r/europrivacy • u/KiwiPrestigious3044 • 5d ago
Europe Europeans should be allowed to trade personal data.Critics
The working paper published by Breugel starts with a title creating the idea of empowering individuals to control their own data and have a choice to trade data or do with it whatever they want. If you red further you soon understand that it means: Companies should be allowed to trade European personal data. The paper is correct on diagnosing the current problem in the market. When it comes to ideas or solutions the paper is as strong as the title; contradicting, privacy as luxury for the ones willing to pay turning the fundamental right to data protection into a commodity.
If you read it what are your thoughts on it?
Working paper published in issue 02/26 18-2-2026 (not mine) source for paper : https://www.bruegel.org/sites/default/files/2026-02/WP%2002%202026.pdf
2
u/Shoddy-Childhood-511 5d ago edited 5d ago
First, this bullshit argument has already "won" for now, in that EU ID allows companies to demand proofs of whatever PII they like, and the user merely clicks approve. So companies are free to trick or bully users into providing too much PII.
As for why this argument is bullshit..
People were always free to use their real names online, but they were equally free to lie when companies asked for too much. These guys want exclusion anyone who does not provide their real name.
We could allow some of that but it should always require authorisation by the DPA who issues the id card. In practice, this should mean auditors who get approved by multiple DPAs, so companies who want PII should submit to detailed audits of how they handle PII. Ireland should not be able to approve Meta for handling German residents PII.
As an aside, there are usually only a few operational pathways, so even if a company might be happy allowing more privacy then they'll typically be prevented from doing so: Dependencies like Google or Meta's SSO shall require PII. VCs want that personal data, since that's an asset they can sell off later. etc.
At a technical level, there are no technical means by which the users' could've individual control over their data. Afaik there are no designated verifier signatures in the EU ID spec, but even if they were added then the company would still hold the user's data in plaintext, and know its validity, and could convince buyers of its validity by other means like contracts.
In fact, we require that companies databases are polluted by fake PII, so that we've any hope of prosecuting them when they illegally sell PII.
2
3
u/Stilgar314 5d ago
There's a reason "irrenunciable rights" exist, and that reason is there're a ton of ways to pressure, force, or even fool, people into renouncing said right, that, in practice, the right doesn't apply. Those who are planning on abusing people by making them forget about their rights, tend to speak about a monster government cutting people's freedom to choose. It's what happens with universal healthcare in the states and I think it is happening here.
1
u/DrawOkCards 5d ago
RemindMe! 7 hours
1
u/RemindMeBot 5d ago
I will be messaging you in 7 hours on 2026-05-27 19:26:06 UTC to remind you of this link
CLICK THIS LINK to send a PM to also be reminded and to reduce spam.
Parent commenter can delete this message to hide from others.
Info Custom Your Reminders Feedback
11
u/Buntygurl 5d ago
The only privacy protection that makes any sense is to prevent one's own data being traded, at all, by anyone.