Data Bill of Rights
Last week John Battelle posted his latest version of his data bill of rights:
My first thought here is -- "Egad, how in the world does anyone harmonize this set of principles into their own business practices?" But leaving that aside for now, here are some thoughts.
First, I would add something about security. As the data owner, you have a right to expect that companies that have your data will properly safeguard it.
The concept of the consumer owning their own data is much more of a EU concept than a US one. Speaking of international, how does this concept play in Spain? In China?
Does this bill of rights (if implemented) kill the data broker business? If I allow a data broker to have my data, can I then limit their ability to transfer that data to only the third parties that I specify? If yes, that would seem to require an extremely complex permissioning system. (Oops, I'm back to talking about operational issues...)
And while I understand that under this bill of rights gives the consumer tremendous choice in theory, I wonder what happens when applied to real life. For example, I as a consumer would have a right to allow only one of the credit reporting agencies to have a file on me. But in order to get a mortgate recently I needed to provide the bank with my score from all three credit agencies. I suppose I could have asked the bank to use only one report, say from Equifax (they gave me the highest score.) However, by doing so, the bank is going to feel less comfortable about loaning me money. And when banks feel less secure, the APR goes up. So while in theory, I could use only one credit agency, doing so would cost me thousands of dollars on my mortgage. I'm in the privacy business and I'm not willing to make that trade off. Are you?
More on this later....
So, I submit for your review, editing and clarification, a new draft of
what rights we, as consumers, might demand from companies making hay off the
data we create as we trip across the web:
- Data Transparency. We can identify and review the data that companies
have about us. A sticky issue is whether we can also identify and review data
that is made about us based on other data the company might have. (IE, based on
your behavior, we at Amazon know you might also like....)
- Data Portability. We can take copies of that data out of the company's coffers and offer it to others or just keep copies for ourselves.
- Data Editing. We can request deletions, editing, clarifications of our data for accuracy and privacy.
- Data Anonymity. We can request that our data not be used, cognizant of the fact that that may mean services are unavailable to us.
- Data Use. We have rights to know how our data is being used inside a company.
- Data Value. The right to sell our data to the highest bidder.
- Data Permissions. The right to set permissions as to who might use/benefit from/have access to our data.
My first thought here is -- "Egad, how in the world does anyone harmonize this set of principles into their own business practices?" But leaving that aside for now, here are some thoughts.
First, I would add something about security. As the data owner, you have a right to expect that companies that have your data will properly safeguard it.
The concept of the consumer owning their own data is much more of a EU concept than a US one. Speaking of international, how does this concept play in Spain? In China?
Does this bill of rights (if implemented) kill the data broker business? If I allow a data broker to have my data, can I then limit their ability to transfer that data to only the third parties that I specify? If yes, that would seem to require an extremely complex permissioning system. (Oops, I'm back to talking about operational issues...)
And while I understand that under this bill of rights gives the consumer tremendous choice in theory, I wonder what happens when applied to real life. For example, I as a consumer would have a right to allow only one of the credit reporting agencies to have a file on me. But in order to get a mortgate recently I needed to provide the bank with my score from all three credit agencies. I suppose I could have asked the bank to use only one report, say from Equifax (they gave me the highest score.) However, by doing so, the bank is going to feel less comfortable about loaning me money. And when banks feel less secure, the APR goes up. So while in theory, I could use only one credit agency, doing so would cost me thousands of dollars on my mortgage. I'm in the privacy business and I'm not willing to make that trade off. Are you?
More on this later....