Facebook ignored recommendations from 2016 internal study on their data and privacy problem

facebook_2015_logo_detail

In early 2016, well after it learned about the massive scale violations by Cambridge Analytica of its user data, Facebook sanctioned an internal study about its approach to data and privacy. Led by its Deputy Chief Privacy Officer, the company convened a series of off-the-record workshops with 175 privacy and data professionals around the world.

Most of us were already well known for our concerns about Facebook’s approach to exploiting its vast troves of user data, but agreed to participate with the hope that we might help the company start acting more responsibly. The discussions were candid and hard hitting. We focused on the ethical and business challenges Facebook would face if were unable to reform itself. Many of us left encouraged.

Unlike most internal studies, Facebook decided, curiously, to produce a public version of their report, which I wrote about in June of that year. You can download a copy of the report here.

Against the recommendations of many of my colleagues, I publicly commended Facebook for such a thoughtful report and highlighted its findings about embracing greater transparency and control of data by users. Many of the ideas centered around new concepts of empowering users with their data and giving them agency over how and when it was used. A number of companies (including my own) were working on tools and business models that made that vision increasingly possible, and it was exciting to see such a decentralized, user-centric model articulated by Facebook.

I knew the findings would be hard for Facebook to implement in the short term, but viewed the report as being an important statement of where the company could go. Facebook was actually well positioned to take advantage of a new collaborative relationship with its users around data. I also sensed that the report represented an emerging, mostly European viewpoint inside the company, and wanted to do all I could to further their cause.

I went so far as to challenge Mark Zuckerberg directly:

“I hope Mark Zuckerberg reads it and internalizes its many good recommendations, especially given the powerful catalyzing role Facebook could play to empower people with data. It’s not just the right thing to do, it would be great for the company’s long-term business (oh, and for that pesky regulatory problem).”

I knew from my interactions at Facebook, including with board members and senior product and policy leaders, that without Zuckerberg’s full support, ideas so core to Facebook’s future would be dead on arrival.

Within a few months, it became clear that the report had indeed missed its mark. Follow up initiatives were either cancelled or redefined so narrowly that no one wanted to participate. People I reached out to at Facebook who should have known about the report said it hadn’t even registered on their radar. When I shared the specifics they simply responded “that does not reflect Mark’s thinking.”

At such a critical moment in the company’s future, I would strongly encourage the company to revisit its own recommendations. While centralized systems and tightly controlled companies can be effective in many contexts, Facebook has simply become too intertwined with how we live our lives to continue to operate that way.

This article originally appeared on Medium at this link.

Why digi.me is launching a new API and SDK for integrated social data

This post was co-written by Shane Green (@shanegreen) and Tarik Kurspahic (@tariktech) and originally appeared on Medium.

Anyone familiar with digi.me and our mission knows we are focused on empowering people with their data. We are building a data-driven future aligned with the needs and interests of people — where individuals can securely and privately aggregate, analyze and share massive quantities of data from across their life.

This user-centric approach to data also holds promise for developers and companies who want to collaborate with their users in a win-win data partnership. We think social data is a great place to start.

We have launched a new API and SDK for accessing normalized, integrated user data from five of the top social networks: Facebook, Instagram, Twitter, Pinterest and Flickr.

The idea is simple:

— A single integration to access tons more social data from your users wherever they may be

— The ability to establish your own terms of service with your users by asking them for their data and breaking free of the terms of service and restrictions from social networks

— Wicked new opportunities to innovate

— Protection from regulators by requesting permission from your users and embracing transparency

— Democratizing data by promoting the mission of empowering people

A single integration for tons more social data

Digi.me’s consumer app allows users to import their social data from five of the leading social networks. Recent court cases in Europe have affirmed the right of users to download and sync complete copies of their data, including their own posts, photos, videos, likes and comments, as well as many of the same types of data from friends where they have been tagged.

Without ever seeing, touching or holding a user’s data, digi.me makes it easy for users to connect to their various accounts and get a complete library of their social data. Our ontology, data normalization and standardization techniques ensure the data is easily accessible and reusable via a single API and SDK.

Your users will need the digi.me app to connect to their accounts and fetch their data. From there, your app needs to ask the user for consent to access it under terms you agree to with your users. Once the user approves your request, you get access to the requested data under terms you set with the user.

Break free of onerous terms of service

Again, due to our unique architecture and business approach, the users themselves are not subject to the normal terms of service of social networks that apply to businesses. Once users download their own copy of all of their social data (which they hold — not digi.me), they are free to share it however they choose and without restrictions.

So you can enjoy the peace of mind knowing that you have the ability to collaborate with your users and get permission to access the data that drives your business.

More data + new rules = more opportunity to innovate

We are constantly amazed at the things people build when they have access to data and the freedom to innovate. Digi.me provides a permission-based way for you to seek access to ever-expanding datasets far beyond social, including financial, wearables, health and entertainment directly from your users.

Never before has such a combination of up-to-date datasets been available to analyze and leverage.

Speaking of innovation, we decided to put the API through its first real test by putting on a hackathon at Reykjavik University in Iceland and the results were nothing short of awesome. Check out this page to see what smart people like you are already building on digi.me.

Regulators will love you

Instead of worrying about the uncertain regulatory environment, lean in to a user-centric model, a favorite of regulators in both Europe and the United States.

Digi.me has been recognized by regulators as the ideal approach for a fair, ethical and sustainable data-driven future. Everyone is a winner — consumers, companies, developers. Plus, in Europe, digi.me is entirely compliant with the new General Data Protection Rules (GDPR).

Your customers will love you

Your users won’t forget that you introduced them to this revolutionary new way of being in control of their digital lives. Help your users break free of data monopolies. Study after study shows people are deeply uncomfortable with the current model.

It’s not just great marketing, be among the first to do the right thing by your users.

We are already working with people to change the world and create innovative solutions, but we are just getting started. We’d love to hear what you think!

Digi.me merges with Personal

This post originally appeared on Medium and was co-authored by Shane and Julian Ranger (@rangerj)

With today’s announcement of the merger of digi.me and Personal, the personal data ecosystem takes a giant leap forward. (You can read the press release here.)

Personal and digi.me have each helped to define this sector — one that emphasizes individual control over the growing amount of data and analytics about people that fuels the digital world. We have done so by introducing revolutionary tools and rules for giving people control over their own social, personal, financial, health and other data while enhancing privacy, and by attracting world-class investors and some of the brightest minds in the space.

Since 2009, digi.me in Europe and Personal in North America have shared a common mission — to put people, rather than companies and governments, in greater control of their own data.

We have each made great strides, but we still have a long way to go. This merger will get us there faster and with greater force.

The timing could not be better — or the opportunity bigger. A perfect storm is brewing among rising consumer awareness, new regulations and increasingly grave threats to personal privacy and autonomy.

Shane, left, and Julian

Consumers are increasingly aware of the value that holding their own data brings and rebelling against others taking it from them without consent. For example, the Mobile Ecosystem Forum’s 2017 Global Consumer Trust study shows that when sharing data, 31% of consumers value personal data privacy-protection and access to it above financial rewards (29%) or discounts (22%).

Meanwhile, new legislation such as the European GDPR will deliver new consumer rights over ownership and use starting in May 2018.

And any citizen living in Europe or the United States knows that they are susceptible to various forms of government or corporate surveillance and data mining every day of the week. The vast quantity of data being collected and the deeply private insights from big data analytics and machine learning is accelerating geometrically, with users purposefully left out of the equation.

This collision of factors highlights the need for solutions like ours, but looking past the storm reveals a truly brilliant horizon. Indeed, the possibilities of what individuals and consumers can do when they control their own data are endless and powerful.

Users, businesses and governments all benefit when private sharing and consent access to personal data occurs.

With digi.me, users in Iceland, for example, can access their electronic health records and share relevant data with any medical professional who needs it through the Living Lab project — an example we intend to spread to other countries.

In finance, digi.me will be able to help consumers share their personal financial data with privacy and control with a banking or insurance company to help them get the best policy offer and reward their loyalty, but not by taking their data without permission and benefit for the consumer.

In education, Personal created a download app with the U.S. Department of Education to help make more than 100 fields of student financial aid data portable and reusable.

And a myriad of personal digital assistants and wearables will be able to arm consumers with the power of their own data just as they do for publicly searchable information like directions or comparison shopping for shoes or travel. Just imagine: You choose to integrate your personal data store with Amazon’s Alexa or Apple’s Siri, say “Hey, Siri”, and all of a sudden you can access an image of your passport or get your bank account or health information served up to you instantly and ready to share.

There is a tailwind behind what both digi.me and Personal have been working on since 2009, and it gets stronger every day. The merger will allow us to expand quickly to meet this growing demand.

Personal has brought to market the world’s best product for individuals and small teams to create and collaborate on data needed for thousands of information-related tasks. It will be fully integrated into the digi.me app later this year. (Personal’s enterprise version of TeamData is being spun off as an information security and productivity company for businesses.) Personal’s development team is first class, and both digi.me and Personal have been pioneers in designing privacy and cybersecurity in their respective platforms every step of the way.

Our combined teams will hit the ground running. We are investing in expanding digi.me’s U.S. operation, which will now be led by Shane, and we are already beginning to work with major U.S. brands to partner with our apps and services.

On the development side, our teams in London, Sarajevo and the United States will work to expand the ecosystem of personal data API connectors to new third-party apps and services and will integrate with major brand partners in multiple countries around the world.

Welcome to the new digi.me — a powerhouse that will help consumers connect their data with companies and their governments to help them make better decisions and improve their lives!

Julian is the founder and chairman of digi.me. Shane, co-founder and CEO of Personal, is now CEO of digi.me’s U.S. business.

The Personal Data Economy at K(NO)W Identity Conference

I was happy to take part in the inaugural K(NO)W Identity Conference, organized by several ex-Googlers through their new organization One World Identity.

Although it turned out to be one of the more thoughtful discussions I’ve participated in on the emerging personal data ecosystem (hats off to Electronic Frontier Foundation’s Rainey Reitman for excellent moderating), it also shows the challenges of discussing such a complex subject in a room full of folks working on identity, privacy, security and data.

The biggest area of misunderstanding remains around the many win-win benefits for both individuals and companies when users are empowered with their data. Watch the video and let me know what you think @shanegreen.

https://www.youtube.com/watch?v=AUhCVYUQ0vM

Getting started with TeamData

I wanted to share these two new videos we created to help you get up and running with TeamData.

The first is a quick guide for team members who have been invited to join a team, and provides a good overview of everything from registering to product functionality.

The second video is specifically for team admins, and is focused on what it takes to set up a team account, invite team members, and to create or import the initial data for the team.

You can check them both out at: https://teamdata.com/video/

Even though most of you will start off by being invited to join a team that’s already been set up, it’s worth the extra few minutes to watch the team admin video to get a sense of the benefits of creating a new team, perhaps in your department, for a project with outside consultants, or even at home.

And, as always, please let us know what you think!

This was original published on the TeamData blog here

 

Today’s Facebook report on personal data & privacy gets a lot right

Is it a wolf in sheep’s clothing or a sign of enlightenment at the world’s largest collector of personal data?

wolf-in-sheep-image

I must admit I was more than a little wary when I was invited by Facebook’s Global Deputy Chief Privacy Officer, Stephen Deadman, to participate in an off-the-record roundtable on the future of personal data and privacy. The involvement of the UK consulting firm helped convince me, given their long-time focus on building transparency and trust in this area. I’m glad I did.

I must admit I was more than a little wary when I was invited by Facebook’s Global Deputy Chief Privacy Officer, Stephen Deadman, to participate in an off-the-record roundtable on the future of personal data and privacy. The involvement of the UK consulting firm Ctrl-Shift helped convince me, given their long-time focus on building transparency and trust in this area. I’m glad I did.

Overshadowed by today’s announcement of 500 million Instagram users,Facebook released a report this morning called “A New Paradigm for Personal Data: Five Shifts to Drive Trust and Growth.” You can download it here: http://bit.ly/28L4HII or check out Deadman’s Op-Ed here:http://bit.ly/28LMDB9.

I hope Mark Zuckerberg reads it and internalizes its many good recommendations, especially given the powerful catalyzing role Facebook could play to empower people with data. It’s not just the right thing to do, it would be great for the company’s long-term business (oh, and for that pesky regulatory problem).

While much of the report’s thinking has been articulated previously, including by Ctrl-Shift, the Personal Data Ecosystem Consortium (where Personal, Inc. was a founding member), the World Economic Forum’s Global Agenda Council on Data and The Aspen Institute’s Communications & Society Program (both of which I participated in), it matters that Facebook spent its time and energy to convene so many trusted experts — 175 in all across 21 global roundtables — and to publish such a thoughtful and balanced report.

Unlike regulators, privacy and security advocates or most any industry player, no matter how large, Facebook is in a unique position to put the tools directly into the hands of their users and provide powerful direct and indirect incentives for them to start becoming hubs for their data.

In this model, users could re-use their data in a permission-based way, and in infinite combinations, across the entire connected universe at home, work and everywhere in between. It would be the ultimate democratization of data in a fair and transparent ecosystem where individuals actively decide when, where and how to participate in a robust value exchange tied to their data.

So why would Facebook take such a risk when its current business model is built on its ownership and control of user data?

Deadman answers that question in the introduction to the new report:

My observation from the years I’ve spent working on privacy and data related issues is that the personal data debate has been largely grounded in a limiting premise – that the desire to innovate with data is generally incompatible with preserving individuals’ rights to privacy and self-determination.

This premise is entrenched by regulators, policymakers and industry, as we tend to talk in terms of trade-offs, as though these two equally desirable goals will always be in tension with each other, and our only choice is to balance them off against each other.

I firmly believe that such trade-off thinking is undesirable – it leads to suboptimal outcomes – and I also believe it’s unnecessary: we now have the skills, technology and motivation to transcend this supposed trade-off.

He goes further:

The debate also entrenches an assumption that only organisations can control data, ignoring the ability and potential of individuals to take a more active role, exercising agency, choice and control over their own data.

I don’t think the evidence supports this assumption. What is more, when people have more control over their own data, more growth, innovation and value can be created than when they don’t.

It’s this very last point that will win the day. There is simply more opportunity to innovate and create value when individuals are empowered in this way. No single company, or government for that matter, can ever match the competitive advantage of individuals (or teams of individuals) to aggregate and permission access to the constantly growing and changing data from across their lives — including their connected devices.

And those who try to keep the individual out of the equation risk being punished as this new model emerges. Data collection, use and monetization simply can’t be kept behind the curtains much longer. Deadman is right to draw Facebook’s attention to both the opportunity — and the risk — of not embracing the rightful role of users.

There is also a surprising set of security benefits of a model with less standalone copies of data in the world, especially when the data that is shared on a session basis and comes networked with real-time validation and authentication. The future would not only be more secure with this approach, it also happens to be in the interest of the world’s largest identity provider.

In our own business, we are seeing this user-centric model starting to take root inside the workplace by and between employees. The enterprise is one of the few places where the need for individuals to practice active data management and data security is both understood and able to be mandated. It’s probably no accident that the Facebook at Work solution is one of the company’s biggest new initiatives.

The report finishes with grand brush strokes, painting a vision of a race to the top among companies who compete for access to user data based on trust, transparency and the value they can deliver. These market-based solutions have all the elements of the “digital enlightenment” many of us have been talking about for a long time.

For those of you worried that Facebook is simply trying to co-opt this new model before it is even established, or use it as a shield to avoid regulation, I understand the concern. But I really don’t think there will be any going back once it happens. As people wake up and experience the magic of having their data go to work for them, they will never be passive about their data or oblivious to its value again.

While Facebook has a lot to gain by being a leader, it has even more to lose by being seen by its community of users as holding them back. I applaud Deadman and his colleagues for taking such a bold position.

This post was originally published here on Medium.

Why Personal.com “graduated” to TeamData today

teamdata-logo-grey

Ben Horowitz was right after all. He told us a few years ago that our model of user-centric data management was all wrong for consumers, but that it just might work in the enterprise. Realizing we weren’t buying, he sent a nice follow up email to encourage us to seriously consider changing our focus. We were so convinced we were right I’m not even sure if we wrote back (sorry Ben).

Today Personal.com and our Personal Data Cloud solution are becoming TeamData, a reflection of our shift toward solving critical information management and data collaboration needs of companies and their employees, as well as with consultants, vendors and customers.

Enter the enterprise. Despite game-changing transformation from team productivity and collaboration solutions in recent years, employees still have to hack their own standalone solutions to organize the information they constantly need to get stuff done — like spreadsheets, notes apps and even contact cards in their address book. Meanwhile, email, messaging, calls and in-person interruptions remain the standard for requesting and sharing data. Entire classes of jobs continue to exist solely to organize, manage and update information manually for teams and their members.

 

A MindMap showing approx. 10% of the data graph of a company

Most existing solutions for team productivity excel at unstructured data (e.g. files or notes) or messaging and project management. And the few products that understand data, like password managers and digital wallets, are limited in the types of data they manage and their security was not designed for collaboration.

The reality is we’re all still kickin’ it old school when it comes to organizing and sharing information.

Current solutions do not solve the complex challenges of structured, reusable data — which is hard to protect, growing exponentially, changing constantly and needed in super-unique combinations for different lengths of time by people inside and outside of companies.

That’s because data is a related, but altogether different game that requires deep understanding of the data itself combined with granular permissions to enable its reuse in limitless combinations while providing entirely new types of security (e.g. we follow Privacy-by-Design principles).

As we started re-architecting the Personal.com platform and data library for team collaboration six months ago, early adopters started reporting compelling evidence of the benefits. Here is one recent example from Onboardly for content marketing teams:

All time top tools to keep your team on track…Securely stores just about all the details that your brain doesn’t ever seem to absorb.” — Onboardly

 

productivity-benefits-image

What’s so special about networked, structured data is that it can be reused over and over across an entire company, and everyone with permission automatically has access to the most up to date version when anyone makes a change (they can also have their access turned off).

There is literally only one copy of the company name, address and Federal Tax ID in a TeamData graph. One instance of the company social media account logins, demo server credentials, and visitor wi-fi. And so on, for over 1,200 different types of data covering thousands of different tasks.

Finally, networked, machine-readable data will also unlock new kinds of innovation when employees and companies grant permission to apps and analytics tools, like the new generation of AI-driven digital assistants.

We are still passionate about our vision to empower consumers with data. We already see employees starting to form teams outside of the office using their private data, and know they will discover whole new ways to use our tools.

For now, we’re excited to keep our heads down and keep solving all the challenges companies and employees face every day. Give it a try and let us know what you think — teamdata.com.

This post was originally published here in Medium.