Featured post

Customer Commons and User Submitted Terms

User Submitted Terms Strawman

User Submitted Terms Strawman

Above is a strawman proposal for icons for user-submitted terms that I’ve been presenting in talks and in prototypes for creating privacy-protecting technology for individuals. I’ve been sharing this with people for the last couple of years to increasing recognition that we need a simple way to assert our terms. I made it up to demonstrate what and how user submitted terms might work, as part of a larger system for individuals to control and share their personal data.

Basically, the idea is that an individual would select some default settings for sharing their data, and this would be managed by a user-agent which would use a ‘machine readable’ version of the user-terms. The individual would see the icons, but also be able to read the ‘human-readable’ terms connected to each category of choice and the individual icons chosen. And there would be a ‘legal readable’ version that be available for creating a legally enforceable agreement, if the individual and those they submit terms to agreed. And if the requested term was not agreed to, the individual would know and be able to choose whether to share data anyway.

You can see the choices for terms, including Sharing. This might involve allowing shared data to be public, or shared with 3rd parties, or just sharing with the direct 1st party relationship. Duration might be for as long as there is an active account, for say, 3 months, or for just the extent of the business session. Purpose might be for 3rd party advertising, for just site use, or for the extent of the business transaction. And Tracking might allow either tracking or Do Not Track choices.

These choices are simple and easy for a person to understand, and should be the sort of thing that is selected once, and then the general choices become defaults. It might be that there are a few defaults, say for news sites or apps, verses say, for social networks, or for entities we purchase from. We might want to get really granular with some relationships we have that really matter to us, and specify a set of terms just for that vendor. But the net of this is that individuals would be able to say what matters to them before they share any data, and their agent could negotiate the relationship with a potential vendor, to make it easy and painless.

Customer Commons, as advocates for individuals, could develop and maintain for public use these terms and their icons. We could provide this part of the puzzle for a privacy protecting system to help individuals have more control over their own sharing. And we could help vendors navigate these negotiations with customers so that vendors might use better privacy as a competitive advantage in the marketplace.

All of this, the choices we individuals make and submit, and the responses from vendors, ought to be recorded in a Consent Receipt, something Open Notice has been working toward and which is very complementary to user-submitted terms.

I’d love to hear what you think in comments about this idea.

<a rel=”license” href=”http://creativecommons.org/licenses/by-sa/4.0/”><img alt=”Creative Commons License” style=”border-width:0″ src=”https://i.creativecommons.org/l/by-sa/4.0/80×15.png” /></a><br /><span xmlns:dct=”http://purl.org/dc/terms/” property=”dct:title”>Customer Commons User Terms</span> by <a xmlns:cc=”http://creativecommons.org/ns#” href=”http://customercommons.com” property=”cc:attributionName” rel=”cc:attributionURL”>Mary Hodder</a> is licensed under a <a rel=”license” href=”http://creativecommons.org/licenses/by-sa/4.0/”>Creative Commons Attribution-ShareAlike 4.0 International License</a>.

Featured post

The Personal Data Eco-system

Post from 2009 reposted here to facilitate further discussion.

At the VRM workshop, we discussed the need for the concept of the Personal Data Store, what it would do in practice, and what that will ultimately enable.

Why we need such things – because individuals have a complex need to manage personal information over a lifetime, and the tools they have at their disposal today to do so are inadequate. Existing tools include the brain (which is good but does not have enough RAM, onboard storage, or an ethernet socket……thankfully), stand alone data stores (paper, spreadsheets, phones, which are good but not connected in secure ways that enable user-driven data aggregation and sharing), and supplier based data stores (which can be tactically good but are run under the supplier provided terms and conditions). NB Our current perception of ‘personal data stores’ is shaped by the good ones that are out their (e.g. my online bank, my online health vault); what we need is all of that functionality, and more – but working FOR ME.

What they will do/ enable – the term Personal Data Store is not an ideal term to describe a complex set of functions, but it is what it is until we get a better one (the analogy I’d use in more ways than one is the term ‘data warehouse’ – again a simplistic term that masks a lot of complex activity). A Personal Data Store can take two basic forms:

Operational Data Stores – that get things done, and only need store sufficient breadth and depth of data to fulfill the operation they are built for (e.g. pay a credit card bill, book a doctor’s appointment, order my groceries).

Analytical Data Stores – that underpin and enable decision making, and which typically need a more tightly defined, but much deeper data-set that includes data from a range of aspects of life rather than just that from one specific operation (e.g. plan a home move, buy a car, organise an overseas trip).

A sub-set of the individual’s overall data requirement will lie in both of the above, this being the data that then integrates decision-making and doing.

In both cases, the functionality required is to source, gather, manage, enhance and selectively disclose data (to presentation layers, interfaces or applications).

We also discussed ‘who has what data on you’ and introduced the following diagrams to explain current state and target state (post deployment of Volunteered Personal Information (VPI) tech and standards).

The key terms that require explanation are:

My Data – is the data that is undeniably within, and only within, the  domain of an individual. It’s defining characteristic is that it has demonstrably not been made available to any other party under a signed, binding agreement. This space has been increasingly encroached upon by technology and organisations in recent history (e.g. behavioural tracking tools like Phorm) and this encroachment will continue. Indeed a general comment can be made that ‘my data’ equates to privacy in the context of personal data; so the rise of the surveillance society and state is a direct assault on ‘My Data’. Management of ‘My Data’ can be run by the individual themselves, or outsourced to a ‘fourth party service’.

Your Data – is the data that is undeniably within the domain of an organisation; either private, public or third sector. Proxy views of this data may exist elsewhere but are only that. This data would include, for example, the organisations own master records of their product/ service range, their pricing, their costs, their sales outlets and channels. Customer-facing views of much of Your Data is made available for reproduction in the ‘Our Data’ intersect.

Our Data – is the data that is jointly accessible to both buyer and seller/ service provider, and also potentially to any other parties to an interaction, transaction or relationship. It is the data that is generated through engaging in interactions and transactions in and around a customer/ supplier relationship. Despite being ‘our’ data, it is probably technically owned, or at least provided under terms of service designed by the seller/ service provider; in practical terms this also means that the seller/ service provider dictates the formats in which this data exists/ is made available.

Their Data – is the data built/ owned/ sold by third party data aggregators, e.g. credit bureaux, marketing data providers in all their forms. It’s defining characteristic is that it is only available/ accessible by buying/ licensing it from the owner.

Everybody’s Data – is the public domain data, typically developed/ run by large, public sector(ish) entities including local government (electoral roll), Post Offices (postal address files), mapping bureau (GIS). Typically this data is accessible under contract, but the barriers to accessing these contracts are set low – although often not low enough that an individual can engage with them easily.

The Basic Identifier Set/ Bit in the Middle – this is the core personal identity data which, like it or not, exists largely in the public domain – most typically (but not exclusively) as a result of electoral rolls being made available publicly, and specifically to service providers who wish to build things from them. This characteristic is that which enables the whole personal eco-system and its impact on data privacy to exist, with the individual as the un-knowing ‘point of integration’ for data about them.

Propeller Current State

The ovals in the venn diagram represent the static state, i.e. where does data live at a point in time. The flow arrows show where data flows to and from in this eco-system; I use red to signify data flowing under terms and conditions NOT controlled by the individual data subject.

Flow 1 (My Data to Your Data, and My Data to Our Data) – Individuals provide data to organisations under terms and conditions set by the organisation, the individual being offered a ‘take it or leave it’ set of options. Some granularity is often offered around choices for onward data sharing and use, i.e. the ‘tick boxes’ we all know and which are one of the main bitsof legacy CRM that VRM will fix.

Flow 2 (Your Data to Your Data, including Our Data) – Organisations share data with other organisations, usually through a back-channel, i.e. the details of the sharing relationship are typically not known to the data subject.

Flow 3 (Your Data, including Our Data to Their Data) – Organisations share data with a specific type of other organisation, data aggregators, under terms and conditions that enable onward sale. Typically the sharer is paid for this data/ has a stake in the re-sale value.

Flow 4 (Everybody’s Data to Their Data) – Data Aggregators use public domain data sources to initiate and extend their commercial data assets.

The target state is shown below, a different scenario altogether – and one which I believe will unfold incrementally over the next ten years or so…..data attribute by data attribute, customer/ supplier management process by customer/ supplier management process, industry sector by industry sector. In this scenario, the individual and ‘My Data’ becomes the dominant source of many valuable data types (e.g. buying intentions, verified changes of circumstance), and in doing so eliminates vast amounts of guesswork and waste from existing customer/ citizen managment processes.

The key new capabilities required to enable this to happen are those being worked on in the User Driven and Volunteered Personal Information work groups at Kantara (one tech group, one policy/ commerce one), and elsewhere within and around Project VRM. The new capabilities will consist of:

– personal data store(s), both operational and analytical

– data and technical standards around the sharing of volunteered personal information

– volunteered personal information sharing agreements (i.e. contracts driven by the individual perspective, creative commons-like icons for VPI sharing scenarios)

– audit and compliance mechanics

Around those capabilities, we will need to build a compelling story that clearly articulates, in a shared lexicon (thanks to Craig Burton for reminding us of the importance of this – watch this space), the benefits of the approach – for both individuals and organisations.

The target state that will emerge once these capabilities begin to impact will include the 4 additional individual-driven information flowsover and above the current ones. The defining characteristic of these new flows is that the can only be initiated by the data subject themselves, and most will only occur when the receiving entity has ’signed’ the terms and conditions asserted by the individual/ data subject. The new flows are:

Flow 5 (My Data to Your Data (inc Our Data) – Individuals will share more high value, volunteered information with their existing and potential suppliers, eliminating guesswork and waste from many customer management processes. In turn, organisations will share their own expertise/ data with individuals, adding value to the relationship.

Flow 6 (Everybody’s Data to My Data) – With their new, more sophisticated personal information management tools, individuals will be able to take direct feeds from public domain sources for use on their own mashups and applications (e.g. crime maps covering where I live/ travel)

Flow 7 (My Data to (someone else’s) My Data) – An enhanced version of ‘peer to peer’ information sharing.

Flow 8 (My Data to Their Data) – The (currently) unlikely concept of the individual making their volunteered information available to/ through the data aggregators. Indeed we are already starting to see the plumbing for this new flow being put in place with the launch of the Acxiom Identity Card.

Propeller Target State

The implications of the above are enormous, my projection being that over time some 80% of customer management processes will be driven from ‘My Data’. I’m pretty confident about that, a) because we are already see-ing the beginning of the change in the current rush for ‘user generated content’ (VPI without the contract), and b) because the economics will stack up. Organisation need data to run their operations – they don’t really mind where it comes from. So, if a new source emerges that is richer, deeper, more accurate, less toxic – and all at lower cost than existing sources; then organisations will use this source.

It won’t happen overnight obviously; as mentioned above specific tools, processes and commercial approaches need to emerge before this information begins to flow – and even then the shift will be slow but steady, probably beginning with Buying Intention data as it is the most obvious entry point with enough impact to trigger the change. That said, the Mydex social enterprise already has a working proof of concept up and running showing much of the above working. A technical write up of the proof of concept build can be found here. And the market implications of this are explored in more detail in new research on the market value of VPI shortly to be published by Alan Mitchell at Ctrl-Shift.

The two hour session at the VRM workshop was barely enough to scratch the surface of the above issues, so the plan is to continue the dialogue and begin specifying the capabilities required in detail in the User Driven and Volunteered Personal Information (technology) workgroup at The Kantara Initiative. The workgroup charter can be found here. A parallel workgroup focused on business and policy aspects will also be launched in the next few weeks. Anyone wishing to get involved in the workgroup can sign up to the mailing list hereand we’ll get started with the work in the next couple of weeks.

Al Jazeera America investigates big data and privacy in new comic

Privacy and surveillance can be abstract and comics work well at making abstract concepts concrete

Al Jazeera America has released a comic investigating the uses of big data and their effect on our privacy.
Read more: http://www.digitalspy.co.uk/comics/news/a606737/al-jazeera-america-investigates-big-data-and-privacy-in-new-comic.html
Posted by Dont Mine on Me

FBI Created Fake News Article With Spyware to Track Suspect

“We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times Editor Kathy Best.

The FBI maintains that its fake news article was justified
The FBI created a fake Seattle Times article containing surveillance software in order to track a school bomb-threat suspect in 2007, according to documents obtained by an advocacy group.
Read more: http://time.com/3544557/fbi-seattle-times-fake-news/
Posted by Dont Mine on Me

Will Breaches and Privacy Concerns Lead to the Rise of the Personal Cloud?

When it comes to the question of “Who controls your personal data?” the answer should be “You.”

Cloud technology has introduced a new level of convenience to our lives, making our files available from whatever device is most handy at the moment. In a world where only a few years ago people fretted over how to transfer large files across computers, and had no options but to carry laptops everywhere because that was where their data lived, the cloud is a force for freedom, severing those cumbersome connections.
Read more: http://www.wired.com/2014/10/the-rise-of-the-personal-cloud/
Posted by Dont Mine on Me

The right to privacy in a big data world: When properly understood, privacy rules essential, experts say

When properly understood, privacy rules will be an essential and valuable part of our digital future!
In the digital age in which we live, monitoring, security breaches and hacks of sensitive data are all too common. It has been argued that privacy has no place in this big data environment and anything we put online can, and probably will, be seen by prying eyes.
Read more: http://www.sciencedaily.com/releases/2014/10/141025152547.htm
Posted by Dont Mine on Me

Windows 10 has new ways to protect you against internet data breaches

New Windows10 feature uses two factor authentication to help protect your Personal Data!

There are plenty of online services that use two-factor authentication to reduce the chances of someone hijacking your account after a data breach, but what about the operating system on your PC or phone? You’ll get that safeguard if you use Windows 10, according to a Microsoft security brief. The new OS will optionally treat a device (including something nearby, like your phone) as one authentication factor when signing into a local or internet account, and a PIN code or biometric reader as the second. If hackers find your login data sitting on a server, they won’t get to use it unless they also have your gear — and in some cases, they may need a fake fingerprint as well.
Read more: http://www.engadget.com/2014/10/23/windows-10-protects-against-data-breaches/
Posted by Dont Mine on Me

Data generated by connected devices should be considered personal, says data protection authorities

Data generated by devices – the so-called “internet of things” – should be considered personal data and therefore be governed by data protection laws.
Data protection authorities call for data protection laws to be extended to the internet of things
Data generated by devices – the so-called “internet of things” – should be considered personal data and therefore be governed by data protection laws.
That was the conclusion of data protection authorities from around the world in a two-page declaration published at the 36th International Privacy Conference.
Read more: http://m.computing.co.uk/ctg/news/2377121/data-generated-by-connected-devices-should-be-considered-personal-says-data-protection-authorities
Posted by Dont Mine on Me

Ello founder Paul Budnitz: America is a ‘car crash’ on privacy

“Americans have a healthy stupidity. That lack of sophistication is a secret superpower,”- Paul Budnitz, founder of ElloSupporters cast shadows on a US flag as they cheer for John McCain at a campaign rally in Pottsville, Pennsylvania
The boss of Facebook’s newest rival tells Katherine Rushton why the time is right for a social network which does not manipulate its users.
“Those social networks used to be fun but they became cluttered and full of ads,” Budnitz says. “I couldn’t find my friends through all these sponsored posts. It’s like us having this conversation and an ad popping up every 30 seconds or so. It feels violating, right?”
He also worried that Facebook was collecting so much data, constructing a persona based on small nuggets of information revealed though every interaction on the network. In his case, though, it was off beam: “For some reason Facebook started to think I am this middle-aged woman. I was getting ads for pumps and woman’s underwear and the whole thing.”
Read more: http://www.telegraph.co.uk/finance/11170358/Ello-founder-Paul-Budnitz-America-is-a-car-crash-on-privacy.html
Posted by Dont Mine on Me

Has our right to privacy been forgotten?

Do we really have the “Right to be Forgotten”?

Has our right to privacy been forgotten? It sometimes seems so. Theresa May and other authoritarians seem to want to ensure that everything is remembered, whilst Google often seem aggrieved that it should be possible for anything to be forgotten. Our privacy – our privacy rights – seem to be the only thing that is forgotten.
Read more: http://www.techradar.com/news/internet/has-our-right-to-privacy-been-forgotten–1269704#null
Posted by Dont Mine on Me