a) a by-product of manufacturing processes and,
b) is not included in the cost or price of the products.

So, when I am buying something from Amazon or the Virgin Atlantic website, the explicit value exchange is the goods they provide and the money I pay for those goods. My data is external to that value exchange - the vendor is not paying for it and I am not being paid for it. In the current set-up (no pun intended), the vendors benefit by using the data in ways that help their business, from mining to selling it on. On the other hand I have scant legal protection against that and even with all the laws in place such as Data Protection Act and other restrictions on those who capture my data, a large portion of data collected from me is for marketing purposes - usually way above the threshold of data legally required to complete transactions.

The advent of the ‘free’ web has mightily confused the distinction between data as part of a value exchange and data as a positive externality - simply because most platforms with web services have turned what was essentially an external benefit from other exchanges, into the foundations of their business models. The ‘free services’ I receive are ‘paid for’ by my attention and/or my data - both eagerly gathered by various platforms. Advertising is a way to monetise my attention, aka eyeballs, and the race to monetising my data, other than crudely selling it, is still on.

In this context I own my data, in the same way I own my attention, and neither should be considered a payment for (free) web services unless it is specified in the terms and conditions of the exchange or service. It is merely a shift from one business model - online retail such as Amazon - to another where data becomes the value exchanged tacitly and without clear understanding. This is another reason why privacy remains an issue with such web services and platforms - as long as I have to depend on a third party to protect my privacy, it will be exposed by accident or incompetence, force by authorities or abuse - marketing and advertising.

The tensions between the data which is created and managed by us, and the tools we use and which belong to someone else, are becoming obvious on the social web. Mike Arrington’s outrage a few months back when Facebook was turning its back on FriendConnect is justified.

The fact is, this isn’t Facebook’s data. It’s my data. And if I give Google permission to do stuff with it, I’m damned well within my rights to do so. By blocking Google, Facebook has blocked ME. And that, frankly, kind of frustrates me.

Let me put this another way. How dare Facebook tell ME that I cannot give Google access to this data!

Arrington also condemns Scoble’s early attempts at ‘data portability’:

Scoble has been on the wrong side of this issue before, when he tried to scrape his friend’s contact information out of Facebook and export it to Plaxo. In that case, it wasn’t his data and he didn’t have the right to make it portable. It’s MY data, once again, and only I should be allowed to make that decision. He thinks his new position shows that he gets the importance of privacy, but once again he isn’t thinking in terms of who really owns the data and should be allowed to make decisions around it.

Here we go, "ownership of data" again. So when I add someone to my network, together with his photo and other profile details, I do not ‘own’ that data. It seems pretty pointless to debate that as whenever I sign-up to a social network platform, I am agreeing to the terms and conditions of their relationship with me and to what happens to my data, privacy etc. All my agreements are with the platforms and the way I enter those agreements is definitely lacking in balance of power. We do live in the early days of individual empowerment, but even so there is a distinct lack of tools that will allow me to be part of a network whilst independent of someone else’s silo, or allow me to become a 'platform'. 

Data policy I can call my own

Not only I am agreeing to terms and conditions of a relationship with social networking platforms, there is also no corresponding agreement with other users. The terms of service are between me and Facebook, me and MySpace, me and Twitter, me and Flickr, me and Plaxo, me and LinkedIn, me and the "socnet de jour". They do not extend to my relationships with other individuals on the same platform. Relationships are defined the same way as terms & conditions are: from the point of the platform, not from the point of the individual. So, ironically, social networking platforms designed to help me connect with others, to create and maintain relationships with them, are not really allowing me to define those very relationships.

In other words: there is no way to interact with others within the silos based on what I'd call P2P terms and conditions. These could be privacy agreements if we wish, ranging from simply not-bothered-about-what-happens-to-my-contact-details-in-your-social-graph all the way to granulated preferences for different people in my contact list. So - just like in the real world - there are people I’d trust with my address book and there are some I wouldn’t trust with my address. Instead of building complicated systems and using technology to make such nuances in relationships explicit, I need tools to help me manage the complexity of human relationships. I need tools to reflect what is already implicit, in my head and which defines me as a social animal whilst not tying me up in legal pretzels over various policies, permissions and access management nightmares. To paraphrase Kevin Marks' Social Cloud talk at Lift08:

Software cannot match out ability to sort out our friends and contact, establish how much we trust them and how we arrive at that trust. No software can fully map the relationships, let alone replace our natural ability to create and maintain them The implication is that therefore software should support the kind of cloud abstraction we have around the internet, also around our social relationships. You can feed it (the social networking app) relationships that are in the ’software in your head’, feed the stuff related to people in your network to software online. 

Data Imprisonment

As an individual my relationship to my data can be described in matrix of several kinds of imprisonment - and I am interested in building an option where none of these are the case:

Jail with visiting rights - closed platform a la Facebook, MySpace, Bebo, Flickr, Amazon, Expedia, online bank statements and any site that doesn’t allow export of data in interoperable format. My data is under lock and key elsewhere, and I cannot get more than a view of it through the bars of the jail. For instance I would manually enter my profile or other data into a Facebook applications (and now a few ‘trusted parties’), but there is little or no hope that I could get the data back out again, other to save the JPEGs of the resulting output (screen grabs) - which decimate rather than reflect the value of the original input. Further, my data starts losing weight, as any inmate locked up. As the original data is never at my beckoning, all I can play with is its "representation".

House arrest - desktop applications for data management, iTunes, Excel spreadsheet, word processing, etc. Example, my music (ripped, not bought from the iTunes store) is my data is on my computer in a format that is hard to share with anyone. The software is not designed to enable sharing of data - the net result is my data is nominally under my control, but it is just as locked up as Facebook. (No export or no guarantee that exported data is in a mashable format)

Open prison - online data management tools, Wesabe, uploading from iPhoto or Picasa to Flickr.com. This means I can share (better than house arrest) but the data is centralised a little like Facebook (almost as bad as jail with visiting rights) and although the rendering tools are more advanced and, being centralised, can be upgraded without user intervention, there is still a big similarity to glimpsing my data which is held within the jail.

Out on bail - feed readers and online calendars, e.g. OPML, Google Calendar, iCal. The data is more or less yours and mostly under your control for export, import and sharing. But it can’t travel far and there is only so much you can do with it. It certainly can’t be mashed up with data in other formats or on other topics than calendar or feeds. (Dopplr lets you go furthest in combining calendar, Flickr and map data etc).

Out of jail - I hold my data on (explicitly) my resource for sharing; I can share my data beyond just what Flickr, del.icio.us, etc, provide as tools to render my data, and in more places than just those platforms - for instance with a supermarket or gym or others (vendor?) who could benefit from knowing what I am eating and when I am exercising. In short: the Mine! enables controlled sharing beyond the Mine!’s own rendering itself. The bars are removed and your data can go where you desire it to.

Doesn’t that turn Plaxo Pulse, Friendfeed and other such aggregators into a prison parade?

I want my data out of jail. I want to be able to take charge of my data (content, relationships, transactions, knowledge), arrange (analyse, manipulate, combine, mash-up) it according to my needs and preferences and share it on my own terms whilst connected and networked on the web.

Data scaffolding

For some type of data a flow aka activity stream is just fine, Twitter, Flickr, FriendFeed, PlaxoPulse, Facebook etc. Structures sometimes emerge - sets, rooms, groups. For other purposes I may need alternative data structures and new functionality to build them. A good foundation would be a pool of tagged objects, flexible and without pre-determined data taxonomy. Through ownerships of the actual data, as opposed to its representation, e.g. Facebook, Amazon reviews, the individual user will be able to manipulate them at will.

Here are some ways of thinking about data organisation:

• skeleton - data structures created prior to data input as a skeleton for data with known or standard structures to be stored in later, e.g. medical or financial data or other complex data
• companion  - created with input of new data e.g. when you upload photos, you create sets; when you bookmark a link, you add tags and notes etc
• librarian - created on retrieval, the hierarchy or structure emerges at click of button depending on what you are looking and on the flow or the dynamic of the data, e.g. I click on a tag in del.icio.us and get all articles tagged with it
• shoe-horn - rendered through a single vision – google reader and del.icio.us, pick your means of rendering – by tag, by who person, date, no tag at all
• builder - created from a pool of objects, with tags and meta-data, with functionality that helps you create whatever hierarchy you want

Hierarchy is often synonymous with order. A feature of hierarchy of information (taxonomy) is that it exists outside the user’s mind. The web has driven home the point that taxonomy is by far not the only order possible.

But what about convenience? If users have to determine not only the data flows but their underlying structure, doesn't that mean more work? To flip the way we tend to think, from the user’s point of view the structure (taxonomy) doesn’t have to precede data. Emergent order is more user-friendly in the long run - think folksonomies and tags vs. directories and folders. In short: order and complexity should come from usage, not design.

Data in transactions

My data is an externality to purchasing transactions, just like attention is an externality to my reading, watching or listening to something else. Marketing lives off my data, advertising lives off my attention. My data (and by extension me) is not respected because companies can trade it as a commodity without paying for it. The way to address this is not to make them pay for the data (and create many snake oil intermediaries in the process) but to make it possible for companies to enter into relationships with the true owners of the data.

So what is to be done? How can one internalise the externality? How do I regain control over something that originates from me and is used in my transactions with others? This is the stuff of VRM. Broadly speaking, it is about finding tools and technology that give the individual sovereignty over his data, so he can exercise choice over who gets to see it and under what circumstances. This will change the balance of power and eventually demonstrate to companies that by respecting people’s data, and by extension, respecting people, they can make more money.

More Social than Open

When it comes to sharing my data and activity streams with my friends and networks, I do not want to be restricted to social network aggregators - they are merely another type of prison for my data. As a user I want to take my information, profile, contacts and context with me wherever I want. If I invest my time in creating profiles and gathering contacts (thus inviting my friends to invest theirs) and in building context - which is more important than data - then I do not want to lock the value in a silo. Especially since if data itself has become a commodity then it can be replicated and distributed without the physical constraints of the offline world. What is now most valuable and rare is context because that still a) has to be created by humans and b) is not machine readable.

To elaborate on Tim O’Reilly’s two key principles of Web 2.0:

- It’s the data, stupid. (Formerly “Data is the Intel Inside”), and...

- Small pieces loosely joined.

I suggest one of the principles of the Social Web is:

     It’s the context, stupid.

Online 'social' applications need to be based and designed around the user, rather than yet another platform and its VC-fuelled growth - which is what every social network to date has been. If you design for the individual, the distributed approach is definitely the way. How can we design an architecture around increasing control over our data? Alec Muffett sums it up:

…should we consider making a VRM pilot and simplify our lives by making the assumption that the database would be wholly centralised? The answer to that was an emphatic NO; the reason being that working from a perspective of “the data is centralised in a fortress” will lead to thinking that will never be able to accommodate a distributed architecture; whereas there is nothing to prevent an architecture which is capable of distribution [from being configured to behave] in a wholly or partly centralised matter, as a convenience. In short: the web-browser would never have been invented had someone elected to ignore the distributed nature of the Web; instead, they would have merely yet again reinvented the file-browser. So: design it distributed, test it distributed but implement it however you choose.

Let's not throw the baby out with the social network bath water. Networking on Facebook, MySpace and other silos is like taking driving lessons. There is no recognisable direction. It seems pointless unless you know that you are just learning and practising. Facebook and MySpace seem a lot like that to me - but once people work out how to drive, know how to operate the machine and how to get from point A to point B, they will be able to decide what their destination is and get around under their own steam - and that’s when the real fun starts.

Social networks are good for communication with friends, if hardly of much use for early bloggers. It is great to find a long lost friend, knowing they exist is better than losing contact with them forever. Social networks enable one-to-many communication for individuals - unheard of before the age of the web unless you were a politician, an author, a celebrity, or had some sort of institutional backing whether through politics or the media. However today I can communicate efficiently and persistently with people in my contact list and let them expand upon that communication if they are interested.

Social networks are the ‘learning wheels’ for our identity online. From that perspective, they are not a waste of time, just as driving in a parking lot of a driving school is not pointless. It is about the ability to manage one’s own data, and network, and eventually one's identity. Even social networks built on closed platforms cannot diminish the first giddy experience of creating a profile that consists of more than just a username and data which serves the platform owner more than the user. It is the control, the flexibility, the fun and play, the ease of communication and technology that makes the whole experience dynamic and mildly addictive. For a while not much else will matter to most users and as a result privacy and security for many is "nice to have", rather than a "must have". I believe that will change as people become accustomed to having more control over their online environment. I want to be able to help when this happens and they'll want something more - to have their own car and their own choice of the destination, so I joined the VRM group hoping to equip people with their own vehicles - tools that enable them to take charge of their data, provide context for it, learn from them and pass them on as they see fit.

Anti-Social Software?

I want two basic functionalities from the online tools which help me organise my life and connect me with people. First, I want to capture and sort out my data, upload photos, take notes, cross-reference information, etc. For that I need applications that are more analytical than the current social media/web tools. Second, once I organise my stuff, I want to share it in ways that are more social than current web 2.0 tools allow me to be.

Social Matrix and the Blue Pill 

Our brains and minds are the best social networking tools. Software cannot match our ability to sort our friends and contacts, establish how much we trust them, and represent how we arrive at that trust. No software can fully map our relationships, let alone replace our natural ability to create and maintain them

 

At the moment, we are all connected to the matrix, the tubes still being more important than our freedom to move. The many silo-like platforms try to keep us hooked and locked in, whilst giving us enough delusion of capabilities. Alas, there is only so many times you can poke or zombie someone before you start wondering "what’s the point?"

The point is I want to be able to hook or unhook myself at will. I want to be able to connect and create relationships without lock-ins - other than the ones that relationships bring with them naturally.  I don’t believe I will be able to do that unless the tools are built around me, for me and eventually by me.

One of the fundamental building blocks of VRM is the ability of individual users to take charge of their data instead of managing them via a platform and ‘trading’ that data for the functionality that the platform might provide. Once I have it in my hands, I can manage, analyse and whatever else I wish to do with them, applying various functionality directly. And share and interact with others in ways richer than platforms currently allow. It might be messier to start with but closer to human affairs in its complexity. And that is a Good Thing.

Privacy delusions

Privacy is a fine thing and until we are the ones who determine what goes out and what stays in, it will be mostly a delusion. Our privacy is protected in about the same way that a pretty young girl is safe in hands of a pimp, who is held in check by a few hastily drafted rules that are actually very hard to enforce. As long as he’s seen keeping his hands off her, he’s left alone. But she’s still at his mercy and there is not much she can do if he decides to sell her on. Substitute data and information about you and you’ve about got the picture.

On the other hand we have the wonders of connectedness and sharing which are also very fine things. It’s what made the web what it is today (in a good way). For most, to hoard data in isolation would be contrary to the openness and sharing of the web. However, I should have the option and ability to do so if that’s what I choose. It is about a balanced ‘relationship’ where sharing is voluntary, based on trust and entails the power to withdraw the benefits of relationships. At the moment, my data is held to ransom in abusive relationships and the fact that I get ’something’ out of it does not justify the imbalance of power. I should be the one making a decision about what happens to my data and by extension to my privacy. This should not be determined by Facebook or any other web-app, silo or platform. 

I learned a very important point from security geeks - that "security is a policy" - security is what you define and want it to be. If you want to connect an unprotected computer to the internet in order to study how fast it can be destroyed by viruses and overtaken by bots, then your computer is 'secure'. Your requirements for security are met. The same goes for privacy - what is sufficiently private for me may not be for you, and vice versa. 

Also, privacy may be a policy of the individual, but not in a sense of a privacy policy for the individual chosen from a given selection in (say) the style of "Creative Commons". There is a huge difference: for instance, I have a policy about who I let into my house. I don’t need to display it on my doors or attach it to my address or business cards. It is far more convenient and flexible for me to decide there and then, when someone’s knocking at the door. It is my implicit privacy policy that kicks in. Sure, I don’t want junk mail or door-to-door salesmen but just because I can display notices to that effect, doesn’t mean that is the way to deal with the rest of the humankind. Online privacy is about creating tools that help the individual to control access to data to the point where he/she decides practically and directly who gets to see what - without reliance upon a third party or intermediary.

Further, what sense can a uniform set of rules or system make in an environment which is decentralised, where it is near impossible to enforce and communication is distributed and persistent? Building privacy systems, instead of letting people implement their own privacy 'policies', makes privacy an awkward bolt-on when it should be natural and integral to our behaviour. The more people who learn what "privacy" means and understand its merits and the price of its abuse, the better ‘policies’ they can devise for themselves...

Alas, instead, privacy is an issue often regarded as a trade-off that 'consumers' are only too willing to make in return for some benefits to them. I tend to think it is an issue of choice - if there is no meaningful choice and people understand this, they might just as well forgo a bit of privacy in exchange for what appears tangible benefit to them - a discount, a better deal etc, but as tools arise to help people to take charge of their own data, their mindset will shift too. Peoples' tolerance for privacy violations will decrease, just as our tolerance for lack of connectivity or quality is dropping; these are different issues but the same behaviour pattern. For now, we are used to our data not being 'respected' - that the choice we have with regard to our privacy is only a binary choice: either you play and give up your data or you don't and exist in splendid isolation.  The latter is not a way to benefit from the web, whether it comes to social networking or shopping. People do care about privacy and examples of how easily they give up their data in exchange for trinkets are not convincing. so until people feel that they have a real choice such skewed behaviour is not illogical.

Creepiness factor

There is a valid perspective which regards many of the social networking applications to be "stalker's tools".  Let's take Twitter. I explain its benefits using the term ’synchronicity maximised’, to describe the ad hoc organisation of real world encounters, ambient intimacy, connectivity and sharing which makes Twitter so useful and addictive.

I am in New York having brunch with a friend and I twitter about it. This may seem creepy to some, knowns as the ‘creepiness factor’. This usually refers to someone not necessarily violating your privacy according to the law but to the ability of others to gather your public details (as private data would be a privacy violation) and piece together information about you. This allows them to act in ways we don’t expect or foresee. It is the realisation that someone knows so much about us by deliberately gathering information and using it to behave in a way that implies familiarity. It feel like a violation of autonomy and privacy, even though existence of either is a delusion in our mind.

There is a difference between me 'broadcasting' on Twitter that I am having brunch with a friend plus the exact location, and learning the hard way that someone is ’scraping’ or gleaning such information from places that I might have, rather foolishly, considered private or semi-private, such as Facebook or any kind of behavioural targeting so favoured by desperate marketers.  It comes down to me knowing what happens to my data. The creepiness comes from realising that someone is gathering and piecing together information about me for purposes that don’t directly involve me and/or are not necessarily in my interest. Twittering my location is not a problem if I am doing it with awareness of my network and audience.

All this contributes to doomsday talk about privacy and the view that the web is eroding it, and that the younger generation using social networks and other web applications don’t value it or give it away all too easily. Often privacy is considered a legal agreement to be guaranteed only by an enforceable contract. This is correct with regard to information about me held or managed by third parties but it does not address or reflect the way people interact online. Building systems or processes that force people to ‘behave in their best interest’ or to ‘protect their privacy’ does not deal with the problem. Privacy is a policy and not a system. Terms of service and other legal agreements are creatures of systems, platforms and silos. As an autonomous individual I am the best judge of my privacy requirements. When I talk to my friends I know what to tell them and what not to share. If I mess up, I suffer the consequences and learn not to gossip with those who betray confidences.

In contexts that are beyond my immediate social circles and when money or reputation is at stake, I need to understand the consequences of sharing information so I can manage my privacy. But if my privacy is not up to me to manage, there can be no demand for such knowledge to be available. As  a result many people have no idea about how their data is used and abused. So that is part of the challenge in which the web has helped enormously - it is now possible for a dedicated or persistent person to find out what’s going on most of the time although most people tend to underestimate exposure and use of their data by others.

There is little they can do to act on that knowledge; as pointed out above, our privacy options are rather binary. Either you participate in transactions, exchanges, communities, etc., and you give up some of your privacy - or you don’t. However unacceptable I find the former, the latter is not the way to live either, online or offline. The best privacy settings are in my head. At the moment, I have little ability to ‘execute’ my privacy policy. Why assume that such ability has to come from the legal world and why not start building tools that help individuals manage their data and help them to determine their privacy behaviour themselves?

Bringing Identity Home

There is another concept firmly connected with privacy, data and especially with social networking - identity. Identity is one of those elusive concepts that underpin several important debates. Online, to my amazement, I often see logins and passwords to various sites and platforms described as “identity”. I don’t think of them as my identity, but as things that I currently need to access bits of my scattered identity, at best they are my meta-identity. (Btw, by self-defined identity I am not referring to self-asserted identity which also relates to identifiers of the kind I see as meta-identity. I am looking for ways of establishing identifiers that are part emergent, part validated by relationships, rather than by a systemic-level third parties designed to do that. Let’s not have a ‘centralised’ trust, let’s have distributed one.)

In short, let me have a go at owning my identity myself, on my own terms, the web way, without intermediaries, ‘trusted’ parties and hierarchical non-direct ways. Locking me into new ‘better’ platforms, offering ’services’ to manage my meta-identity is like putting a band-aid on a gaping wound. Instead, give me tools, flexible and modular, to reclaim my digital personae and help me piece together my fractured identity. And then allow me to drive it forward with all of the benefits that it can bring me and to those I interact and transact with. Learn to live with the unpredictability and emergent juicy goodness that comes from my independence and lack of your control over me. Finally, let me learn from my mistakes, my first uncertain steps with my own data sovereignty. Without those how can I ever learn to fully value privacy, security and engage in mutually beneficial interactions?

Two-platform world

On the social web, the number of third-party defined spaces for 'containing' bits of my data - photos, content, relationships, transactions and purchase history, movements, knowledge, and privacy, grows by the week. They enable me to create stuff and share it with others online. But I still lack the means to perform simple functions of capturing, managing and analysing my data as well as sharing it on my own terms without the risk of the data being lost or abused.

The good news is that with more tools and ways of distributing, photos, videos, writings, cartoons etc. are being 'liberated' from the channel world of one-way media. The bad news is that they more often than not create more platforms and silos. As far as I am concerned there are only two platforms - the individual and the web.

Introduction to VRM

There is a sort of VRM mantra I have developed, as I find myself repeating it over and over to remind people of my position on VRM:



Blogging redux

I use a range of applications to manage my data and meta-data. Over time they have helped me learn to manage and drive my online existence. Applications such as, WordPress, Wesabe, Dopplr, Flickr, feed readers, and Twitter already help me understand my behaviour and make more informed decisions in some respects.

By tapping into what people already do online, and increasing people's ability to manage and share their data as they see fit, VRM would be a phenomenon similar to blogging in several important aspects.

Blogging is not owned by anyone. It wasn't designed to make money, or even to bypass media or dis-intermediate marketing and advertising.

It has emerged from people like me who wanted to articulate their thoughts and to share them. Not necessarily to influence their audience - for there was none at the very beginning - but instead to let off steam, find a voice that can disagree in ways that beat shouting at TV. It was only by "doing it" that I and my fellow bloggers discovered yet other people with same frustrations, opinions, and desire to interact.

One large echoing and distributed conversation was born, from which many relationships emerged. In a similar fashion I see VRM giving rise to a different way of transacting, following the same tectonic cracks that online disturbed the existing powerplays and institutions. The starting point of VRM implementation is to investigate existing tools and technologies to create ways of doing that and develop new ones if necessary.

It is the independence they give me from vendors - and the potential to redefine my relationship with them - that as an individual customer excites me about such tools. Think of managing your own health record or managing information about your risk profile, or your needs, requirements and purchase history,  companies you purchased from, their service etc. This has implications for not only customers service and marketing but all areas of customer relations.

As for the existing online tools, I have reached the limits of usefulness for web apps that give me nice functionality but take away my ability to manage data across my entire online ‘identity’ and beyond. 

I want to be able to connect and create relationships without lock-ins (other than the ones that some relationships bring with them naturally). I don’t believe I will be able to do that unless the tools are built around me, for me and eventually by me. Blogging took off when people could set up a page and start publishing in a way previously available only to geeks with HTML skillz. Today I can do more things with my blog than just publish - tag, add videos, plug-in more functionality etc. with the underlying technology invisible to me now. So I want tools and applications that will help me do all that for transactions as well as relationships.

Once people can do that - manage their data, relationships, identities, purchase histories, their records, locations etc - then more interesting things will start to happen. And it will be those interesting things that will ultimately determine the direction vendors should be looking.

It is also worth noting that bloggers did not set out to change the media or teach journalists a lesson and yet, the media is looking to adjust to keep up and evolve in line with changes to content creation, distribution and social impact as driven by bloggers. Similarly, for VRM, the pressure on vendors should be coming from customers ready to reclaim their data and preferences and take charge of the relationships with vendors. With the right tools, users are already savvy enough to take that up.


A source most authoritative...

'Ownership' of data, whatever that means, is merely a starting point. I might 'volunteer' information - to me that just means I share it on my own terms - but the more important point is the ability to establish and maintain relationships. For that I need and want the following 'functionality' to be enabled for me:

1. take charge of my data (content, relationships, transactions, knowledge),
2. manage (arrange, mash-up, analyse) it according to my needs and preferences
3. share it on my own terms
4. whilst connected and networked on the web.

This is what I mean when I talk about turning the individual into a platform and into the most authoritative source about themselves. It does not happen by creating a database or a data store, however personal. The word store implies passive and static, even with some sort of distribution layered on top. The objective needs to be equip individuals with analytical, and other, tools to help them understand themselves better and give them an online spring board to relationships with others. In VRM context this includes vendors.

It is the user who should define the nature of the data stored, shared, analysed - and what data is called or labelled, whether confidential or premium etc. The critical thing is the user's ability to share it and do all sorts of groovy things with it independently of third parties, and without the data being hijacked and harvested by third parties in the process.

There is a difference between those who emphasise data and those who emphasise relationships. Data can be a vehicle for relationships, but not the other way around. If relationships are seen as more important, then third parties get in the way. If data is considered more important aspect, then intermediaries tend to abound.

Another crucial difference revolves around the meaning of 'personal data'. One kind of personal data  means one's address, date of birth, phone number, social security number etc etc. And the other kind, proliferating with the advent of the social web, is the 'data pertaining to a person'.

The former is usually static data, your address or phone number can change from time to time, and although it is possible to change your name, the date of birth is unchangeable. The latter is dynamic, at any time only a snapshot of the person and the more data can be created and captured, the more granular and valuable it can become. On the web such flows of data often act as a proxy for a relationship. People subscribing to my blog, Friendfeed, Twitter, Facebook updates etc - such data is personal, i.e. related to my person and yet, its existence revolves around sharing it with others.  Personal data stores are for 'personal data' as the name suggests. We have few means, if any, to harness the dynamic data, created by persons.


Relationships

The web has changed the nature of data in at least two ways. It commoditised data and as a result the context in which the data exists is becoming at least as important as the data itself - and this applies not only online. This is where a 'relationship' comes in; it sustains the data's context and make the data more valuable. VRM should make irrelevant and inadequate any attempt to mine, harvest or analyse data without the context of a relationship. Tomas Kohl says it well:

This isn’t about the internet, Web 2.0 or 3.0. Forget it. We’re talking real world, real relationships, stuff that involves our everyday lives. The internet has helped to equalize some of the relationships we have, very much with the media, the government, and each other, and the debate should now switch from the virtual to the actual. We don’t go to bed and neither do we wake up as avatars.

In a simplified way, this pyramid captures the VRM future for me:
 

1. I have far more conversations than I have relationships - already true.
2. The number of transactions is smaller than the number of relationships, in other words, not all relationships lead to transactions - at the moment, my transactions are not a result of conversations and relationships with vendors.
3. Conversations and relationships are sound foundations for transactions - already my conversations and relationships with friends and contacts are increasingly affecting my decisions about who to transact with but still a long way to go.
4. It's not all about vendors; the conversations and relationships are with my friends and contacts - vendors need to become part of my network in order to improve transactions.

Adoption

A reminder from Doc:


Equip individuals with tools that are useful to them, observe what happens, and learn from them. Then lather, rinse, repeat... We could pontificate about where it will go and what VRM should be, but I am starting from the 'other' side, which happens also to reflect my experience - an individual who found the web a source of autonomy, identity and independence. I am greedy, as I want more of the same and want others to have it too, so I want tools that will help me take charge of my data, information, my knowledge and its sharing - but that's not VRM, merely a stepping stone to it. But I do believe the pressure on the vendors will come from users/people doin' their own web thang, not from wild-eyed VRM evangelists (and I count myself as one such).

As for vendor adoption, I suggest looking for individuals within companies who understand this, and who will see the benefit for themselves, as individuals, first. Once they do, it'll be in their interest to make it work for their company. The challenge will be overcoming silos, processes, lack of real innovation and short-term horizons. And those are issues that no business plan or set of goals from our side can solve. It will be brought about by people who will make it happen because it works for them, making VRM part of their agenda and future.

Businesses, especially large ones (read: with entrenched organisational structures) won't give up control or their position of power without a fight. We can push against them up to a point but that rarely amounts to fundamental shifts. In my experience, the best way is not to try and change a system from within but by instead building a viable alternative outside of it, or parallel to the existing processes. The internet offers that opportunity; with VRM it also offers another pressure point: the customer/individual. Therefore our focus should be enabling and empowering the individual before worrying about businesses and how to 'sell' VRM to them. If a specific application of VRM is found that requires little dependence on any company and is driven by customers and market pressures, then it makes sense to spend time with that business. However, the tricky bit will always be finding the right people within those organisations who will have a vested interest in VRM.  Thinking about 'adoption' in network terms means starting with a dedicated few that will distribute further, rather than in aggregate terms like markets, customers, businesses, and industries.

Technology - including online tools - is built by people wanting to make something work or to solve a problem. The distributed nature of the internet makes it easier for others to use that technology in new, emergent, even unpredictable ways. A group of people cannot design, plan and implement a significant shift in market power in its entirety. VRM should focus on those areas that we have seen working online - identity, user power, tools and applications built around modular and user-defined purposes. From experience of the social web, blogs, wikis, RSS and other developments of online technologies and behaviours, and from understanding of open source and of 'because effects' we can hope to find the right 'pressure points' to get VRM off the ground.


Open as in...

... not locked-in, silo-ed or 'owned'. Open as in open to the user and his ability to use his data. It doesn’t mean indiscriminately open and accessible to everyone. Open as in offering much greater control over data that belong to me, data that I create and manage. Open as in making my data available to me for further use.

For example, I'd like to be able to learn from all the data and purchase history I have on Amazon, in a place that I can call my own. I'd like to mine or analyse it myself. Combine it with my reading habits, travels (to make sure I have reading material for those long airport waits), with my calendar for people’s birthday to buy them a book, with my notes on vendors i.e. Amazon's payment and delivery practices, my purchase history, my opinion about their prices, publishing trends and then share that with my friends as I see fit. A widget on a blog will not suffice as I need a space that is secure and private, yet shareable, and where I can run my own affairs.  Applications and tools such as  ‘To Do’ or shopping lists do not begin to cover the range of functionality I want to apply to my data. Amazon and other vendors collect my data for their own purposes. I want to collect it for mine.


User-centric is not user-driven

I once fell for the term user-centric, thinking that it defined users’ wants as a starting point for a design. User-centric is a definite improvement on the system-centric approach where the top-down design forces users into a slot of whatever is built, no matter whether it works well or not.  User-centric instead says - we are going to build a system, put the user in the centre instead of the system.

So far, so good, but this sits uncomfortably with me as a user especially as one that is used to the online tools that have changed many an old way. The tools - blogs, wikis, feeds and feed readers, BitTorrent, Flickr, Dopplr, Twitter etc - are revolutionary not just because of their functionality, their bits of code or their interface; but their design for usefulness, their modularity and constant evolution. There is an element of open-endedness in their design, either accidental or deliberate, recognising that the designers cannot foresee all the uses to which people will put the tools to. The simplicity is the key, the complexity coming from usage rather than the design. In other words, they are user-driven.

A simple test of user-driven design is in the answer to the question - Can the user add value to it? If yes, the value then serves that user and other users. Think Twitter or BitTorrent – applications only as valuable as the user activity on them. The functionality provided depends entirely on whether people use it and more importantly how they use it. For example, Twitter’s reply functionality @USERNAME has come directly from users, they started doing it as part of conversations and Twitter turned it into a reply function. Ultimately, without its users del.icio.us would be pointless, BitTorrent empty and Flickr dead, Twitter silent.

 

At one of the IIWs in Mountain View, I talked with Bob Frankston about the difference I saw between the user-centric and user-driven. Bob, in his inimitable fashion, used the tuna salad we were having for lunch during the conversation to coin an analogy. A ready-made tuna salad is user-centric - it has been decided what goes into it, in what proportions and what order. It has been designed around me and for me but I cannot add anything to it. Giving me ingredients, utensils and a recipe suggestion and letting me get on with it, leads to user-driven design- it can still be meant to become a tuna salad but I get to put it together, determine the proportions, skip or add ingredients. The process is driven by me and the experience makes me, hopefully and eventually, better at making the dish.

John Dodds also hits the nail on the head:

Sorry folks “individual” and “social identity” are pretty much useless because there are too many subjective definitions and associations pertaining to them out there. The strength of user-driven lies in the verb - there can be no doubt here, the user is in charge and actively driving and thus delineates it from user-centric and all the others. That is what you need a term to do

That said, there are times for user-centric and there are times for user-driven. Not everyone wants to make everything themselves and neither is it the best or most effective way to design all systems or tools. But there are cases when only user-driven will do - and VRM is one of them.

Power to the Persons

I am the last person to benefit from my data on various platforms and from information accumulated about me that others harvest and use for their own purposes. A tool like Wesabe may give me the ability to gather and analyse some of my financial data, but I will need new tools - free from platform lock-in - to repeat that trick with data regarding anything else about which I care and need.

There are two foundation stones that need to be laid:

1. a place where I store, manage and play with my data 
2. a method and technology for sharing, exchanging and distributing the data
   

The Mine! project is an open source effort to create an application that is meant to fundamentally improve data and relationship logistics and to be part of my web 'infrastructure'. Mine! is designed to enable individual users to:

1. take charge of their data (content, relationships, transactions, knowledge),
2. manage (arrange, mash-up, analyse) my data according to their needs and preferences 
3. share data on their own terms
4. whilst connected and networked on the web.