Tim Berners-Lee's Solid proposal: the future of data traffic?

Article
NL Law
The General Data Protection Regulation (GDPR) aims to strengthen the rights of individuals in respect of their personal data. Although this aim has been achieved to a certain extent, the fundamental framework of the way personal data is processed remains unchanged. Companies are still able to use large amounts of user data, in many cases without even obtaining their consent. Tim Berners-Lee, the inventor of the World Wide Web, has announced his plans for a decentralised web, in which users remain in control of their personal data.

"Vague, but exciting". That is what Berners-Lee’s boss, who at the time worked at the CERN particle accelerator in Switzerland, called his proposal for hyperlinks in the early nineties. These hyperlinks resulted in the birth of the World Wide Web. In 1990, Berners-Lee developed the first browser and editor called WorldWideWebb.app for the then NeXT computer, developed by Steve Jobs after leaving Apple.

Berners-Lee’s new idea is arguably just as exciting. The elder statesman of information technology is launching, in cooperation with MIT, a new initiative that aims to radically change the way Web applications work, resulting in ‘true data ownership’ by individuals. The open source project Solid essentially encompasses a central place where internet users can store their personal information and share it with others – at their own discretion. The idea behind Solid is to enable users to decide for themselves where their data will be stored and who can use it.

1. A 'safe' for personal data

Solid is intended to disrupt the current model of data ownership, whereby internet users get free access to services such as social media apps in exchange for their personal data. Personal data is invaluable to many web service companies, as it allows them to create an accurate profile of their individual users, which in turn makes them more attractive to advertisers and increases their ad revenues.

The solution offered by Solid is to store all personal data; from photos to address books, from comments on a website to kilometres walked and tracked by a fitness trackers.  All this data is stored in a personal Solid Pod, a kind of digital safe. Users can store this information in person or with a provider of their choice. The data owner can then give permission to companies such as Facebook to use the appropriate information in the user's Solid Pod, but this permission can also be withdrawn at any time. The data is only usable through an organization’s WebID which the user has given permission to.  “See Solid as a private website, with your own API,' Berners-Lee explains.

 Solid also aims to put an end to the universal login, whereby users use their Facebook or Google account to sign in to other services. Although this form of access can be highly convenient, it also means that obtaining someone's Facebook login can grant you access to all the other services they use with their Facebook login (e.g. Spotify, Strava, Instagram etc.). Berners-Lee thinks Solid functions as a necessary evil after, for instance, the recent Facebook scandals. “I have always believed that the web is there for everyone, which is why I want to protect it.”

2. Is the market willing to change?

The big question, of course, is whether companies like Google and Facebook will accept Solid, as radical changes would have to be made within their own systems to accommodate Solid users. They may also be wary of risks to their revenue streams, if Solid decreases the amount and types of personal data available to them. However, permitting a service like Solid may become a necessity for such companies in the near future, as internet users become more and more aware of the value of their personal data and the need for strong safeguards needed to keep it secure. The implementation of legislation such as the GDPR shows that governments are adapting to this shift, albeit slowly.  In addition, with Berners-Lee’s aim of a decentralised web, individuals can determine which services they use, how they interact with those services, and how and where their data will be stored. This decentralisation creates a market where there is no competitive advantage of data, thus levelling the playing field and increasing the opportunities for innovation.

3. Better than blockchain?

The idea of independent storage of personal data is certainly not new. In the Netherlands, Tim Geenen, of Faktor, has already developed the idea of storing personal data in the block chain. The consumer decides which of his profile data he shares with which company. However, the GDPR's at times rather absolute provisions means using a blockchain for such purposes could break the law. For instance, users have the right to correct - and in some circumstances erase - their data, which is generally not possible in a blockchain.  It is also hard to identify the data controller for a blockchain. Privacy advocates will therefore be curious to see if the system devised by Berners-Lee will be a more viable solution.  The initial signs, however, appear to be positive.