Tuesday, 13 March 2012

Identonomics part 3: clarity in privacy and the need for a set of standardised personal data licenses

Exploring the economics of online identity

Skip to: [part 1] [part 2] [part 3] [part 4]

In part 1 of this series I propose that the open market in personal data will work ultimately in the interests of advertisers and those buying personal information - not the general public whose data is being used - unless members of the public exert pressure by shunning intrusive data services and selecting private alternatives.

In part 2 I look at some of the reasons regulation in this area may fail to protect consumers whilst risking a negative impact on innovation.

If personal data is the new currency as suggested by European Commissioner Reding , the consumer market is a classic confusopoly: a competitive market that is unable to function in the interests of consumers due to confused pricing.  ‘Buyers’ are unable to choose the ‘cheapest’ alternative and, as a direct consequence, ‘profiteering’ goes unchecked.

With enforcement hampered by the ubiquity and massively distributed nature of data, not to mention the trans-jurisdictional element, many companies are holding on to more and more information about us.

So I'm saying the market if left unchecked will fail to protect consumers, and that may lead to a collapse in trust which will impact innovation. As will regulation. We're doomed, right?

Restoring control to the user

Not quite.  One of the identified barriers to consumer choice is confusion, and our proposal for a standardised set of personal data licenses will help to break the confusopoly and temper the personal data land-grab.

Some data corporations today may not see it this way, but it really is in everyone’s interests to restore control to the user, and I'm pleasantly surprised by a number of global tech companies who do understand this.

If, when presented with a range of services, users are able to easily identify the most private -without poring over pages of privacy policies - it will introduce an economic driver for companies to minimise personal data collection and processing.

An empowered user is less likely to succumb to irrational fear and more likely to make informed choices; and, with end users making a 'purchasing decision' on which companies they wish to share their personal data 'currency' with, the market will move to meet demand for services with a privacy cost the public is comfortable with.

Standardising Consent

The draft standardised personal data licenses icons. we intend to make extensive use of iconography to aid recognition and protect all icons as our trade marks, licensing them only to companies who agree to certain conditions on their use.  Trade marks are necessary to control how our icons are used. In order to avoid accusations of profiteering, we will hold the trade marks in trust, promising to allow any qualifying international organisation (e.g. such as the W3C – the Worldwide Web Consortium) to take ownership in the event of widespread adoption.  
In order to allow comparison between different services from a wide range of providers, personal data needs some form of currency unit.

Whilst it is unrealistic to expect the currency to be linear – whether a contact book is worth more than web browsing history is highly subjective – there is a clear trade-off between clarity and granularity.

An infinitely granular description of how data will be used is complex and confusing to the end user, whilst a very basic indicator, e.g. a traffic light system, can lack sufficient precision to be of any real value.

A further problem arises when looking for voluntary adoption of any classification standard; companies demand sufficient resolution in order to distinguish their products from rivals when they feel their product has an edge.

You as the licensor

We offer a practical solution to meeting the varying demands of businesses to dictate the precise terms on which they want your data.

A switch in onus to focus on the person in personal data. You as the licensor. Practicalities aside, you should be able to dictate the terms by which your data is used.

In real terms it would be difficult to negotiate terms with everyone who wants your data, so we promote the idea of standardised licenses in much the same way as Creative Commons simplifies the way creative artists release art for public re-use with some conditions attached.

Standardised licenses outline the rights you grant for your personal data to be be used, processed and shared.  If the company using the data wants more rights, they have choose a higher-level license with broader terms.

It's that simple - users are in control and are able to compare like-for-like services on their privacy impact.

The license will be enforceable under existing contract law in most jurisdictions and clear abuses of the system would constitute fraud.

Additional detail - a 2-dimensional privacy footprint

TM. A visualisation of Privacy Footprint, part of the proposed standardised personal data scheme.  Trade marks are necessary to control how our icons are used. In order to avoid accusations of profiteering, we will hold the trade marks in trust, promising to allow any qualifying international organisation (e.g. such as the W3C – the Worldwide Web Consortium) to take ownership in the event of widespread adoption.  
We foresee that a simple linear scale will not offer the best balance between clarity and versatility, the above graphic is just one example of how we foresee our scheme developing.

Project status

Our work is at a relatively early stage, the above concept diagrams are provided solely as an illustration of our intentions. We expect to develop and refine the concepts and are now looking for partners from business, government, consumer and advocacy groups to help shape the scheme.

As far as the next steps, we have an outline plan as follows:

1.   A feasibility study (3-5 months), which will comprise:
a.       a socioeconomic study into consumer behaviour when faced with a choice of handing over personal data, and in particular whether a standardised model and iconography will aid consumers to make better-informed choices
b.      a study into business attitudes to adopting a standardised model
c.       a business plan which will explore funding options for phases (2), (3) & (4)
  1. A development phase (2-3 months) which will involve redrafting our icons and formulating the licenses themselves.
  2. Implementation - getting businesses to adopt the licenses
  3. Education, enforcement and consumer support. Ensuring our licenses are used correctly, explaining consumer rights to the public using sites who adopt the standardised licenses, and working with businesses to help with and ensure compliance.
For further information please call +44 (0) 1252 560 426, Skype james.firth or email research@opendigital.org

This instalment reflects the contents of our formal proposal (pdf). 

Skip to: [part 1] [part 2] [part 3] [part 4]

No comments:

Post a Comment