The Only Way Customers Come First

— is by proffering terms of their own.

That’s what will happen when sites and services click “accept” to your terms, rather than the reverse. This then you are what lawyers call the first party. Sites and services that agree to your terms are second parties.

As a first party, you get scale across all the sites and services that agree to your terms, just like today each of those sites and services gets scale across thousand or millions of second-class netizens called “users”:

This the exact reverse of what we’ve had in mass markets ever since industry won the industrial revolution. But we can get that scale now, because we have the Internet, which was designed to support it. (Details here and here.)

And now is the time, for two reasons:

  1. We can make our leadership pay off for sites and services; and
  2. Agreeing with us can make sites and services compliant with tough new privacy laws.

First example:#NoStalking:

With #NoStalking, we proffer a term that says—

This does a bunch of good things for advertising supported sites:

  1. It relieves them of the need to track us like animals everywhere we go, and harvest personal data we’d rather not give anybody without our permission.
  2. Because of #1, it gives them compliance with the EU’s General Data Protection Regulation (aka GDPR), which will start fining companies “up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 4),” or “a fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 5 & 6).”
  3. It provides simple and straightforward “brand safety” directly from human beings, rather than relying on an industry granfalloon to do the same.
  4. It lets good publishers sell advertising to brands that want to sponsor journalism rather than chase eyeballs to the cheapest, shittiest sites.
  5. It provides a valuable economic signal from demand to supply in the open marketplace—one that can be enlarged to include other signals, such as our next term…

#intentcasting:

This is where individuals present themselves to the marketplace as qualified leads, but on their own terms.

#nostalking and #intentcasting are the first terms to be published at Customer Commons. Both have the potential to generate fresh and healthy economic activity, one in publishing and the other in retailing.

Every new first party term  has the potential to reform whole markets for the good of everyone, simply by creating better ways for demand to signal, engage and improve supply. In doing that, first party terms will also make good on the promise of the Internet in the first place. After two decades of failing to do that, it’s about time.

We’ll be working on exactly these terms at VRM Day next Monday, and at IIW for the following three days, all at the Computer History Museum in Silicon Valley. Sign up at those links. Help us change the world.

 

 

Time for THEM to agree to OUR terms

Screen Shot 2016-03-25 at 12.12.45 PM
We can do for everybody what Creative Commons does for artists: give them terms they can offer—and be can read and agreed to by lawyers, ordinary folks, and their machines. And then we can watch “free market” come to mean what it says, and not just “your choice of captor.”

Try to guess how many times, in the course of your life in the digital world, have “agreed” to terms like these:

URsoScrewed

Hundreds? Thousands? (Feels like) millions?

Look at the number of login/password combinations remembered by your browser. That’ll be a fraction of the true total.

Now think about what might happen if we could turn these things around. How about if sites and services could agree to our terms and conditions, and our privacy policies?

We’d have real agreements, and real relationships, freely established, between parties of equal power who both have an interest in each other’s success.

We’d have genuine (or at least better) trust, and better signaling of intentions between both parties. We’d have better exchanges of information and better control over what gets done with that information. And the information would be better too, because we wouldn’t have to lie or hide to protect our identities or our data.

We’d finally have the only basis on which the Seven Laws of Identity, issued by Kim Cameron in 2005, would actually work. Check ’em out:

laws

Think about it. None of those work unless individuals are in charge of themselves and their relationships in the digital world. And they can’t as long as only one side is in charge. What we have instead are opposites: limited control and coerced consent, maximum disclosure for unconstrained use, unjustified parties, misdirected identity, silo’d operators and technologies, inhuman integration, and inconsistent experiences across contexts of all kinds. (I’ll add links for all of those later when I have time.)

Can we fix this problem, eleven years after Kim came down from the mountain (well, Canada) with those laws?

No, we can’t. Not without leverage.

The sad fact is that we’ve been at a disadvantage since geeks based the Web on an architecture called “client-server.” I’ve been told that term was chosen because “slave-master” didn’t sound so good. Personally, I prefer calf-cow:

calf-cow

As long as we’re the calves coming to the cows for the milk of “content” (plus unwanted cookies), we’re not equals.

But once we become independent, and can assert enough power to piss off the cows that most want to take advantage of us, the story changes.

Good news: we are independent now, and controlling our own lives online is pissing off the right cows.

We’re gaining that independence through ad and tracking blockers. There are also a lot of us now. And a lot more jumping on the bandwagon.

According to PageFair and Adobe, the number of people running ad blockers alone passed 200 million last May, with annual growth rates of 41% in the world, 48% the U.S. and 82% in the U.K. alone.

Of course the “interactive” ad industry (the one that likes to track you) considers this a problem only they can solve. And, naturally, the disconnect between their urge to track and spam us, and our decision to stop all of it, is being called a “war.”

But it doesn’t have to be.

Out in the offline world, we were never at war with advertising. Sure, there’s too much of it, and a lot of it we don’t like. But we also know we wouldn’t have sports broadcasts (or sports talk radio) without it. We know how much advertising contributes to the value of the magazines and newspapers we read. (Which is worth more: a thick or a thin Vogue, Sports Illustrated, Bride’s or New York Times?) And to some degree we actually value what old fashioned Mad Men type advertising brings to the market’s table.

On the other hand, we have always been at war with the interactive form of advertising we call junk mail. Look up unwanted+mail, click on “images,” and and you’ll get something like this:

unwantedmail

What’s happened online is that the advertising business has turned into the “interactive”  junk message business. Only now you can’t tell the difference between an ad that’s there for everybody and one that’s aimed by crosshairs at your eyeballs.

The difference between real advertising and tracking-based junk messages is the same as that between wheat and chaff.

Today’s ad and tracking blockers are are primitive prophylactics: ways to protect our eyeballs from advertising and tracking. But how about if we turn these into instruments of agreement? We could agree to allow the kind of ads that pay the publisher and aren’t aimed at us by tracking.

Here at Customer Commons we’ve been working on those kinds of terms for the last several years. Helping us have been law school students and teachers, geeks and ordinary folks. Last we publishe a straw man version of those terms, they looked like this:

UserSubmittedTerms1stDraft

What those say (in the green circles) is “You (the second party) alone can use data you get from me, for as long as you want, just for your site or app, and will obey the Do Not Track request from my browser.”

This can be read easily by lawyers, ordinary folks and machines on both sides, just the way the graphic at the top of this post, borrowed from Creative Commons (or model for this), describes.

We’re also not alone.

Joining us in this effort are the Identity Ecosystem Working Group, the Personal Data Ecosystem Consortium, the Consent and Information Sharing Working Group (which is working on a Consent Receipt to give agreements a way to be recorded by both parties), Mozilla and others on the ProjectVRM Development Work list.

Many people from those groups (including Kim Cameron himself) will be at IIW, the Internet Identity Workshop, at the Computer History Museum in Silicon Valley, on the last week of next month, April 26-28. It’s an unconference. No panels, no keynotes, no plenaries. It’s all breakouts, on topics chosen by participants.

The day before, at the same location, will be VRM Day. The main topic there will be terms, and how we plan to get working versions of them in the next three days at IIW.

This is a huge opportunity. I am sure we have enough code, and enough done work on standards and the rest of it, to put up exactly the terms we can offer and publishers online can accept, and will start to end the war (that really isn’t) between publishers and their readers.

Once we have those terms in place, others can follow, opening up to much better signaling between supply and demand, because both sides are equals.

So this is an open invitation to everybody already working in this space, especially browser makers (and not just Mozilla) and the ad and tracking blockers. IIW is a perfect place to show to show what we’ve got, to work together, and to move things forward.

Let’s do it.

 

Giving Customers Scale

scale-leverage

Customers need scale.

Scale is leverage. A way to get lift.

Big business gets scale by aggregating resources, production methods, delivery services — and, especially, customers: you, me and billions of others without whom business would not exist.

Big business is heavy by nature. That’s why we use mass as an adjective for much of what big business does: mass manufacturing, mass distribution, mass retailing, mass marketing, and mass approaches to everything, including legal agreements.

For personal perspective on this, consider how you can’t operate your mobile phone until you click “accept” to a 55-screen list of terms and conditions you’ll never read because there’s no point to it. Privacy policies are just as bad. Few offer binding commitments and nearly all are lengthy and complicated. According to a Carnegie-Mellon study, it would take 76 work days per year just to read all the privacy policies encountered by the average person. The Atlantic says this yields an “opportunity cost” of $781 billion per year, exceeding the GNP of Florida.

We accept this kind of thing because we don’t know any other way to get along with big business, and big business doesn’t know any other way to get along with us. And we’ve had this status quo ever since industry won the Industrial Revolution.

In 1943 — perhaps the apex of the Industrial Age — law professor Friedrich Kessler called these non-agreements “contracts of adhesion,” meaning the submissive party was required to adhere to the terms of the contract while the dominant party could change whatever they liked. On one side, glue. On the other, Velcro. Kessler said contracts of adhesion were pro forma because there was no way a big business could have different contracts with thousands or millions of customers. What we lost, Kessler said, was freedom of contract, because it didn’t scale.

So, for a century and a half, in economic sectors from retail to health care, we have had dominant companies controlling captive markets, often enabled by captured regulators as well. This way of economic life is so deeply embedded that most of us believe, in effect, that “free market” means “your choice of captor.” Stockholm syndrome has become the norm, not the exception.

Thus it is also no surprise that marketing, the part of business that’s supposed to “relate” to customers, calls us “targets” and “assets” they “acquire,” “control,” “manage,” “lock in” and “own” as if we are slaves or cattle. This is also why, even though big business can’t live without us, our personal influence on it is mostly limited to cash, coerced loyalty and pavlovian responses to coupons, discounts and other marketing stimuli.

Small businesses are in the same boat. As customers, we can can relate personally, face to face, with the local cleaner or baker or nail salon. Yet, like their customers, most small businesses are also at the mercy of giant banks, credit agencies, business management software suppliers and other big business services. Many more are also crushed by big companies that use big compute power and the Internet to eliminate intermediaries in the supply chain.

It gets worse. In Foreign Policy today, Parag Khanna reports on twenty-five companies that “are more powerful than many countries.” In addition to the usual suspects (Walmart, ExxonMobil, Apple, Nestlé, Maersk) he also lists newcomers such as Uber, which is not only obsoleting the taxi business, but also the government agencies that regulate it.

It also gets more creepy, since the big craze in big business for the last few years has been harvesting “behavioral” data. While they say they’re doing it to “deliver” us a “better experience” or whatever, their main purpose is to manipulate each of us for their own gain. Here’s how Shoshana Zuboffunpacks that in Secrets of Surveillance Capitalism:

Among the many interviews I’ve conducted over the past three years, the Chief Data Scientist of a much-admired Silicon Valley company that develops applications to improve students’ learning told me, “The goal of everything we do is to change people’s actual behavior at scale. When people use our app, we can capture their behaviors, identify good and bad behaviors, and develop ways to reward the good and punish the bad. We can test how actionable our cues are for them and how profitable for us”…

We’ve entered virgin territory here. The assault on behavioral data is so sweeping that it can no longer be circumscribed by the concept of privacy and its contests.  This is a different kind of challenge now, one that threatens the existential and political canon of the modern liberal order defined by principles of self-determination that have been centuries, even millennia, in the making. I am thinking of matters that include, but are not limited to, the sanctity of the individual and the ideals of social equality; the development of identity, autonomy, and moral reasoning; the integrity of contract, the freedom that accrues to the making and fulfilling of promises; norms and rules of collective agreement; the functions of market democracy; the political integrity of societies; and the future of democratic sovereignty.

And that might be the short list. And an early one too.

Think about what happens when the “Internet of Things” (aka IoT) comes to populate our private selves and spaces? The marketing fantasy for IoT is people’s things reporting everything they do, so they can be studied and manipulated like laboratory mice.

Our tacit agreement to be mice in the corporate mazes amounts to a new social contract in which nobody has much of a clue about what the consequences will be. One that’s easy to imagine is personalized pricing based on intimate knowledge gained from behavioral tracking through the connected things in our lives. In the new world where our things narc on us to black boxes we can’t see or understand, our bargaining power falls to zero. So does our rank in the economic caste system.

But hope is not lost.

With the Internet, scale for individuals is thinkable, because the Internet was also designed from the start to give every node on the network the ability to connect with every other node, and to reduce the functional distance between all of them as close to zero as possible. Same with cost. As I put it in The Giant Zero,

On the Net you can have a live voice conversation with anybody anywhere, at no cost or close enough. There is no “long distance.”

On the Net you can exchange email with anybody anywhere, instantly. No postage required.

On the Net anybody can broadcast to the whole world. You don’t need to be a “station” to do it. There is no “range” or “coverage.” You don’t need antennas, beyond the unseen circuits in wireless devices.

In a 2002 interview Peter Drucker said, “In the Industrial Age, only industry was in a position to raise capital, manufacture, ship and communicate at scale, across the world. Individuals did not have that power. Now, with the Internet, they do.”*

The potential for this is summarized by the “one clue” atop The Cluetrain Manifesto, published online in April 1999 and in book form in January 2000:

Cluetrain's "one clue"

What happens when our reach is outward from our own data, kept in our own spaces, which we alone control? For other examples of what could happen, consider the personal computer, the Internet and mobile computing and communications. In each case, individuals could do far more with those things than centralized corporate or government systems ever could. It also helps to remember that big business and big government at first fought—or just didn’t understand—how much individuals could do with computing, networking and mobile communications.

Free, independent and fully human beings should be also good for business, because they are boundless sources of intelligence, invention, genuine (rather than coerced or “managed”) loyalty and useful feedback—to an infinitely greater degree than they were before the Net came along.

In The Intention Economy: When Customers Take Charge (Harvard Business Review Press, 2012), I describe the end state that will emerge when customers get scale with business:

Rather than guessing what might get the attention of consumers—or what might “drive” them like cattle—vendors will respond to actual intentions of customers. Once customers’ expressions of intent become abundant and clear, the range of economic interplay between supply and demand will widen, and its sum will increase… This new economy will outperform the Attention Economy that has shaped marketing and sales since the dawn of advertising. Customer intentions, well-expressed and understood, will improve marketing and sales, because both will work with better information, and both will be spared the cost and effort wasted on guesses about what customers might want, and flooding media with messages that miss their marks.

The Intention Economy reported on development work fostered by ProjectVRM, which I launched at the Berkman Center for Internet and Society in 2006. Since then the list of VRM developments has grown to many dozens, around the world.

VRM stands for Vendor Relationship Management. It was conceived originally as the customer-side counterpart of Customer Relationship Mangement, a $23 billion business (Gartner, 2014) that has from the start been carrying the full burden of relationship management on its own. (Here’s a nice piece about VRM, published today in CMO.)

There are concentrations of VRM development in Europe and Australia, where privacy laws are strong. This is not coincidental. Supportive policy helps. But it is essential for individuals to have means of their own for creating the online equivalent of clothing and shelter, which are the original privacy technologies in the physical world—and are still utterly lacking in the virtual one, mostly because it’s still early.

VRM development has been growing gradually and organically over the past nine years, but today are three things happening  that should accelerate development and adoption in the near term:

  1. The rise of ad, tracking and content blocking, which is now well past 200 million people. This gives individuals two new advantages: a) The ability to control what is allowed into their personal spaces within browsers and apps; and b) Potential leverage in the marketplace — the opportunity to deal as equals for the first time.
  2. Apple’s fight with the FBI, on behalf of its own customers. This too is unprecedented, and brings forward the first major corporate player to take the side of individuals in their fight for privacy and agency in the marketplace. Mozilla and the EFF are also standout players in the fight for personal freedom from surveillance, and for individual equality in dealings with business.
  3. A growing realization within CRM that VRM is a necessity for customers, and for many kinds of positive new growth opportunities. (See the Capgemini videos here.)

To take full advantage of these opportunities, VRM development is necessary but insufficient. To give customers scale, we also need an organization that does what VRM developers alone cannot: develop terms of engagement that customers can assert in their dealings with companies; certify compliance with VRM standards, hold events that customers lead and do not merely attend, prototype products (e.g. Omie) that have low commercial value but high market leverage, bring millions of members to the table when we need to bargain with giants in business — among other things that our members will decide.

That’s why we started Customer Commons, and why we need to ramp it up now. In the next post, we’ll explain how. In the meantime we welcome your thoughts.


* Drucker said roughly this in a 2001 interview published in Business 2.0 that is no longer on the Web. So I’m going from memory here.

Privacy is an Inside Job

The Searls Wanigan, 1949
Ordinary people wearing and enjoying the world’s original privacy technology: clothing and shelter. (I’m the one on top. Still had hair then.)

Start here: clothing and shelter are privacy technologies. We use them to create secluded spaces for ourselves. Spaces we control.

Our ancestors have been wearing clothing for at least 170,000 years and building shelters for at least half a million years. So we’ve had some time to work out what privacy means. Yes, it differs among cultures and settings, but on the whole it is well understood and not very controversial.

On the Internet we’ve had about 21 years*. That’s not enough time to catch up with the physical world, but hey: it’s still early.

It helps to remember that nature in the physical world doesn’t come with privacy. We have to make our own. Same goes for the networked world. And, since most of us don’t yet have clothing and shelter in the networked world, we’re naked there.

So, since others exploit our exposure — and we don’t like it — privacy on the Internet is very controversial. Evidence: searching for “privacy” brings up 4,670,000,000 results. Most of the top results are for groups active in the privacy cause, and for well-linked writings on the topic. But most of the billions of results below that are privacy policies uttered in print by lawyers for companies and published because that’s pro forma.

Most of those companies reserve the right to change their policies whenever they wish, by the way, meaning they’re meaningless.

For real privacy, we can’t depend on anybody else’s policies, public or private. We can’t wait for Privacy as a Service. We can’t wait for our abusers to get the clues and start respecting personal spaces we’ve hardly begun to mark out (even though they ought to be obvious). And we can’t wait for the world’s regulators to start smacking our abusers around (which, while satisfying, won’t solve the problem).

We need to work with the knitters and builders already on the case in the networked world, and recruit more to help out. Their job is to make privacy policies technologies we wear, we inhabit, we choose, and we use to signal what’s okay and not okay to others.

The EFF has been all over this for years. So have many developers on the VRM list. (Those are ones I pay the most attention to. Weigh in with others and I’ll add them here.)

The most widely used personal privacy technology today is ad and tracking blockingMore than 200 million of us now employ those on our browsers. The tools are many and different, but basically they all block ads and/or tracking at our digital doorstep. In sum this amounts to the largest boycott in human history.

But there’s still no house behind the doorstep, and we’re still standing there naked, even if we’ve kept others from planting tracking beacons on us.

One of the forms privacy takes in the physical world is the mutual understanding we call manners, which are agreements about how to respect each others’ intentions.

Here at Customer Commons, we’ve been working on terms we can assert, to signal those intentions. Here’s a working draft of what they look like now:

UserSubmittedTerms1stDraft

That’s at the Consent and Information Working Group. Another allied effort is Consent Receipt.

If you’re working on privacy in any way — whether you’re a geek hacking code, a policy maker, an academic, a marketer trying to do the right thing, or a journalist working the privacy beat — remember this: Privacy is personal first. Before anything elseIf you’re not working on getting people clothing and shelter of their own, you’re not helping where it’s needed.

It’s time to civilize the Net. And that’s an inside job.

__________________

*If we start from the dawn of ISPs, graphical browsers, email and the first commercial activity, which began after the NSFnet went down on 30 April 1995.

 

 

 

New Rules for Privacy Regulations

The Wall Street Journal has an informative conversation with Lawrence Lessig: Technology Will Create New Models for Privacy Regulation. What underlies a change toward new models are two points: the servers holding vast user databases are increasingly (and very cheaply) breached, and the value of the information in those databases is being transferred to something more aligned to VRM: use of the data, on a need to know basis. Lessig notes:

The average cost per user of a data breach is now $240 … think of businesses looking at that cost and saying “What if I can find a way to not hold that data, but the value of that data?” When we do that, our concept of privacy will be different. Our concept so far is that we should give people control over copies of data. In the future, we will not worry about copies of data, but using data. The paradigm of required use will develop once we have really simple ways to hold data. If I were king, I would say it’s too early. Let’s muddle through the next few years. The costs are costly, but the current model of privacy will not make sense going forward.

The challenge, notes Lessig, is “a corrupt Congress” that is more interested in surveillance than markets and doing business. Perhaps that isn’t a problem, according to an Associated Press poll (which has no bias, of course!):

According to the new poll, 56 percent of Americans favor and 28 percent oppose the ability of the government to conduct surveillance on Internet communications without needing to get a warrant. That includes such surveillance on U.S. citizens. Majorities both of Republicans (67 percent) and Democrats (55 percent) favor government surveillance of Americans’ Internet activities to watch for suspicious activity that might be connected to terrorism. Independents are more divided, with 40 percent in favor and 35 percent opposed. Only a third of Americans under 30, but nearly two-thirds 30 and older, support warrantless surveillance.

Right. After all, who needs business?

Personal Information Economy 2015 – London

The Personal Information Economy 2015 conference is coming up! From the event page:

As a new digital age unfolds brands have a make-or-break strategic opportunity to place their customer relationships on a powerful new footing.

The opportunity: to work with customers to create new ‘Me2B’ services that empower them with data and help them use this data to meet previously unmet needs, such as making better decisions and organising and managing their lives better.

Brands that enable these new relationships and services are sustaining and deepening customer trust, growing revenue streams and profits, differentiating themselves in crowded markets, and positioning themselves strategically at the forefront of the digital economy.

Details:

Personal Information Economy 2015: Growth Through Trust
The rise of Me2B commerce
Event Venue:
Kings Place, 90 York Way, London, N1 9AG
Event Date: Tuesday, December 8th 2015 from 09:00 to 19:00 (GMT)
More information here.

The Personal Data Eco-system

Post from 2009 reposted here to facilitate further discussion.

At the VRM workshop, we discussed the need for the concept of the Personal Data Store, what it would do in practice, and what that will ultimately enable.

Why we need such things – because individuals have a complex need to manage personal information over a lifetime, and the tools they have at their disposal today to do so are inadequate. Existing tools include the brain (which is good but does not have enough RAM, onboard storage, or an ethernet socket……thankfully), stand alone data stores (paper, spreadsheets, phones, which are good but not connected in secure ways that enable user-driven data aggregation and sharing), and supplier based data stores (which can be tactically good but are run under the supplier provided terms and conditions). NB Our current perception of ‘personal data stores’ is shaped by the good ones that are out their (e.g. my online bank, my online health vault); what we need is all of that functionality, and more – but working FOR ME.

What they will do/ enable – the term Personal Data Store is not an ideal term to describe a complex set of functions, but it is what it is until we get a better one (the analogy I’d use in more ways than one is the term ‘data warehouse’ – again a simplistic term that masks a lot of complex activity). A Personal Data Store can take two basic forms:

Operational Data Stores – that get things done, and only need store sufficient breadth and depth of data to fulfill the operation they are built for (e.g. pay a credit card bill, book a doctor’s appointment, order my groceries).

Analytical Data Stores – that underpin and enable decision making, and which typically need a more tightly defined, but much deeper data-set that includes data from a range of aspects of life rather than just that from one specific operation (e.g. plan a home move, buy a car, organise an overseas trip).

A sub-set of the individual’s overall data requirement will lie in both of the above, this being the data that then integrates decision-making and doing.

In both cases, the functionality required is to source, gather, manage, enhance and selectively disclose data (to presentation layers, interfaces or applications).

We also discussed ‘who has what data on you’ and introduced the following diagrams to explain current state and target state (post deployment of Volunteered Personal Information (VPI) tech and standards).

The key terms that require explanation are:

My Data – is the data that is undeniably within, and only within, the  domain of an individual. It’s defining characteristic is that it has demonstrably not been made available to any other party under a signed, binding agreement. This space has been increasingly encroached upon by technology and organisations in recent history (e.g. behavioural tracking tools like Phorm) and this encroachment will continue. Indeed a general comment can be made that ‘my data’ equates to privacy in the context of personal data; so the rise of the surveillance society and state is a direct assault on ‘My Data’. Management of ‘My Data’ can be run by the individual themselves, or outsourced to a ‘fourth party service’.

Your Data – is the data that is undeniably within the domain of an organisation; either private, public or third sector. Proxy views of this data may exist elsewhere but are only that. This data would include, for example, the organisations own master records of their product/ service range, their pricing, their costs, their sales outlets and channels. Customer-facing views of much of Your Data is made available for reproduction in the ‘Our Data’ intersect.

Our Data – is the data that is jointly accessible to both buyer and seller/ service provider, and also potentially to any other parties to an interaction, transaction or relationship. It is the data that is generated through engaging in interactions and transactions in and around a customer/ supplier relationship. Despite being ‘our’ data, it is probably technically owned, or at least provided under terms of service designed by the seller/ service provider; in practical terms this also means that the seller/ service provider dictates the formats in which this data exists/ is made available.

Their Data – is the data built/ owned/ sold by third party data aggregators, e.g. credit bureaux, marketing data providers in all their forms. It’s defining characteristic is that it is only available/ accessible by buying/ licensing it from the owner.

Everybody’s Data – is the public domain data, typically developed/ run by large, public sector(ish) entities including local government (electoral roll), Post Offices (postal address files), mapping bureau (GIS). Typically this data is accessible under contract, but the barriers to accessing these contracts are set low – although often not low enough that an individual can engage with them easily.

The Basic Identifier Set/ Bit in the Middle – this is the core personal identity data which, like it or not, exists largely in the public domain – most typically (but not exclusively) as a result of electoral rolls being made available publicly, and specifically to service providers who wish to build things from them. This characteristic is that which enables the whole personal eco-system and its impact on data privacy to exist, with the individual as the un-knowing ‘point of integration’ for data about them.

Propeller Current State

The ovals in the venn diagram represent the static state, i.e. where does data live at a point in time. The flow arrows show where data flows to and from in this eco-system; I use red to signify data flowing under terms and conditions NOT controlled by the individual data subject.

Flow 1 (My Data to Your Data, and My Data to Our Data) – Individuals provide data to organisations under terms and conditions set by the organisation, the individual being offered a ‘take it or leave it’ set of options. Some granularity is often offered around choices for onward data sharing and use, i.e. the ‘tick boxes’ we all know and which are one of the main bitsof legacy CRM that VRM will fix.

Flow 2 (Your Data to Your Data, including Our Data) – Organisations share data with other organisations, usually through a back-channel, i.e. the details of the sharing relationship are typically not known to the data subject.

Flow 3 (Your Data, including Our Data to Their Data) – Organisations share data with a specific type of other organisation, data aggregators, under terms and conditions that enable onward sale. Typically the sharer is paid for this data/ has a stake in the re-sale value.

Flow 4 (Everybody’s Data to Their Data) – Data Aggregators use public domain data sources to initiate and extend their commercial data assets.

The target state is shown below, a different scenario altogether – and one which I believe will unfold incrementally over the next ten years or so…..data attribute by data attribute, customer/ supplier management process by customer/ supplier management process, industry sector by industry sector. In this scenario, the individual and ‘My Data’ becomes the dominant source of many valuable data types (e.g. buying intentions, verified changes of circumstance), and in doing so eliminates vast amounts of guesswork and waste from existing customer/ citizen managment processes.

The key new capabilities required to enable this to happen are those being worked on in the User Driven and Volunteered Personal Information work groups at Kantara (one tech group, one policy/ commerce one), and elsewhere within and around Project VRM. The new capabilities will consist of:

– personal data store(s), both operational and analytical

– data and technical standards around the sharing of volunteered personal information

– volunteered personal information sharing agreements (i.e. contracts driven by the individual perspective, creative commons-like icons for VPI sharing scenarios)

– audit and compliance mechanics

Around those capabilities, we will need to build a compelling story that clearly articulates, in a shared lexicon (thanks to Craig Burton for reminding us of the importance of this – watch this space), the benefits of the approach – for both individuals and organisations.

The target state that will emerge once these capabilities begin to impact will include the 4 additional individual-driven information flowsover and above the current ones. The defining characteristic of these new flows is that the can only be initiated by the data subject themselves, and most will only occur when the receiving entity has ’signed’ the terms and conditions asserted by the individual/ data subject. The new flows are:

Flow 5 (My Data to Your Data (inc Our Data) – Individuals will share more high value, volunteered information with their existing and potential suppliers, eliminating guesswork and waste from many customer management processes. In turn, organisations will share their own expertise/ data with individuals, adding value to the relationship.

Flow 6 (Everybody’s Data to My Data) – With their new, more sophisticated personal information management tools, individuals will be able to take direct feeds from public domain sources for use on their own mashups and applications (e.g. crime maps covering where I live/ travel)

Flow 7 (My Data to (someone else’s) My Data) – An enhanced version of ‘peer to peer’ information sharing.

Flow 8 (My Data to Their Data) – The (currently) unlikely concept of the individual making their volunteered information available to/ through the data aggregators. Indeed we are already starting to see the plumbing for this new flow being put in place with the launch of the Acxiom Identity Card.

Propeller Target State

The implications of the above are enormous, my projection being that over time some 80% of customer management processes will be driven from ‘My Data’. I’m pretty confident about that, a) because we are already see-ing the beginning of the change in the current rush for ‘user generated content’ (VPI without the contract), and b) because the economics will stack up. Organisation need data to run their operations – they don’t really mind where it comes from. So, if a new source emerges that is richer, deeper, more accurate, less toxic – and all at lower cost than existing sources; then organisations will use this source.

It won’t happen overnight obviously; as mentioned above specific tools, processes and commercial approaches need to emerge before this information begins to flow – and even then the shift will be slow but steady, probably beginning with Buying Intention data as it is the most obvious entry point with enough impact to trigger the change. That said, the Mydex social enterprise already has a working proof of concept up and running showing much of the above working. A technical write up of the proof of concept build can be found here. And the market implications of this are explored in more detail in new research on the market value of VPI shortly to be published by Alan Mitchell at Ctrl-Shift.

The two hour session at the VRM workshop was barely enough to scratch the surface of the above issues, so the plan is to continue the dialogue and begin specifying the capabilities required in detail in the User Driven and Volunteered Personal Information (technology) workgroup at The Kantara Initiative. The workgroup charter can be found here. A parallel workgroup focused on business and policy aspects will also be launched in the next few weeks. Anyone wishing to get involved in the workgroup can sign up to the mailing list hereand we’ll get started with the work in the next couple of weeks.

We are not fish and advertising is not food

This is how the Internet looks to the online advertising business today:

2manyfish

This is how they approach it:

fishfeeding

And this is the result:

fishfeeding_mess

Advertising is a huge source of the “data pollution” Fred Wilson talked about at LeWeb a few weeks ago. (See here, starting at about 23 minutes in.)

What’s wrong with this view, and this approach, is the architectural assumption that:

  1. We are consumers and nothing more. Fish in a bowl.
  2. The Net — and the Web especially — is a container.
  3. Advertisers have a right to target us in that container. And to track us so we can be targeted.
  4. Negative externalities, such as data pollution, don’t matter.
  5. This can all be rationalized as an economic necessity.

Yet here is what remains true, regardless of the prevailing assumptions of the marketing world:

  1. We are not fish. Rather, as Cluetrain put it (in 1999!), we are not seats or eyeballs or end users or consumers. we are human beings and our reach exceeds your grasp. deal with it.
  2. The Net was designed as a wide open space where all the intelligence that matters is at its ends, and each of us sits (stands, walks, drives) at one.
  3. Even if advertisers have a legal right to target us, their manners are terrible and doomed for correction.
  4. Negative externalities matter. A lot. As Fred said in his talk, we eventually dealt with the pollution caused by industry, and we’ll deal with it in the virutal world as well.
  5. The larger economic necessity is for a well-functioning marketplace. We’ll get that online once free customers prove more valuable than captive ones.

The key is to replicate online the experience of operating as a free and independent customer in the physical world.

For example, when you go into a store, your default state is anonymity. Unless you are already known by name to the people at the store,  you are nameless by default. This is a civic grace. There is no need to know everybody by name, and to do so might actually slow things down and make the world strange and creepy. (Ask anybody who has lived in a surveillance state, such as East Germany before it fell, what it is like to be followed, or to know you might be followed, all the time.) We haven’t yet invented ways to be anonymous online, or to control one’s anonymity. But that’s a challenge, isn’t it? Meaning it is also a market opportunity.

We’ve lived in a fishbowl long enough. Time to get human. I guarantee there’s a lot more money coming from human beings than from fish whose only utterances are clicks.