to maximise value creation and positive externalities at scale? Non-rivalry, and especially anti-rivalry, is a super-power that needs to be used for good, but how do we decide what is good? Giving one general answer to this question might be difficult, but it becomes unnecessary if everyone has the possibility to answer individually.

If business holds programmatic control over data (this happens when the elabo-relation is regulated by a policy), users have limited awareness and almost no granular authorisation over data processing. In case of need, enforcing rights might take consumers a long time and be almost ineffective in balancing the situation toward privacy. If business goes evil, the reaction of consumers won’t balance the system quickly and privacy could be at risk.

If consumers hold control over data (the kind of control given by code and protocol), business could maximise value-creation on top of a layer of privacy pre-determined by consumers, individually or collectively. Should business abuse data, consumers could balance the system rapidly and effectively by withdrawing authorisation (because they have the technological capability to do it with no latency)

These principles are general and can be deployed into a wide range of different technical solutions. But it’s important to say that nothing here is too difficult. Nothing here is too expensive. If business, whatever the size, decides to invest in data ownership for users, the bet is that users will respond with participation, engagement and trust. And with data.

Image for post
Image for post
  1. No one can change the digital economy alone.
  2. Big platforms hold an immense amount of data, which represents an invaluable potential for both of us individually and for society at large; we have to imagine their technological capabilities to be tuned with our goals; before claiming their breakup or before asking for heavy limitations over the circulation of data, we should try to build an alliance for good; this is a hope, not a goal.
  3. The Internet is 30 years old: maybe we can start from here instead of starting from scratch; there’s a rich know-how and a long experience to be re-invested for good;
  4. All the technology we need to build an alliance is already available; this is not about new encryption methods or other tricky stuff: the most important switch we have to do, both consumers and business, is in the way we handle data; we need a new approach, more open and genuine, without falling again into the privacy paradox;
  5. Players like Apple and Google (just to cite two) have already started their transformation toward a new privacy-committed role, but with consumers participation they would probably go faster and further;
  6. Seriously… why not? :-)


Riccardo is Beretta’s Digital Business Development Manager. Graduated in Engineering, he has served in various marketing roles before focusing on business transformation and digital platforms since 2016. In the last decade, he has developed a personal interest in exploring the potential of computational privacy/trust towards a more effective and sustainable data driven society. With the aim of contributing to a wide and open conversation about MIT’s OPAL project, he published “The end of Personalinvasion” (2019) and “OPAL and Code-Contract: a model of responsible and efficient data ownership for citizens and business” (2018). He is a member of the advisory board of “Quota 8000 — Service Innovation Hub” at TEH Ambrosetti. Since 2000 he experiments with digital art as an independent researcher. Some of his projects have been acquired from the permanent ArtBase collection of — NY (2002) and exhibited at the Montreal Biennial of Contemporary Art (2004), as well as at Interface Monthly (London, 2016, by The Trampery and Barbican). In 2015, he released FAC3, one of the first artworks in the world to use artificial intelligence. He is married and father of two. Want to drop a line? → riccardo [d ot) zanardelli {at} gmail [ do t} com

[1] Out of control: how consumers are exploited by the online advertising industry.

[2] The Privacy Project.

[3] Hardjono and Pentland, “Open Algorithms for Identity Federation”.


[5] Building a more private web: A path towards making third party cookies obsolete.


[7] Privacy that works for everyone.


[9] Facebook is tracking you online, even if you don’t have an account.

[10] ‘Anonymised’ data can never be totally anonymous, says study.

[11] Pseudonymisation and its use in profiling.

[12] Facebook’s Not Listening Through Your Phone. It Doesn’t Have To.

[13] No, Facebook Is Not Secretly Listening to You.

[14] Why It Feels Like Facebook Is Listening Through Your Mic.

[15] Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information.

[16] Studying the Internet Experience.

[17] The privacy paradox is a privacy dilemma.

[18] Unveiling consumer’s privacy paradox behaviour in an economic exchange.

[19] Selling your data is bad, is bad, come on, you know, is bad.

[20] Amber Baldet in:

[21] Rivalry (economics).


[23] Nonrivalry and the Economics of Data.

[24] How Much Is Your Private Data Worth — and Who Should Own It?

[25] On Personal Data, Forgiveness, and the Right to Be Forgotten.

[26] Anti-rival good.

[27] Do you floss?

[28] Data, Rivalry and Government Power: Machine Learning Is Changing Everything.

[29] Code is Law.

Illustrations by

Digital Platforms @ Beretta | Engineering | Privacy & Data Ownership | New Media Arts

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store