King John was a bad ‘un, ruling in his brother Richard’s absence like the entire country was his plaything. When he signed the Magna Carta in 1215 together with two dozen of his barons, what really set the Magna Carta rolling was that the ruling classes, as they were at the time, had had enough of his shenanigans. Simply put, absolute power cannot be absolute for ever, a theme that has repeated ever since.
Nobody (save for the sake of debate) would question the influence the sheet of ink-coated parchment, or its many offspring, has had on the histories of many nations, English-speaking and otherwise. Whatever the scope of the original document, its joint principles — that all people are ultimately accountable, whatever their position, and that nobody should gain a status of absolute power — form the basis of the democracies of the UK, the USA and many others, its conclusions cited as a response when the masses have had enough. Containing the First Amendment stating, "Congress shall make no law... abridging the freedom of speech" for example, the US Constitution and Bill of Rights were formulated in response to the perceived threat of tyranny coming from both outside and within the still-fledgling country. And in the living memory of many, the Council of Europe created the European Convention on Human Rights in 1950, in response to both the horrors of the Second World War and the looming spectre of the Eastern Bloc.
From such incidents, and consequences, we can learn not only that eventually people will say ‘enough’; but also, that they will need to be pushed into a pretty tight corner before doing so. We shouldn’t be at all surprised therefore, that humanity continues to stare dumbly into the abyss that is data abuse, and done nothing about it. Consider some of the examples we have seen: bins that can sense bluetooth, supermarkets using CCTV and facial recognition to identify people individually, and track their movement through stores.
Fact: current laws don’t exist in sufficient scope to cover our digital existence -- but does that make them any less subject to the will of the people not to have their rights ridden over roughshod, simply because no protection exists? The information revolution has already changed the world, but in many ways we are still acting as though it hasn’t. This disconnect creates an opportunity for all, but more so for the powerful than the average citizen — it was ever thus. The fact we need new frameworks for governance is so obvious that it hardly needs saying, and as we have seen, efforts are underway. However, current legislative approaches around data are trying to apply three-dimensional thinking to a four-dimensional space.
The legal system simply can’t keep up with technology-driven change: chances are that any attempts to legislate will be superseded as new forms of information gathering and analysis develop. One only has to look at the number of cameras being installed on next-generation cars, or the fears around utilities using smart grids (or indeed, device manufacturers) to switch off energy without the home-owner's consent, to appreciate some of the difficulties which lie ahead. The issues become even more complex when metadata (data about data, such as phone call records), data aggregation and anonymisation are taken into consideration.
Stripping away the silicon-and-polymer trappings of our technologically advanced culture reveals an issue as old as the Magna Carta: that inadequate governance allows for a minority to act with impunity, even as the rights of the masses are abused. Neither Snowden nor Wikileaks were enough to incite change; nor were the Panama Papers; nor, no doubt, will be any other leaks of data. For change to take place, potentially, we need an event so significant it turns humanity on its head. An event significant enough to trigger adequate data governance may not come for decades, but in the meantime the majority of the world’s citizens will be consigned to a state of digital serfdom.
Even if the collective we are prepared to sit back and wait for the ‘data-pocalypse’ before agreeing any significant change, we can at least map out what such changes need to be. For a start, and based on the findings of this book, we can start with a number of reasonably clear assumptions abut where the information revolution is taking us. This needs to include, the idea of complete and utter data transparency, either directly or through the increasing ability of computers to work things out. Yes, “Privacy is dead,” as Scott McNealy once said. And yes, we need to “deal with it” — but not simply through blank acceptance of humanity’s fate, but by putting in place the checks and balances we need as a result.
On this basis, what can we say? First that the protections should be in terms of the consequences, not the features of the causes. Some of our oldest laws are also some of the simplest, and complexity only causes problems.
Second, that any principles should be completely international. The digital world has no geographic boundaries, so any differences in governance between nations can be exploited, directly and without pause for thought. In future, it’s highly likely that any loopholes will be accessed through automation, if indeed they are not already. For example the remit needs to consider corporate law, as well as tax boundaries: technology has enabled a global economy, so it should have a fiscal framework that works accordingly. Today, many companies are currently, simply exploiting the potential difference between acting globally and paying Caesar locally. By doing so they are obeying the will of their shareholders, which in many cases means you and me. Such international legislation is not without its loopholes. Data havens can exist either due to physical geography — in the case of Iceland, which voted in such a measure[1] in 2010.
The question of liability also comes into play, therefore. If an organisation causes a damaging consequence it should be held liable, should the result be an unexpected material impact on the person, even if the data was anonymised or wherever it was stored. We have similar principles in existing law in terms of diminished responsibility, manslaughter and so on, that some responsibility for the outcome needs to be taken.
Perhaps a bigger question is, from where should such laws come? The answer may be to adopt some of the principles made possible by the digital age — open-ness and collaboration. It worked in Iceland through crowdsourcing, and in Austria, workable financial regulation is being co-created. This is not wrong — combative approaches are provably unworkable. By crowdsourcing the rules, then creating a democratic structure to support them. Perhaps the UN, or any other pan-national authority that individual nations are prepared to sign up to. But with the will of the people, not the corporations, driving the remit.
So, perhaps we will be able to devise a set of moral principles. Such work has already been started — the Magna Carta was cited[2] by inventor of the World Wide Web, Sir Tim Berners-Lee as he launched[3] the Web We Want campaign, among others. And indeed, some groups such as AIIM have drawn up[4] an Information Bill of Rights. It doesn’t stop with working groups. The UN has come out with statements such as the Right to Privacy in the Digital Age[5] and Microsoft has followed suit by suggesting[6] it is time for an international convention on government access to data. But as yet it lacks any overall support, or even authority.
An important next point is that such work cannot be considered ‘complete’ when it is done. As we have so clearly seen the Information Age is in a brainstorming stage, as businesses try to combine data and services in new and interesting ways and see what insights emerge. One flash of brilliance might create a hitherto unknown, completely legal, public, non-specific, yet damaging stereotype, such as “cat owners are dangerous drivers”. Once such an insight has been discovered the damage may already be done. As we become better at data analysis such, micro-prejudicial examples will become the norm, rather than the exception.
So we also need to consider speed of legislation, and its enactment. If businesses are recruiting data scientists, so do our judiciaries and our lawmakers. Our legal systems need to operate in as agile a manner as our businesses and startups, quickly considering the consequences of the retrospective application of an unexpected discovery. This may also mean moving from regulatory law to case law, on an international basis. Which is not currently the case, clearly. But in this hyper-connected world in which we now exist, there is no reason for it not to be.
Indeed, nothing at all is stopping the masses from creating an internationally applicable, virtual bill of rights that applies not only to ourselves, but to our data. As we have seen, data is not about us, it is us and if corporations and governments are no longer able to distinguish between the two, then nor should our legal frameworks.

[1] http://www.economist.com/blogs/babbage/2010/06/icelands_media_law
[2] http://www.bbc.co.uk/news/uk-26540635
[3] https://webwewant.org
[4] http://www.aiim.org/community/Discussions/Information-Bill-of-Rights
[5] http://www.un.org/News/Press/docs/2013/gashc4094.doc.htm
[6] http://blogs.microsoft.com/on-the-issues/2014/01/20/time-for-an-international-convention-on-government-access-to-data/