It’s business as usual for privacy at the US Chamber of Commerce and Internet Association

With the exception of a call for greater transparency around how companies collect and use data — a growing bi-partisan, public-private sector bright spot in the American debate on privacy — the US Chamber of Commerce’s ten new privacy principles and the Internet Association’s almost identical principlesreleased today reflect long-standing industry hostility towards effective government regulation and privacy more broadly. The principles are mostly an extension of the “trust us to do the right thing” argument they’ve been making for years, which have failed miserably.

The Chamber’s very first principle to prohibit state laws altogether on the subject is a not-so-subtle swipe at the popular new law on privacy in California, which industry fought tooth and nail. While imperfect, the law marked an important watershed in popular awakening to the abuses and dangers of the current “click here so we can own your data” model. The Chamber goes on to say in this first principle that “the United States already has a history of robust privacy protection,” which, in addition to being downright cynical and wrong, signals a new round of opposition to meaningful government oversight or intervention.

Their principle on harm-focused enforcement is another clearly outdated and limited approach, as is the call to prohibit individuals from being able to bring an action based on an infringement of their privacy. Together, they completely marginalize us as citizens and consumers, and ask us to trust the system to work on our behalf.

Meanwhile, the Internet Association has loopholes and doublespeak galore. Almost all references to data rights are bounded by phrases like “personal information they have provided,” which often amounts to less than 1% of data collected or purchased by companies. The coup de grace: “individuals should have meaningful controls over how personal information they provide to companies is collected, used, and shared, except where that information is necessary for the basic operation of the business…” When the entire business is predicated on advertising or personalized content and services, I’m not sure what is left really.

As a skeptic myself toward most prescriptive government regulations — I’d rather see innovative new tools and business models solve market and societal failures wherever possible — I spent years watching how utterly incapable industry is of reforming itself when it comes to data and privacy. There is simply too much money and power tied to them while all of the negative externalities fall on us as users — a textbook market failure.

That led me, in addition to my startup efforts on privacy, to work on a number of initiatives that helped create the principles and specifics for the new EU regulations known as GDPR (General Data Protection Regulation). These laws, also imperfect, not only aim to curb current abuses, they mandate far greater transparency and provide a roadmap for a fairer and more sustainable data and privacy model built around the rights of individuals about how their data is used.

Criticized for stifling innovation, GDPR is actually doing the opposite — it is catalyzing the private sector to start building new services that empower people directly with their data, competing both over how much value they can create for users if given access to their data while also showing what good stewards they can be of that data. It’s turning the “race to the bottom” we’ve seen around data and privacy into a much more enlightened and compelling “race to the top.”

Not surprisingly, the Chamber and most US companies have not been fans of GDPR. The lip service given in the principles to “privacy innovation” is a far cry from the vision and efforts underway in Europe, and nowhere do they reference our rights as citizens or consumers. In fact, as mentioned earlier, they only seek to limit those rights.

The most concerning potential development is the use of regulation shaped by these industry lobbying groups to further entrench their power and disadvantage startups and newcomers. The Electronic Frontier Foundation and others have been sounding the alarm on that possibility, and my read on the recent Congressional hearings by Facebook and Twitter is that this is their new strategy. In fact, the degree to which these privacy principles mimic the principles of GDPR while undermining them at every turn is nothing short of dastardly.

To conclude on a positive note, transparency is the single most important key to addressing the worst abuses around privacy and to unlocking a private sector competition to do right by users and their data. Despite 20 years with the curtains drawn tight around data collection and exploitation by industry, it’s simply un-American to stand against greater transparency — which is why both Republicans and Democrats are in favor of it.

Embracing the Chamber’s and the Internet Association’s call for transparency is the perfect jujitsu opportunity for those of us who want to see a more pro-user, pro-privacy model emerge. The real battle will be over just how far it goes, over how much we truly get to see and understand how our data is collected and for what purpose. Once that genie is out of the bottle, we can expect the private sector to get back to what it does best — creating even more incredible data-driven services that truly meet our needs and interests.

Digi.me going prime time

I had the chance yesterday to speak with Paula Newton on CNN’s Quest Means Business. I thought she was going to focus on the Congressional hearings earlier in the day with Sheryl Sandberg of Facebook and Jack Dorsey of Twitter, but she really wanted to understand how digi.me works. She’s done quite a lot of stories on how our data and privacy is being abused by the big platforms, so it was refreshing to see her interest in solutions like ours.

We discussed our new app ecosystem, why it’s so interesting for developers, and how we empower people with their data if the data is already “out there” (a question I get all the time). You’ll have to watch the interview to learn more.

It was fun to visit the studio here in Washington. I was in the makeup room with Wolf Blitzer as the news of the mystery New York Times op-ed was breaking. Of course, the first tweet on my interview asked why CNN was talking about privacy and data given the other news. At least I didn’t get bumped!

IMG_5154

 

Trump’s right on this — it’s time to rip open the black box at Google, Facebook and Twitter

 

Image result for facebook google twitter logos

It’s not often that I find myself siding with President Trump and FCC Chairman Ajit Pai on technology policy. As we watch today’s congressional hearings with Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey — and the “empty seat” for Google who refused to send a senior executive — they are dead right in their call for greater transparency. The stakes are just too high to continue to allow these mammoth platforms to decide behind closed doors how to collect data about us, filter the content we see and manipulate our decision making. Regulators must act, as they have done in Europe. So too must we as citizens.

I find it unlikely that these companies purposefully bias their search results and content feeds against Trump and Republicans. In fact, most evidence so far of the weaponization of Facebook by outside actors like the Russians and Cambridge Analytica shows that they have more often exploited the platforms to support Trump and his view of the world. But their algorithms certainly contain all kinds of biases that we need to understand, and the lack of transparency raises unanswerable questions that not only make such concerns possible, they prevent government and us as individuals from responding effectively.

And, make no mistake, these platforms were designed from the start to influence our thinking and behavior. Click by click, terabyte of data by terabyte of data, they track our every move, building sophisticated profiles of each of us to make it easier for content and advertising to reach us. In fact, the first big Facebook breach of trust was an internal Facebook project to see if they could affect a user’s emotions by elevating posts with happy or sad content. They were so proud they published their findings for other data scientists to review. Rather than see the project as a psychological study with human subjects requiring clear consent of the participants, Facebook saw it, as one executive told me at the time, “as what we do every day with A/B testing in advertising.”

It’s no accident that Mark Zuckerberg’s called the challenge of confronting Facebook in his op-ed in today’s Washington Post an “arms race.” Only the largest of organizations have the resources to even participate in such a vast and expensive exercise, structurally limiting the ability of new companies and ideas to emerge. Sheryl Sandberg’s testimony is a laundry list of initiatives Facebook has undertaken recently to address these threats, most of which should have been undertaken years ago when they were warned about these problems but chose to ignore them because it was bad for business. (I, like many others, met privately with Facebook in 2016 to express my concerns while also encouraging them to act publicly.)

The Electronic Frontier Foundation (EFF) and others have rightfully warned that the massive efforts by the big platforms to shape privacy and data policy is designed to ensure their long-term domination, especially around ownership and control of our data. I share this concern, and saw it first hand in Europe five years ago while leading a data initiative at the World Economic Forum. Thankfully European regulators, backed by citizens voicing their deep concerns, managed to hash together a forward-looking set of laws that came into effect this past May (GDPR) predicated on transparency and users getting access to their data to use however they choose — and with absolutely clear consent.

The Congress and the Administration must insist on the same here in the United States. There simply isn’t any way we can continue on the current path, no matter how much Facebook, Twitter and Google say they can save us. Because “saving us” involves saving their business model, which created the problem in the first place. It’s time for new ideas and new solutions.

Digi.me launches ‘iTunes of personal data’

dm-app-store-blog

I know that’s kind of a bold statement – and likely to ruffle the feathers of our blockchain-loving, decentralized-worshiping friends. But we are excited to announce the official launch of digi.me’s app store (little “a”, little “s”), which you can find at digi.me/share. (And our architecture is almost entirely decentralized and distributed…with just a few points of centralization to make sure it actually works and is secure.)

There just isn’t a better way to tell you what we are up to than that. Imagine developers building apps in a matter of days with the ability to request data from over 15,000 different sources from users – all with cutting edge privacy and security protections. And, more importantly if you’re a developer – all using one SDK! Yes, a single integration for more normalized, structured data than you can probably handle.

We will be rolling out new apps weekly, but we are announcing 9 new apps today. You can read our press release here.

This is the realization of a dream I have personally been working on for over 8 years. Probably the most infuriating response I’ve heard from Silicon Valley during that time is that people really don’t care about privacy because they keep using online services like Facebook and Google. That’s like saying people don’t care about clean air because they keep breathing.

The simple fact is that easy-to-use tools and apps designed from the ground up with privacy in mind (called “privacy by design”) just haven’t been available. That’s about to change. And we hope you’ll reach out to help us make certain it does. Whether you’re a developer, regulator, corporate CEO or concerned citizen, we’d love to hear what you think…and show you what we’re up to.

Facebook ignored recommendations from 2016 internal study on their data and privacy problem

facebook_2015_logo_detail

In early 2016, well after it learned about the massive scale violations by Cambridge Analytica of its user data, Facebook sanctioned an internal study about its approach to data and privacy. Led by its Deputy Chief Privacy Officer, the company convened a series of off-the-record workshops with 175 privacy and data professionals around the world.

Most of us were already well known for our concerns about Facebook’s approach to exploiting its vast troves of user data, but agreed to participate with the hope that we might help the company start acting more responsibly. The discussions were candid and hard hitting. We focused on the ethical and business challenges Facebook would face if were unable to reform itself. Many of us left encouraged.

Unlike most internal studies, Facebook decided, curiously, to produce a public version of their report, which I wrote about in June of that year. You can download a copy of the report here.

Against the recommendations of many of my colleagues, I publicly commended Facebook for such a thoughtful report and highlighted its findings about embracing greater transparency and control of data by users. Many of the ideas centered around new concepts of empowering users with their data and giving them agency over how and when it was used. A number of companies (including my own) were working on tools and business models that made that vision increasingly possible, and it was exciting to see such a decentralized, user-centric model articulated by Facebook.

I knew the findings would be hard for Facebook to implement in the short term, but viewed the report as being an important statement of where the company could go. Facebook was actually well positioned to take advantage of a new collaborative relationship with its users around data. I also sensed that the report represented an emerging, mostly European viewpoint inside the company, and wanted to do all I could to further their cause.

I went so far as to challenge Mark Zuckerberg directly:

“I hope Mark Zuckerberg reads it and internalizes its many good recommendations, especially given the powerful catalyzing role Facebook could play to empower people with data. It’s not just the right thing to do, it would be great for the company’s long-term business (oh, and for that pesky regulatory problem).”

I knew from my interactions at Facebook, including with board members and senior product and policy leaders, that without Zuckerberg’s full support, ideas so core to Facebook’s future would be dead on arrival.

Within a few months, it became clear that the report had indeed missed its mark. Follow up initiatives were either cancelled or redefined so narrowly that no one wanted to participate. People I reached out to at Facebook who should have known about the report said it hadn’t even registered on their radar. When I shared the specifics they simply responded “that does not reflect Mark’s thinking.”

At such a critical moment in the company’s future, I would strongly encourage the company to revisit its own recommendations. While centralized systems and tightly controlled companies can be effective in many contexts, Facebook has simply become too intertwined with how we live our lives to continue to operate that way.

This article originally appeared on Medium at this link.

Why digi.me is launching a new API and SDK for integrated social data

This post was co-written by Shane Green (@shanegreen) and Tarik Kurspahic (@tariktech) and originally appeared on Medium.

Anyone familiar with digi.me and our mission knows we are focused on empowering people with their data. We are building a data-driven future aligned with the needs and interests of people — where individuals can securely and privately aggregate, analyze and share massive quantities of data from across their life.

This user-centric approach to data also holds promise for developers and companies who want to collaborate with their users in a win-win data partnership. We think social data is a great place to start.

We have launched a new API and SDK for accessing normalized, integrated user data from five of the top social networks: Facebook, Instagram, Twitter, Pinterest and Flickr.

The idea is simple:

— A single integration to access tons more social data from your users wherever they may be

— The ability to establish your own terms of service with your users by asking them for their data and breaking free of the terms of service and restrictions from social networks

— Wicked new opportunities to innovate

— Protection from regulators by requesting permission from your users and embracing transparency

— Democratizing data by promoting the mission of empowering people

A single integration for tons more social data

Digi.me’s consumer app allows users to import their social data from five of the leading social networks. Recent court cases in Europe have affirmed the right of users to download and sync complete copies of their data, including their own posts, photos, videos, likes and comments, as well as many of the same types of data from friends where they have been tagged.

Without ever seeing, touching or holding a user’s data, digi.me makes it easy for users to connect to their various accounts and get a complete library of their social data. Our ontology, data normalization and standardization techniques ensure the data is easily accessible and reusable via a single API and SDK.

Your users will need the digi.me app to connect to their accounts and fetch their data. From there, your app needs to ask the user for consent to access it under terms you agree to with your users. Once the user approves your request, you get access to the requested data under terms you set with the user.

Break free of onerous terms of service

Again, due to our unique architecture and business approach, the users themselves are not subject to the normal terms of service of social networks that apply to businesses. Once users download their own copy of all of their social data (which they hold — not digi.me), they are free to share it however they choose and without restrictions.

So you can enjoy the peace of mind knowing that you have the ability to collaborate with your users and get permission to access the data that drives your business.

More data + new rules = more opportunity to innovate

We are constantly amazed at the things people build when they have access to data and the freedom to innovate. Digi.me provides a permission-based way for you to seek access to ever-expanding datasets far beyond social, including financial, wearables, health and entertainment directly from your users.

Never before has such a combination of up-to-date datasets been available to analyze and leverage.

Speaking of innovation, we decided to put the API through its first real test by putting on a hackathon at Reykjavik University in Iceland and the results were nothing short of awesome. Check out this page to see what smart people like you are already building on digi.me.

Regulators will love you

Instead of worrying about the uncertain regulatory environment, lean in to a user-centric model, a favorite of regulators in both Europe and the United States.

Digi.me has been recognized by regulators as the ideal approach for a fair, ethical and sustainable data-driven future. Everyone is a winner — consumers, companies, developers. Plus, in Europe, digi.me is entirely compliant with the new General Data Protection Rules (GDPR).

Your customers will love you

Your users won’t forget that you introduced them to this revolutionary new way of being in control of their digital lives. Help your users break free of data monopolies. Study after study shows people are deeply uncomfortable with the current model.

It’s not just great marketing, be among the first to do the right thing by your users.

We are already working with people to change the world and create innovative solutions, but we are just getting started. We’d love to hear what you think!

Digi.me merges with Personal

This post originally appeared on Medium and was co-authored by Shane and Julian Ranger (@rangerj)

With today’s announcement of the merger of digi.me and Personal, the personal data ecosystem takes a giant leap forward. (You can read the press release here.)

Personal and digi.me have each helped to define this sector — one that emphasizes individual control over the growing amount of data and analytics about people that fuels the digital world. We have done so by introducing revolutionary tools and rules for giving people control over their own social, personal, financial, health and other data while enhancing privacy, and by attracting world-class investors and some of the brightest minds in the space.

Since 2009, digi.me in Europe and Personal in North America have shared a common mission — to put people, rather than companies and governments, in greater control of their own data.

We have each made great strides, but we still have a long way to go. This merger will get us there faster and with greater force.

The timing could not be better — or the opportunity bigger. A perfect storm is brewing among rising consumer awareness, new regulations and increasingly grave threats to personal privacy and autonomy.

Shane, left, and Julian

Consumers are increasingly aware of the value that holding their own data brings and rebelling against others taking it from them without consent. For example, the Mobile Ecosystem Forum’s 2017 Global Consumer Trust study shows that when sharing data, 31% of consumers value personal data privacy-protection and access to it above financial rewards (29%) or discounts (22%).

Meanwhile, new legislation such as the European GDPR will deliver new consumer rights over ownership and use starting in May 2018.

And any citizen living in Europe or the United States knows that they are susceptible to various forms of government or corporate surveillance and data mining every day of the week. The vast quantity of data being collected and the deeply private insights from big data analytics and machine learning is accelerating geometrically, with users purposefully left out of the equation.

This collision of factors highlights the need for solutions like ours, but looking past the storm reveals a truly brilliant horizon. Indeed, the possibilities of what individuals and consumers can do when they control their own data are endless and powerful.

Users, businesses and governments all benefit when private sharing and consent access to personal data occurs.

With digi.me, users in Iceland, for example, can access their electronic health records and share relevant data with any medical professional who needs it through the Living Lab project — an example we intend to spread to other countries.

In finance, digi.me will be able to help consumers share their personal financial data with privacy and control with a banking or insurance company to help them get the best policy offer and reward their loyalty, but not by taking their data without permission and benefit for the consumer.

In education, Personal created a download app with the U.S. Department of Education to help make more than 100 fields of student financial aid data portable and reusable.

And a myriad of personal digital assistants and wearables will be able to arm consumers with the power of their own data just as they do for publicly searchable information like directions or comparison shopping for shoes or travel. Just imagine: You choose to integrate your personal data store with Amazon’s Alexa or Apple’s Siri, say “Hey, Siri”, and all of a sudden you can access an image of your passport or get your bank account or health information served up to you instantly and ready to share.

There is a tailwind behind what both digi.me and Personal have been working on since 2009, and it gets stronger every day. The merger will allow us to expand quickly to meet this growing demand.

Personal has brought to market the world’s best product for individuals and small teams to create and collaborate on data needed for thousands of information-related tasks. It will be fully integrated into the digi.me app later this year. (Personal’s enterprise version of TeamData is being spun off as an information security and productivity company for businesses.) Personal’s development team is first class, and both digi.me and Personal have been pioneers in designing privacy and cybersecurity in their respective platforms every step of the way.

Our combined teams will hit the ground running. We are investing in expanding digi.me’s U.S. operation, which will now be led by Shane, and we are already beginning to work with major U.S. brands to partner with our apps and services.

On the development side, our teams in London, Sarajevo and the United States will work to expand the ecosystem of personal data API connectors to new third-party apps and services and will integrate with major brand partners in multiple countries around the world.

Welcome to the new digi.me — a powerhouse that will help consumers connect their data with companies and their governments to help them make better decisions and improve their lives!

Julian is the founder and chairman of digi.me. Shane, co-founder and CEO of Personal, is now CEO of digi.me’s U.S. business.