Follow up on previous thoughts on data and ownership… as cross-posted from VRM Hub.
Talking about ownership of data online in terms of control is fairly pointless. Once your data is out, it’s out. So instead of delving into the meaning of ownership and what it means in a decentralised, distributed and open network where sharing and transparency are default, let’s look at how the data is generated by the individual and shared through interactions with others.
Data as generated online is akin to a positive externality for the vendors and platforms that capture our data. Positive externality* is something that is not part of the value traded in market exchanges. It is something one of the parties in the trade benefits from, without having to pay for it. For illustration, pollution is considered a negative externality as it is
a) a by-product of manufacturing processes and,
b) is not included in the cost or price of the products.
So, when I am buying something from Amazon or Virgin Atlantic site, the explicit value exchange is the goods they provide and the money I pay for those goods. My data is external to that value exchange – the vendor is not paying for it and I am not being paid for it. In the current set-up (no pun intended), the vendors benefit by using the data in ways that help their business, from mining to selling it on. I, on the other hand, have scant legal protection against that and even with all the laws in place such as Data Protection Act and other restrictions on those who capture my data, a large portion of data collected from me is for marketing purposes.. and usually way above the threshold of legally required data to complete transactions.
The advent of the ‘free’ web has mightily confused the distinction between data as part of a value exchange and data as a positive externality – simply because most platforms with web services have turned what is essentially an external benefit from other exchanges to foundations of their business models. The ‘free services’ I receive are ‘paid for’ by my attention and/or my data – both eagerly gathered by various platforms. Advertising is a way to monetise my attention aka eyeball and the race to monetising my data (short of crude selling on) is still on.
In this context I own my data (in a way I own my attention) and neither should be considered a payment for the (free) web services unless it is specified in the terms of the exchange or service. It is merely a shift from one business model – online retail such as Amazon – to another where data becomes the value exchanged tacitly and without clear understanding. This is another reason why privacy remains an issue with such web services and platforms. As long as I have to depend on a third party to protect my privacy, it will be exposed by accident (incompetence), force (authorities) or abuse (marketing & advertising).
The tensions between the data created and managed by us and the tools we use belonging to someone else, are becoming obvious on the social web. Mike Arrington’s outrage a few months back when Facebook was turning its back on FriendConnect is justified.
The fact is, this isn’t Facebook’s data. It’s my data. And if I give Google permission to do stuff with it, I’m damned well within my rights to do so. By blocking Google, Facebook has blocked ME. And that, frankly, kind of frustrates me.
Let me put this another way. How dare Facebook tell ME that I cannot give Google access to this data!
Arrington also condemns Scoble’s early attempts at ‘data portability’:
Scoble has been on the wrong side of this issue before, when he tried to scrape his friend’s contact information out of Facebook and export it to Plaxo. In that case, it wasn’t his data and he didn’t have the right to make it portable. It’s MY data, once again, and only I should be allowed to make that decision. He thinks his new position shows that he gets the importance of privacy, but once again he isn’t thinking in terms of who really owns the data and should be allowed to make decisions around it.
Here we go, ownership of data again. So when I add someone to my network, together with his photo and other profile details, I do not ‘own’ that data. It seems pretty pointless to debate that as whenever I sign-up to a social network platform, I am agreeing to the terms and conditions of their relationship with me and to what happens to my data, privacy etc. All my agreements are with the platforms and the way I enter those agreements is definitely lacking in balance of power. We do live in the early days of individual empowerement… but even so, there is a distinct lack of tools that will allow me to be a node in a network independent of someone else’s silo or a platform. I have the same question as Danny O’Brien:
When you want to make a private picture or note available only to your friends, why do you hand it over to a multi-national corporation first?
Moreover, within social networking platforms, there is no corresponding agreement with other users. The terms of service are between me and Facebook, me and MySpace, me and Twitter, me and Flickr, me and Plaxo, me and LinkedIn, me and the socnet du jour… but they do not extend to my relationships with other individuals on the same platform. Relationships are pre-defined, much the same way terms & conditions are, from the point of the platoform, not from the point of the individual. So ironically, social networking platforms designed to help me connect with others, to create and maintain relationships with them, are not allowing me to define those very relationships…
In other words, there is no way to interact with others within the silos based on what I call P2P terms and conditions. These could be privacy agreements, if we so wish, ranging from simply not-bothered-about-what-happens-to-my-contact -details-in-your-social-graph all the way to granulated preferences for different people in my contact list. So just like in the real world – there are people I’d trust with my address book and there are some I wouldn’t trust with my address. Instead of building complicated systems and using technology to make such nuances in relationships explicit, I need tools to help me manage the complexity of human relationships. I need tools to reflect what is already in my head implicitly and defines me as a social animal. Do not tie me up in legal pretzels over various policies, creating permissions and access management nightmares in the process. In the words of Kevin Marks as paraphrased from his Social Cloud talk at Lift08:
Software cannot match out ability to sort out our friends and contact, establish how much we trust them and how we arrive at that trust. No software can fully map the relationships, let alone replace our natural ability to create and maintain them The implication is that therefore software should support the kind of cloud abstraction we have around the internet, also around our social relationships. You can feed it (the social networking app) relationships that are in the ’software in your head’, feed the stuff related to people in your network to software online. Users will assume that your software (this is aimed at developers) will be able to see the information that they have already fed into the software and be able to use it.
Indeed! By I digress. To recap, my data is a kind of externality to purchasing transactions, just like attention is an externality to my reading, watching or listening to something else. Marketing lives off my data, advertising lives off my attention. My data (and by extension me) is not respected because companies can trade it as a commodity without paying for it. The way to address this is not to make them pay for the data (and create many snake oil intermediaries in the process) but to make it possible for companies to enter into relationships with the true owners of the data.
So what is to be done? How to internalise the externality? How do I regain control over something that originates from me and is used in my transactions with others? This is the stuff of VRM.
Broadly speaking, it is about finding tools & technology to give the individual sovereignty over his data, so he can exercise choice over who gets to see it and under what circumstances. This will change the balance of powers and eventually demonstrate to companies that respecting people’s data (and by extension them), they can make more money.
* Definition of externality: Economic theory considers any voluntary exchange to be mutually beneficial to both parties, for example a buyer and seller. Any exchange, however, can result in additional positive or negative effects on third parties. Those who suffer from external costs do so involuntarily, while those who enjoy external benefits do so at no cost. Data is an externality without the third party, where the afffected party is also participating in the transaction. So not an exact theoretical match, but perhaps still helpful in understanding how we got to the point where ‘free services’ feel entitled to their users data.