This book is a short, focused essay on data security and privacy. The author makes it clear that these are two separate matters that are often in conflict both in practice and in law. Each of the book’s three major sections emphasizes a different stage in the evolution of the conflict between data security and privacy for the individual source of the data.
The first part, “Before Data,” describes the situation before the widespread capture and use of individual data. I recall the days when student exam scores were posted by social security numbers(!) to protect the privacy of the individual. The main perceived threat was misuse by governmental bodies, although the technologies of the times made perceived threats low grade in comparison with today.
The second part discusses both the evolution of the technologies and the increased risks from widespread data harvesting, especially by the private sector (that is, Big Tech). The author shows the growth of the fissure between securing data and respecting privacy. Renieris is a lawyer, and she reviews the evolution of the framework of data protection laws and regulations in both the US and the European Union (EU). Her review also shows how privacy has been a low priority in the development of law whereas data security is emphasized. The principle factor is that data is an economic resource to those who have it and can monetize it, and this resource does not mean the individual.
The third part is a review of the contemporary situation that includes topics on the collection of data from individuals--via neural technologies, surveillance, the Internet of Things (IoT), and virtual reality. These are the technologies of the metaverse. Law and regulation have not kept up with technology. The last chapter is a call to reformulate the processes of collecting, archiving, and disseminating data on the basis of protecting privacy. She makes her argument based on a history of international statements, treaties, and declarations of human rights.
The legal history presented and analyzed in this book is a service to those not in the legal profession. It should be required reading by any member of any legislative body debating bills governing Big Tech, data security, and personal privacy. Any voter trying to evaluate the votes of his or her representative will find a good guide to understanding what the law has accomplished.