Social identity

Social identity is becoming all the buzz today. But for me this is just another form of single signon using social media, e.g. Facebook as the linking identity.

This does not address the need for respect of personal privacy. It does not empower the identity holder. It is not scalable to 6bn people worldwide. Check my previous post for more on this.

Virtual RIP

New business is booming in the virtual online worlds, with new needs surfacing as the needs of the physical world are found to be lacking online in the virtual world. One of these is a demand for a third party to take care of a person’s online identity and reputation after they have died. There is a new start-up for example in Sweden called “webwill” that are specialised in cleaning up after death. Even though clearly this type of effort could be done by some person near and dear to the deceased, by using an objective third-party, one can leave effectively a ‘will’ on how one would be seen by their children, grand-children etc., in their online persona after they have moved on to the other not so physical or virtual world 🙂

Webwill offer you the opportunity to take control of your life after you die. So think about this, check it out, it is quite interesting. Website is in both Swedish and English.

Glad födelsdag – Happy Birthday – for your Swedish ID#

I was surprised when taking a coffee with one of my colleagues in the office. She received an SMS thanks from another of our colleagues her for the birthday greeting. When I asked her, how did she know, she said she found it online at http://www.birthday.se/kontakta-oss/Default.aspx. She then told me when my birthday was and even a map to where I lived (although they did get this wrong). Nevertheless surprise became horror. I had already removed my details from www.hitta.se only to find myself at another site. So I checked with a previous colleague of mine (Martin Da Fonseca) that studied security law in Sweden if this was in fact legal? And this was his response.

“It is legal. The service provided by Upplysning.se is regulated in Kreditupplysningslagen (credit information legislation) (1973:1173).

I believe the service provided by birthday.se is using (or exploiting) the fact that this information is considered “public information” (allmän handling), because it is stored at a goverment agency. As part of Tryckfrihetsförordningen (“freedom of press”, sort of) (1949:105) 2:1 it says that every Swedish citizen shall have the right to access to public documents. All documented information that a goverment agency has is to be considered public. This is also regulated by Sekretesslagen (official secrets legislation) (1980:100), which states when information is to be considered secret and not part of public documentation. Personuppgiftslagen (1998:204) is also in effect here; it is applied on the actual agencies storing the information. And perhaps to some extent on companies like Birthday.se, depending on what they do with the information (if they store it).”

Should I really be surprised? Not really, as mentioned it’s not the first time in Sweden I’ve needed to remove my personal information from some public register. And getting it removed is a pain, many phone calls, and then like magic it pops up again a year or two later! I believe that this is in direct contravention of the EU directive on Data Privacy. Am I wrong here? Surely I must be? Although Sweden is quite ‘transparent’ in how it operates, there there is much trust between the government and its citizens that makes Sweden quite unique. Transparency is a part of the EU directive, although we should give our consent to sharing personal data. Maybe i have done this automatically by becoming a resident of Sweden. The personal ID is not compulsory in Sweden but its just about imposssible to operate without it. Just try taking out a prescription at the chemist without this ID, you can when they realise that they have no choice, like what happened when I lost my ID, but it takes time and is very annoying if you end up with someone that insists on following the rules. This ID is shared everywhere and is really easy to get hold of. It is composed of date-of-birth (which you can find on www.birthday.se) yymmdd-xxxx and four digits, that are even if you are female and odd if you are mail.

There are cases in the U.S. whereby the addresses of car drivers were public until some celebrity was murdered due to the availability of this information. This is evidence that placing this type of information in public domain is dangerous! Does this mean that Sweden has worse data privacy for their citizens than what is found in the U.S.? Is this possible for a country of the EU?