Today’s Facebook report on personal data & privacy gets a lot right

Is it a wolf in sheep’s clothing or a sign of enlightenment at the world’s largest collector of personal data?

wolf-in-sheep-image

I must admit I was more than a little wary when I was invited by Facebook’s Global Deputy Chief Privacy Officer, Stephen Deadman, to participate in an off-the-record roundtable on the future of personal data and privacy. The involvement of the UK consulting firm helped convince me, given their long-time focus on building transparency and trust in this area. I’m glad I did.

I must admit I was more than a little wary when I was invited by Facebook’s Global Deputy Chief Privacy Officer, Stephen Deadman, to participate in an off-the-record roundtable on the future of personal data and privacy. The involvement of the UK consulting firm Ctrl-Shift helped convince me, given their long-time focus on building transparency and trust in this area. I’m glad I did.

Overshadowed by today’s announcement of 500 million Instagram users,Facebook released a report this morning called “A New Paradigm for Personal Data: Five Shifts to Drive Trust and Growth.” You can download it here: http://bit.ly/28L4HII or check out Deadman’s Op-Ed here:http://bit.ly/28LMDB9.

I hope Mark Zuckerberg reads it and internalizes its many good recommendations, especially given the powerful catalyzing role Facebook could play to empower people with data. It’s not just the right thing to do, it would be great for the company’s long-term business (oh, and for that pesky regulatory problem).

While much of the report’s thinking has been articulated previously, including by Ctrl-Shift, the Personal Data Ecosystem Consortium (where Personal, Inc. was a founding member), the World Economic Forum’s Global Agenda Council on Data and The Aspen Institute’s Communications & Society Program (both of which I participated in), it matters that Facebook spent its time and energy to convene so many trusted experts — 175 in all across 21 global roundtables — and to publish such a thoughtful and balanced report.

Unlike regulators, privacy and security advocates or most any industry player, no matter how large, Facebook is in a unique position to put the tools directly into the hands of their users and provide powerful direct and indirect incentives for them to start becoming hubs for their data.

In this model, users could re-use their data in a permission-based way, and in infinite combinations, across the entire connected universe at home, work and everywhere in between. It would be the ultimate democratization of data in a fair and transparent ecosystem where individuals actively decide when, where and how to participate in a robust value exchange tied to their data.

So why would Facebook take such a risk when its current business model is built on its ownership and control of user data?

Deadman answers that question in the introduction to the new report:

My observation from the years I’ve spent working on privacy and data related issues is that the personal data debate has been largely grounded in a limiting premise – that the desire to innovate with data is generally incompatible with preserving individuals’ rights to privacy and self-determination.

This premise is entrenched by regulators, policymakers and industry, as we tend to talk in terms of trade-offs, as though these two equally desirable goals will always be in tension with each other, and our only choice is to balance them off against each other.

I firmly believe that such trade-off thinking is undesirable – it leads to suboptimal outcomes – and I also believe it’s unnecessary: we now have the skills, technology and motivation to transcend this supposed trade-off.

He goes further:

The debate also entrenches an assumption that only organisations can control data, ignoring the ability and potential of individuals to take a more active role, exercising agency, choice and control over their own data.

I don’t think the evidence supports this assumption. What is more, when people have more control over their own data, more growth, innovation and value can be created than when they don’t.

It’s this very last point that will win the day. There is simply more opportunity to innovate and create value when individuals are empowered in this way. No single company, or government for that matter, can ever match the competitive advantage of individuals (or teams of individuals) to aggregate and permission access to the constantly growing and changing data from across their lives — including their connected devices.

And those who try to keep the individual out of the equation risk being punished as this new model emerges. Data collection, use and monetization simply can’t be kept behind the curtains much longer. Deadman is right to draw Facebook’s attention to both the opportunity — and the risk — of not embracing the rightful role of users.

There is also a surprising set of security benefits of a model with less standalone copies of data in the world, especially when the data that is shared on a session basis and comes networked with real-time validation and authentication. The future would not only be more secure with this approach, it also happens to be in the interest of the world’s largest identity provider.

In our own business, we are seeing this user-centric model starting to take root inside the workplace by and between employees. The enterprise is one of the few places where the need for individuals to practice active data management and data security is both understood and able to be mandated. It’s probably no accident that the Facebook at Work solution is one of the company’s biggest new initiatives.

The report finishes with grand brush strokes, painting a vision of a race to the top among companies who compete for access to user data based on trust, transparency and the value they can deliver. These market-based solutions have all the elements of the “digital enlightenment” many of us have been talking about for a long time.

For those of you worried that Facebook is simply trying to co-opt this new model before it is even established, or use it as a shield to avoid regulation, I understand the concern. But I really don’t think there will be any going back once it happens. As people wake up and experience the magic of having their data go to work for them, they will never be passive about their data or oblivious to its value again.

While Facebook has a lot to gain by being a leader, it has even more to lose by being seen by its community of users as holding them back. I applaud Deadman and his colleagues for taking such a bold position.

This post was originally published here on Medium.

Data as a Human Right

This post was originally published on the World Economic Forum Blog.

WEF-logo

Data has the power to transform our lives – collectively and individually. What is needed to unlock the profound opportunity data affords to improve the human condition – and to defend against a multitude of threats – is not technical, but an ethical framework for its use by and beyond those who initially collect it, including providing access to individuals.

At its most fundamental level, data about individuals represents a new kind of “digital self” that cannot be easily distinguished from the physical person. Some consider it a form of property; others a form of expression or speech. Those working in the area of genomics often view personal data as the DNA sequences that make us truly unique. Whatever lens one uses, it has become increasingly clear that the consequences of how personal data is used are every bit as real for people and society as any material, physical or economic force.

Properly harnessed by ethical practitioners, the principled use of “big data” sets can improve our economies, create jobs, reduce crime, increase public health, identify corruption and waste, predict and mitigate humanitarian crises, and lessen our impact on the environment. Similarly, empowering individuals with access to reusable copies of data collected by others, also called “small data”, can help them drastically improve the quality of their lives, from making better financial, education and health decisions, to saving time and reducing friction in discovering and accessing private and public sector services. Evidence of the positive impact of leveraging data, by both institutions and individuals, abounds.

However, data, like the technology that generates it, is in and of itself neutral. It can be used for good or ill. With a proper, ethical framework, data can – and should – be leveraged for the benefit of humankind, simultaneously at the societal, organizational and individual level. Misused, its power to harm and exploit is similarly unlimited.

In fact, what raises the ethical use and respect for data potentially into the realm of a fundamental human right is its ability to describe and reveal unique human identity, attributes and behaviors – and its power to affect a person’s, and a society’s, well-being as a result. Just as in the physical world, basic rights and opportunities must be preserved.

Indeed, it is already well recognized that invasions of our digital privacy can be exploited for repression, and that technologies for sharing data can be harnessed to support freedom. More fundamentally, though, we need to extend our core rights themselves into the digital world. For example, we must adapt our notion of freedom of thought to account for the new reality that much of our thinking goes on in digital spaces – as does the management and sharing of our most private information. Preserving individual freedom will now require protecting autonomy with respect to our own data.

Clearly, cultural and regional differences regarding human rights in the analog, physical world are sure to arise in this digital, data-oriented world. We do not seek to resolve those issues, but to develop a clear framework of principles to help provide data, data access and data use the protections they deserve.

The Era of Small Data Begins

This post was originally published under the same title on the Personal blog, A Personal Stand.

This is the first post in a series on the rise of “small data” and the new platforms, tools and rules to empower people with their data. It was written for “The Rise of Big Data” panel at the Stanford Graduate School of Business E-Conference on March 6, 2012.

Big data is big business

More data is created every year or so than has been created in all of human history. In this always-on, always-connected world, where even things are being plugged into the Web, the amount of data is growing exponentially.

The collection, storage, analysis, use and monetization of all that data is called “big data.” Corporations and governments are hyper-focused on becoming big data experts to avoid being permanently left behind. The first movers to master the art and science of big data are already changing the way we live, while disrupting industries and amassing fortunes at speeds never before seen.

Given the stakes, massive investments are being made every year to build the technology and expertise required to succeed in big data, optimized, of course, around the needs of companies and governments, not individuals. Industry experts have likened this big data boom to the early days of “big oil,” and refer to data as the “new oil.” Just as oil was essential to building the modern industrial economy, data has become the lifeblood of the new digital economy.

Companies must learn to compete in big data regardless of their industry, or else face obsolescence. This is a tough challenge and touches all aspects of the operations, strategy and culture of companies. At the same time, opportunities abound as entirely new industries are emerging around data as they did around oil — sourcing, extracting, refining, mining, analyzing, distributing, and selling large sets of data.

Big data creates big problems

With its insatiable appetite for digital bits and bytes on each of us, big data is driving a virtual arms race to capture and exploit information about our every move. Big data will log the life of a child born in 2012 in such a way that the person’s activities will be able to be reconstructed not just by the day, but by the hour or minute. In the hands of bad actors, the potential for wrongdoing with these permanent and growing archives of our lives is real and rightfully concerning.

Yet, until recently, people had virtually no idea of big data’s existence as its tools and marketplaces remained largely hidden. The next generation of tracking and data mining technologies are being created based on the assumption that individuals do not care enough to change their online and mobile behavior, which confuses lack of interest with the current lack of alternatives.

But with privacy and security concerns now front-page news, and the financial triumphs of companies built entirely from personal data such as Facebook, Google and LinkedIn, people are waking up and starting to ask tough questions. While companies and government regulators negotiate over how to curb the most egregious risks and abuses, a new and more powerful model is emerging that is designed around the needs and interests of people, providing them a far better, more sustainable alternative to the status quo.

Enter small data

Small data puts the power and tools of big data into the hands of people. It is based on the assumption that people have a significant long-term competitive advantage over companies and governments at aggregating and curating the best and most complete set of structured, machine-readable data about themselves and their lives – the “golden copy”. With proper tools, protections and incentives, small data allows each person to become the ultimate gatekeeper and beneficiary of their own data.

Built on privacy by design and security by design principles, small data can help people become smarter, healthier, and make better, faster decisions. It can help people discover new experiences more easily, reclaim time in their busy lives, and enjoy deeper, more positive relationships with others.

Small data can also greatly improve the capacity and performance of governments and non-governmental institutions, from eliminating time-consuming forms and other inefficient data practices, to improving public health and education by leveraging the power of more accurate and complete data provided with an individual’s permission. Such institutions can also help share important data with individuals, allowing them to have a copy for their own use.

Applied to commerce, small data holds the promise of connecting people with the best and most relevant products and services in a safe and anonymous environment. It can transform advertising into a more respectful, less disruptive industry that rewards people for their time and engagement with their messages and for their purchases. Small data offers customers the opportunity to better balance and assert their interests with companies (some have called this model Vendor Relationship Management (VRM)). Companies who play by these new rules and earn the trust of individuals will be rewarded with access to rich and robust data otherwise unavailable, giving them instant competitive advantages over companies who choose to go it alone.

The first small data platform – a data vault, private network and apps

Personal has spent over two years designing, building and launching the first scalable small data platform. At its core is a secure data vault to aggregate and store structured and unstructured data from just about any source. A private, personal network sits on top to set permissions for data to enter or exit the vault. People are able to connect with other people through the network, and soon with companies, apps, and private or public institutions, and decide which, if any, of their data they are willing to grant them permission to access.

We have put equal weight on privacy and security, and on helping people leverage their own data in exciting, new ways. These concepts are inextricably linked in small data, which requires a high degree of trust to function properly. Similarly, we have rewritten the legal rules of data ownership to protect and empower users, who we call owners. And, because we know relationships can sometimes end, we have built what we believe is the most complete data portability and deletion capabilities in a data platform. Trust doesn’t work unless you are truly free to leave.

In addition to launching our own apps in the coming months, we are inviting developers to apply for early access to build apps on our platform to show off the power and benefits of small data. Individuals have never imagined the magic of running apps on reusable, structured data about the most important things in their lives, while developers have never assumed having access to such high quality data on which to innovate. The possibilities are limitless.

We are excited to help usher in this new era where permission, transparency and privacy become the norm, and where companies and governments have to align around new rules and provide clear and compelling benefits in order to earn access.

At Personal, we see the future through the lens of small data — and we think it will change everything.

A Digital Bill of Rights By the People, For the People

This post was originally published under the same title on the Personal blog, A Personal Stand.

The Obama Administration unveiled today its long-awaited framework for online privacy, Consumer Data Privacy in a Networked World. The result is a bold and thoughtful step in the right direction, and it will make an impact, regardless of whether Congress acts. It’s another sign that power on the Internet is shifting toward individuals and away from companies.

There’s still much more to do:

1.  In talking about reform and creating a new model, we must put individuals firmly at the center of the framework. This means giving them the tools to drive demand for their valuable data resources to transform the current model into a “user-centric” one. With individuals truly in control – and looking out on the world from their perspective – every other principle and right about privacy falls into place.

2.  While the framework will require companies to re-evaluate their data practices and conform to new standards, what about our government’s obligations in handling our data? The Obama Administration has been impressively forward-looking in this arena – particularly with veterans, education and health record data – but it seems that individuals care as much about what the government knows about them as they do about companies.  We need rules for government, too.

3.  Actual citizens need a seat at the table alongside the privacy advocates, law enforcement representatives, companies and academics that will help establish codes of conduct.  If the framework is being constructed for the benefit of individuals, don’t we deserve a say in the matter, too? Perhaps the final say?

To make the last point a reality, we’re taking matters into our own hands.  In a few weeks at SXSW in Austin, Texas, I will join my friend, Anne Bezancon, founder and CEO of Placecast to create – with other SXSW attendees – a Bill of Rights “by the people, for the people” that we would expect both companies and the government to respect. If you will be attending the conference, please join us for our interactive Sunday afternoon session, We the People: Creating a Consumer’s Bill of Rights. Please also check out the session by our CTO, Tarik Kurspahic, on building a “privacy by design” company.

What is your personal data really worth?

This post was originally published under the same title on the Personal blog, A Personal Stand.

New York Times reporter Joshua Brustein provides a great introduction to the model that Personal and companies like us are developing in “Start-ups Aim to Help Users Put a Price on Their Data.” However, a central question remains unresolved: what is the true economic value of personal data?

No one knows the answer – yet – because no fair market exists for individual data.  The question raises the possibility that, if it’s not very much, people are unlikely to care enough to change their behavior. We believe there are a host of non-economic reasons that people will want to proactively manage their data (time savings, greater privacy, less friction, making better, faster decisions, etc.), but the question of determining economic value is critical.

New York Times photo of Personal team

The current model is built for companies, not people

Some look for clues to the average annual revenue per user for Google and Facebook. These “free” services, whose advertising revenue is based largely on personal data, earn $24 and $4 respectively per person every year. But is $28 enough to motivate people to change their behavior and do a lot of work? Maybe not.  But it is the wrong question. Properly used, we believe companies like Personal will be able to prove your data, when tied to a single purchase, can create 10-20x the value that Google or Facebook can over a year.

The current paradigm is entirely dysfunctional and inefficient from the perspective of the individual. For example, the Direct Marketing Association says over 97% of online advertising fails to reach the right person at the right time. The pennies from the 3% success rate may add up for companies exploiting data across millions of people, but it requires a number of unsustainable practices, such as the increasingly invasive and sometimes unethical tracking of people. It also requires that they co-opt your attention and time and resell that along with your data to others trying to reach you.

The emerging user-centric marketplace

What might a user-centric marketplace look like and how much economic value can a person realize in a year?

First, you need a marketplace that respects the sanctity of one’s data, time (time is money, after all), privacy and identity (anonymity is the default). The technologies, business rules, and legal and privacy protections must be created nearly from scratch to protect the individual. (Our CTO, Tarik Kurspahic, will present at SXSW on building a privacy-by-design platform).

Second, the marketplace would focus on commercially relevant data such as your brand, travel or clothing preferences, along with data about your intent to buy something (also known as purchase intent).  These two types of data alone can fundamentally change data economics when combined with a controlled marketplace to reach you when and how you want to be reached.

This last point is key. We do not support the idea of people “selling” personal data. Rather, we believe such data can be used in a safe environment to connect people with companies with highly relevant products, services and even content and information. Doc Searls and others have referred to this idea as Vendor Relationship Management (VRM). Companies that play by these new rules will have the most direct and positive channel ever created to reach people, including their existing customers.

People can realize thousands of dollars per year

Finally, we believe companies that earn your business (and those who don’t) will be willing to compensate individuals for having the chance to interact with qualified buyers of their particular good or service.  This far more efficient marketplace can easily add up to thousands of dollars annually as people realize the full benefit of their data, time and purchases. That should move the needle for just about anyone.

We appreciate the serious attention being focused on this emerging space by the New York Times, as well as The Wall Street Journal, The Economist, AdAge, AdWeek, Forrester Research, MIT Tech Review, The Washington Post, TechCrunch, Mashable, the Harvard Business Review and others. It is an idea that will ignite untold innovation and benefits for each of us.

A World Without Borders – Customer Data in Bankruptcy

Here is the link to my post in the Personal company blog on how customer data should be treated in bankruptcy: http://blog.personal.com/2011/09/a-world-without-borders-–-customer-data-in-bankruptcy

We don’t have this issue at Personal as individuals own their data from the start when using our data vault service (thus there would be no “customer data assets” for us to sell were the company to go out of business), but I expect it to become a bigger and bigger issue in the coming years.