The fundamental problem of ‘owning’ user data

Who is on control now?

I do not often agree with Facebook, but I do agree with their decision to make privacy settings of their users more important than opening up the vast amount of data they track to 3rd party developers. Marshall Kirkpatrick writes about that decision and points out that Facebook isn’t opening up everything:

Facebook holds a mind-blowing amount of conversational data. The company is analyzing it extensively and it has an omniscient view of conversations across all the networks of friends and privacy restrictions. It uses that aggregate data analysis to make business decisions and to sell advertisements. The rest of us are only allowed to give Facebook more data and to get back a sliver per user that will facilitate more user-level participation in amassing more data at Facebook.

He continues and decides that the value of the data is too big to be held by one company alone:

The data that Facebook controls, conversations and social connections, could be used for analysis of real-time social patterns which could lead to world-shaking new insights. Do we get access to that data? No.

Why not? We don’t get that access because Facebook was built on a fundamental promise of privacy and a complex system of privacy controls. Privacy is good, it’s very good. But, the census gathers and exposes personal data without violating privacy. Lots of systems do.

[stuff deleted…]

The data the network controls is just too valuable to keep locked up for only the company’s own analysis.

Marshall asks an interesting question and provides a provocative answer for it. Is the ability to innovate with user data fundamentally more important than the right of a user to keep his data (interactions)  private?

It is tempting to answer this question with a ‘yes’. Many web advocates will explain that by giving up privacy they get value. That the free flow of data has lead to new interaction possibilities that were impossible before (web 2.0). We’ve made our progress because everything is set free. Data that is free can be mashed up and provide new value, unprecedented.

While we all benefit from these effects, we should not lightly dismiss this as a simple case of ‘collateral damage’. Marshall touches a fundamental dilemma. What is more important, the rights of the mass, or the rights of the individual. In the western world we tend to assume an inverse relationship between individual rights and social control. More social control leads to less individual rights and vice versa. Marshall suggests that individual rights may be less important than the ‘greater cause’ of being able to provide more value to users if data is freely accessible. The obvious question to ask when resented with this view is “where do you set the boundary?”  In other words, what violation of individual rights is still acceptable for the greater cause of innovation?

But to me, there is a more fundamental flaw underneath. Individuals do not really have the means to protect their rights in the first place. Even with every privacy setting Facebook offers a user, there isn’t a single setting that protects the user’s rights from Facebook itself! There is only one way a user can be in control of his own rights. The user can decide not to participate. The web gave us value, and in return it forced us to give up our most important right. The right of the individual. Everything is free and accessible for all. But in return we have to accept that there is no way for us to control what these companies know or do with the data they collect. No matter how honorable Facebook is, they have a disproportional power that allows them to crush individual user rights. Currently, 3rd party developers complain they can’t store Facebook data because of privacy settings, but Facebook itself doesn’t have that limitation. Teh user doens’t own his data, Facebook does.

I realise that these views aren’t popular. That many already (un-)consciously made the decision to participate. We are accepting a world in which the balance is in favor of the companies that develop services. That it is ok that I have to accept a Privacy Policy and Terms of Use of a company, but that that same company doesn’t commit itself to my individual rights. I do not mind data being set free, but I do mind that I do not really have the means to decide for myself what the tradeoff is. It’s all or nothing. Join the party or stay home. And while we might see the benefit of more value now, this is a decision that can’t be undone easily.

Don’t get me wrong. I totally agree with Marshall that the innovation over user data can lead to incredible value. I’m fine with sharing my data in order to have access to that value. What bugs me is that I do not have control over that decision or that balance. We are scared to give that fundamental right back to the individual. It might break all web business models. But I am an optimist. I think we would be surprised to see how many people would be quite willing to share data in return for value. The difference is that in this new situation they would be able to make a conscious decision. The user would be in control. He would join a service like Facebook and consciously deciding the best trade off between sharing information and obtaining value from the service. And that conscious act would provide us all more value than the current situation in which we are  hijacked.

The only way this can be solved is by putting the user in control. Turn the entire model inside out Privacy/accessibility settings should not be set per service, but set by the user. The user shouldn’t have a fragmented profile across every service, but instead have one profile that can connect to any service. He should not have to find friends across many services, but have his friends within his profile, accessible to him across any service he wishes to use. The user can be in control of what his profile would look like per service, who his friends are, what data he is willing to share. The user should own his data. If that would be the case then we would have balance between user and service provider. If the user has control over the decision to share, then there can be a much more effective exchange of data for value. A service provider wanting access to some of that data will have to agree to the individual’s privacy policy and terms of use. We would not need a new developer’s APIs for every service, but we would need one standard API that allows users to connect to services.  In many ways, putting the user in control would simplify technology and our ability to mash up data in order to create new value. It enforces a more natural cooperation between service provider and user.

The real innovation of the web would be to restore balance and put the individual user in control again.

Advertisement