Revoking data access

I recently read TBL’s TIME magazine article on how SOLID would be helpful in the COVID use case. The big selling point is that one could grant critical private information in an emergency and then revoke it once the emergency passes.
I don’t see how this is possible according to the current specification. In an earlier discussion about copying data, the consensus appeared to be that there is no way to prevent an authorized application from copying data. But if they copy the data, then revoking permission amounts to trust that the application will stop using the data. That seems a bit optimistic.

2 Likes

Yes, I’m also curious. But I think you are right… once the data is copied, it is out of your control and it all hinges on trust. You may have a better legal position if you find that it is still being used after revocation (using the revocation as proof), but that only if you encounter it with the original party or direct known 3rd-parties.

1 Like

Welcome @cveres, great to see you here on the Solid forum.

The editors @justin @RubenVerborgh Sarven @kjetilk nd @codenamedmitri would be the best people to ask about the specification.

1 Like

I think it’s an important question how we can keep personal data safely. So here are some remarks from my side.

TL;DR: I think the issue of copying personal data won’t be solved technically, but with legally binding contracts and open source apps which can run locally. Solid should make both easier than it is currently.

Honestly I’m not sure what the big selling point should be, I see several small nuances that Solid could improve in this article (transparency, reusing data in different contexts, family-only, local-only, lower development effort). If you want to hear more about these feel free to ask, but it’s probably a bit off-topic to your original question.

Technically, I don’t think this can be prohibited. If the application can process the data in an unencrypted form it can copy it to any server it wants to. But there are also other non-technical aspects to consider.

As already pointed out by @aschrijver , the law could play an important factor in this case.
Maybe there will be a Solid-Fair-Copy standardized clause, which will allow storage of personal data on other servers, but requires the company to have a “Forget me” endpoint which could automatically be invoked on revoking access. So when I stop sharing my health information they are legally bound to delete my data.

While the GDPR provides similar rights already, Solid could make it much more user friendly to make use of these rights. Every data processor could describe with linked data in their profile, how users can opt-out of the processing. This could allow automatic opt-outs with a good UI.

On a more social note, Solid makes the act of sharing data much more transparent which also raises the awareness of the users. My guess is, that this in turn will lead to higher expectations on privacy and therefore better privacy policies by companies. That could lead companies to adopt standardized “Solid-Fair-Copy” statements or opt-out procedures.

And I also want to mention, that in many cases the app could work without sending any data to other servers than the Pod. So when running the app, it only communicates between your device and the Pod provider. For instance, an open source application hosted on github pages could use my health data to warn me if something looks odd, and tell me that I should go to a doctor with this. No requests to other servers would be needed for this app and transparency and trust would be given as it is open source and publicly hosted.

5 Likes

Thanks, nice elaboration.

(PS, small thing: note that GH Pages is not a good example, as we don’t know what logging, analytics GH / MS is running there)

1 Like

My point was about data which is hosted on the Pod, and I think that GH pages makes a good well-known example for that. You could setup Github actions to make automatic builds from the source code and then publish it on GH pages. Assuming that Github serves an exact copy of this build and doesn’t actively change the hosted code, only the local app will have access to data on the pod.

Of course GH can log the requests in the meantime, but it definitely has no access to personal data from the Pod. Regarding analytics you can take a look at their privacy policy to see what they (at least claim) to collect:

If you create a GitHub Pages website, it is your responsibility to post a privacy statement that accurately describes how you collect, use, and share personal information and other visitor information, and how you comply with applicable data privacy laws, rules, and regulations. Please note that GitHub may collect User Personal Information from visitors to your GitHub Pages website, including logs of visitor IP addresses, to comply with legal obligations, and to maintain the security and integrity of the Website and the Service.

1 Like