>> "We should work on making user privacy more private, not more portable."
> I don't understand this; can you explain?
handrous expressed my point better than me an hour ago [1] but I'll try to give an answer: I think we should focus on limiting data production / collection altogether rather than try to address data portability (re-using the term used in the first sentence of my parent comment).
I agree that we could do both (limiting data production and move data elsewhere / regulate its usage). But I'm not quite sure the problem (privacy) is solved by just moving the data out from its direct users, even as a first step. The data is still "out there" and it's a liability. Your "Amazon Data" can be compromised, receive government requests and pieces of data requested by a FAANG company might as well be forever at this FAANG company as far as your guarantees of privacy are concerned. I see pieces of data as "tainting" those who access them [3]: as soon as someone accesses them, you can't rely on them forgetting these pieces of data. These pieces of data are no longer things you can rely on them not having.
I can see that splitting Amazon in two parts "Amazon Data User" and "Amazon Data Provider" and forcing the former to pay the latter may disincentivize "Amazon Data User" to use your data too much, but it incentivizes "Amazon Data Provider" to sell it so I'm not quite sure where it leads. I also can't see "Amazon Data Provider" as working as an autonomous entity, so I'm not sure splitting quite makes sense.
To be honest, I fail to understand this solution, to be convinced that it may work. (I'm not dismissing your idea, I'm curious and want to understand more!)
edit: I'm all for some kind of HIPPA-like regulation as discussed in [2] however. Do you have an idea on how it would compare to the GDPR?
> "I can see that splitting Amazon in two parts "Amazon Data User" and "Amazon Data Provider" and forcing the former to pay the latter may disincentivize "Amazon Data User" to use your data too much, but it incentivizes "Amazon Data Provider" to sell it so I'm not quite sure where it leads. I also can't see "Amazon Data Provider" as working as an autonomous entity, so I'm not sure splitting quite makes sense."
Right now you have credit reporting companies (which are hardly a model of right-thinking behavior, btw), but don't they show that it's at least financially possible to split the data away from the data users (banks, lenders)?
So I don't think the money objection holds up. A bank right now might like to run ML on every credit card holder in the U.S., but that would either be impossible (Equifax just won't give it to them), or ruinously expensive. So Amazon Data User just won't be able to do all the analysis they do now, or at least they'll be more parsimonious about it.
Now, for the "taint" argument: rules like in legal discovery would have to apply. Amazon Data User has to swear that they don't have the data anymore, and we would rely on whistleblowers, subpoenas, and criminal penalties to enforce it. The fact that Jeff Bezos would go to jail ought to be enough incentive for Jeff to make sure it's gone.
> I don't understand this; can you explain?
handrous expressed my point better than me an hour ago [1] but I'll try to give an answer: I think we should focus on limiting data production / collection altogether rather than try to address data portability (re-using the term used in the first sentence of my parent comment).
I agree that we could do both (limiting data production and move data elsewhere / regulate its usage). But I'm not quite sure the problem (privacy) is solved by just moving the data out from its direct users, even as a first step. The data is still "out there" and it's a liability. Your "Amazon Data" can be compromised, receive government requests and pieces of data requested by a FAANG company might as well be forever at this FAANG company as far as your guarantees of privacy are concerned. I see pieces of data as "tainting" those who access them [3]: as soon as someone accesses them, you can't rely on them forgetting these pieces of data. These pieces of data are no longer things you can rely on them not having.
I can see that splitting Amazon in two parts "Amazon Data User" and "Amazon Data Provider" and forcing the former to pay the latter may disincentivize "Amazon Data User" to use your data too much, but it incentivizes "Amazon Data Provider" to sell it so I'm not quite sure where it leads. I also can't see "Amazon Data Provider" as working as an autonomous entity, so I'm not sure splitting quite makes sense.
To be honest, I fail to understand this solution, to be convinced that it may work. (I'm not dismissing your idea, I'm curious and want to understand more!)
edit: I'm all for some kind of HIPPA-like regulation as discussed in [2] however. Do you have an idea on how it would compare to the GDPR?
[1] https://news.ycombinator.com/item?id=28881937
[2] https://news.ycombinator.com/item?id=28882352
[3] not unlike people who have read the source code of Windows cannot contribute to Wine because they are "tainted" forever.