I’ve not really pulled all the stuff I’ve written about this in one place at one time. I realized this while talking to a researcher last night who is writing a paper on the implications of search and web history. In particular, I’ve not posted in one place about what I’ve started to call “The Data Bill of Rights.” My first attempt was here.
I recall that the first time I wrote about Stewart Butterfield told me it’d be impossible to do what I was suggesting. Maybe so, but Eric, in the interview last week, said Google was committed to Data Portability, which is the key and most difficult piece of the pie.
So, I submit for your review, editing and clarification, a new draft of what rights we, as consumers, might demand from companies making hay off the data we create as we trip across the web:
– Data Transparency. We can identify and review the data that companies have about us. A sticky issue is whether we can also identify and review data that is made about us based on other data the company might have. (IE, based on your behavior, we at Amazon know you might also like….)
– Data Portability. We can take copies of that data out of the company’s coffers and offer it to others or just keep copies for ourselves.
– Data Editing. We can request deletions, editing, clarifications of our data for accuracy and privacy.
– Data Anonymity. We can request that our data not be used, cognizant of the fact that that may mean services are unavailable to us.
– Data Use. We have rights to know how our data is being used inside a company.
– Data Value. The right to sell our data to the highest bidder.
– Data Permissions. The right to set permissions as to who might use/benefit from/have access to our data.
What am I missing?
15 thoughts on “The Data Bill of Rights”
Data Value. The right to sell our data to the highest bidder.
My comment addresses a sub-point, rather than a full point. To me, “data value” also includes the right to share in the profit of those “making hay” off of the data that I/you/we create as we trip across the web. Who says we have to sell anything? If I still own my data, and someone is using it, they owe me licensing fees.
I understand that this is next to impossible to assess. I.e. when Amazon aggregates my buying data and uses that to make higher profits because they can create better targetted recommendations, what portion of that better-targetted information is really attributed to my data? That can be very difficult to determine.
I also understand that some companies claim that they are already letting me share in the profits, simply by offering me services for free (e.g. Gmail) or giving me discounts for collecting my information (i.e. supermarket cards). But at a certain level, I don’t buy those explanations. I still think there is monetary value in my data that I am not currently receiving, and there is more to it than just being able to sell my data to the highest bidder.
I would add something about security. As the data owner, you have a right to expect that companies that have your data will properly safeguard it.
Also, I’m sure you’re aware of this, but the concept of the consumer owning their own data is much more of a EU concept than a US one. Does this bill of rights (if implimented) kill the data broker business? If I allow a data broker to have my data, can I then limit their ability to transfer that data to only the third parties that I specify? If yes, that would seem to require an extremely complex permissioning system.
Would welcome the opp to discuss if you’re so inclined…
DATA Expiration Date
You have deliberated upon an issue beautifully. This thought needs to be refined keeping in view what companies can accept and would let go. Data as a trade bargain hurts consumer privacy and on all counts of Data value and Data Permissions a framework is required. As Alan has has aptly elaborated “own data is much more of a EU concept than a US one” therefore a standard based on your view of Bill of data rights should be shared and we need to expand it to become a reality.
What I’m reading here implies that we are giving permision to a company (e.g. Google) to have ownership of this personal data. This is quite a scary proposition. While I think there is great convenience and value in being able to apply my past digital breadcrumbs against where I go next and what I see next on the web, it troubles me greatly that this data sits on some remote server (with God knows who being able to access it) and it isn’t owned by me. I think the only way to make this work is if the data sat on my machine, so I have full control over what’s in it and who has access to it. Only then do we have a privacy model that is secure enough to afford the convenience of a more personalized web experience.
You missed the obvious one: data opt-out. Ability to use services without having data collected at all. Any data that is collected can be misappropriated, intentionally or otherwise.
Allow people to use your services without collecting data on them. (To me this is different from data anonymity.)
Go for it! I’m sure that your struggle is not in vein
Why does Yahoo mail charge for POP access, thereby holding my data hostage? I suspect it is to prevent defection to better products. Fortunately there are scrapers like freepops.org to get your data out.
If you wanted to migrate off of myspace, good luck. Channeling Marc Canter, we need the social networks to support import and export of network data.
“Data Frugality” – collect only the data needed for the relationship established between the consumer and organization due to the action taken by the consumer. (As opposed to collecting more information that might help the organization build deeper involvement with the consumer. “Just take what is needed, no more.”) Hope that makes sense! 😉 Good stuff – thanks for sharing!
I think this is a noble idea, and I fully support it, but the most important thing you’re missing is not a part of the content of the data bill of rights… it’s the user leverage. Without enough users demanding for this bill of rights from the services they use (a la “I want my MTV”), then it’s just a lot of idealism. The most important thing is to build in reasons why the average Google user (not Twitter user) wants/demands this Bill of Rights.
John – we read with interest your data bill of rights and I’d like to point out that the TRUSTe program requirements – the rules that the TRUSTe sealholders must follow – hit on many of these: we require transparency on how personal identifying data will be used within a company and we require consent for 3rd party sharing. In addition, we also require security – the right for reasonable protection of the data, continued respect for the data rights in onward transfer (agents, etc.). Sealholders must also agree to engage with our Watchdog dispute resolution process to address issues of removal, correction, etc. Agree with you that more “sticky” issues remain such as access to profiling and behavioral targeting data (we require sealholders to disclose if they are using cookies or any other tracking technologies). Data retention and access are also issues that need to be considered more carefully by TRUSTe and others.
Wesabe announced a “Data Bill of Rights” last November (at the Web 2.0 Summit, actually) covering the rights we promise the users of our personal finance application — where data privacy and protection is obviously paramount. I wrote up the rights we chose and the Web 2.0 talk on blog.wesabe.com.
Marc Hedlund, Wesabe
I know you only want people to be more aware. In relation to awareness, did you know about the ring thing? The Ring Thing, or Key Ring Thing, is a service that combines the barcodes of all your grocery or other loyalty cards into one. It features separate bar codes that you can use as an all in one rewards card, and you don’t even need a cash advance to get one – it’s free! If you want to save money at Safeway, Albertsons, and Best Buy all at once, this might be the ticket for you. It’s especially handy if you don’t want to worry about needing a cash advance for groceries if you have a Ring Thing.
(all my personal opinion)
I deeply believe in your bill of rights and rationale. Actually, I believe all of these rights are inherent; and 99% of the companies I interact with online constantly violate my rights (simply because they “obey the letter of the law” instead of respect the people they “serve”).
Though I’m quite passionate about this issue, I’m pessimistic that my inherent data rights will ever be respected.
First, I believe that there is too much precedent – which in a society founded on a legal concepts of common law means that power systems “should” remain the way they are. Further, governments and corporations created and generally control the framework of the internet (hard and soft). Neither of those parties wants to lose value and control (by returning it to it’s rightful owner, individuals). There is significant historical precedent for this behavior. For example, according to U.S. law, >2/5 of the United States is illegally occupied. Will the illegally occupied land ever be returned to the rightful owners? Unlikely. There’s too much precedent, and too much desire of those in power to retain the value and control of the land and its resources (including human). I believe something similar shall manifest regarding data rights of individuals online — except that only a few of our more luxurious individual rights will be violated, rather than them all.
(Please note – I do love the Internet that exists today. I’d like to give a special shout out to the organizations, corporations and people who helped create it and continue to maintain it! It’s quite valuable as it is, and I cherish the work that you do to help it. I simply mean to point out that patterns tend to repeat themselves, not to equivocate data ownership with genocide.)
A great post but How to select a cool handbags. we sell cheap handbags We are the best store provided various cheap designer handbags but only a little white to make coach handbags online