It’s business as usual for privacy at the US Chamber of Commerce and Internet Association

With the exception of a call for greater transparency around how companies collect and use data — a growing bi-partisan, public-private sector bright spot in the American debate on privacy — the US Chamber of Commerce’s ten new privacy principles and the Internet Association’s almost identical principlesreleased today reflect long-standing industry hostility towards effective government regulation and privacy more broadly. The principles are mostly an extension of the “trust us to do the right thing” argument they’ve been making for years, which have failed miserably.

The Chamber’s very first principle to prohibit state laws altogether on the subject is a not-so-subtle swipe at the popular new law on privacy in California, which industry fought tooth and nail. While imperfect, the law marked an important watershed in popular awakening to the abuses and dangers of the current “click here so we can own your data” model. The Chamber goes on to say in this first principle that “the United States already has a history of robust privacy protection,” which, in addition to being downright cynical and wrong, signals a new round of opposition to meaningful government oversight or intervention.

Their principle on harm-focused enforcement is another clearly outdated and limited approach, as is the call to prohibit individuals from being able to bring an action based on an infringement of their privacy. Together, they completely marginalize us as citizens and consumers, and ask us to trust the system to work on our behalf.

Meanwhile, the Internet Association has loopholes and doublespeak galore. Almost all references to data rights are bounded by phrases like “personal information they have provided,” which often amounts to less than 1% of data collected or purchased by companies. The coup de grace: “individuals should have meaningful controls over how personal information they provide to companies is collected, used, and shared, except where that information is necessary for the basic operation of the business…” When the entire business is predicated on advertising or personalized content and services, I’m not sure what is left really.

As a skeptic myself toward most prescriptive government regulations — I’d rather see innovative new tools and business models solve market and societal failures wherever possible — I spent years watching how utterly incapable industry is of reforming itself when it comes to data and privacy. There is simply too much money and power tied to them while all of the negative externalities fall on us as users — a textbook market failure.

That led me, in addition to my startup efforts on privacy, to work on a number of initiatives that helped create the principles and specifics for the new EU regulations known as GDPR (General Data Protection Regulation). These laws, also imperfect, not only aim to curb current abuses, they mandate far greater transparency and provide a roadmap for a fairer and more sustainable data and privacy model built around the rights of individuals about how their data is used.

Criticized for stifling innovation, GDPR is actually doing the opposite — it is catalyzing the private sector to start building new services that empower people directly with their data, competing both over how much value they can create for users if given access to their data while also showing what good stewards they can be of that data. It’s turning the “race to the bottom” we’ve seen around data and privacy into a much more enlightened and compelling “race to the top.”

Not surprisingly, the Chamber and most US companies have not been fans of GDPR. The lip service given in the principles to “privacy innovation” is a far cry from the vision and efforts underway in Europe, and nowhere do they reference our rights as citizens or consumers. In fact, as mentioned earlier, they only seek to limit those rights.

The most concerning potential development is the use of regulation shaped by these industry lobbying groups to further entrench their power and disadvantage startups and newcomers. The Electronic Frontier Foundation and others have been sounding the alarm on that possibility, and my read on the recent Congressional hearings by Facebook and Twitter is that this is their new strategy. In fact, the degree to which these privacy principles mimic the principles of GDPR while undermining them at every turn is nothing short of dastardly.

To conclude on a positive note, transparency is the single most important key to addressing the worst abuses around privacy and to unlocking a private sector competition to do right by users and their data. Despite 20 years with the curtains drawn tight around data collection and exploitation by industry, it’s simply un-American to stand against greater transparency — which is why both Republicans and Democrats are in favor of it.

Embracing the Chamber’s and the Internet Association’s call for transparency is the perfect jujitsu opportunity for those of us who want to see a more pro-user, pro-privacy model emerge. The real battle will be over just how far it goes, over how much we truly get to see and understand how our data is collected and for what purpose. Once that genie is out of the bottle, we can expect the private sector to get back to what it does best — creating even more incredible data-driven services that truly meet our needs and interests.

Digi.me launches ‘iTunes of personal data’

dm-app-store-blog

I know that’s kind of a bold statement – and likely to ruffle the feathers of our blockchain-loving, decentralized-worshiping friends. But we are excited to announce the official launch of digi.me’s app store (little “a”, little “s”), which you can find at digi.me/share. (And our architecture is almost entirely decentralized and distributed…with just a few points of centralization to make sure it actually works and is secure.)

There just isn’t a better way to tell you what we are up to than that. Imagine developers building apps in a matter of days with the ability to request data from over 15,000 different sources from users – all with cutting edge privacy and security protections. And, more importantly if you’re a developer – all using one SDK! Yes, a single integration for more normalized, structured data than you can probably handle.

We will be rolling out new apps weekly, but we are announcing 9 new apps today. You can read our press release here.

This is the realization of a dream I have personally been working on for over 8 years. Probably the most infuriating response I’ve heard from Silicon Valley during that time is that people really don’t care about privacy because they keep using online services like Facebook and Google. That’s like saying people don’t care about clean air because they keep breathing.

The simple fact is that easy-to-use tools and apps designed from the ground up with privacy in mind (called “privacy by design”) just haven’t been available. That’s about to change. And we hope you’ll reach out to help us make certain it does. Whether you’re a developer, regulator, corporate CEO or concerned citizen, we’d love to hear what you think…and show you what we’re up to.

Why digi.me is launching a new API and SDK for integrated social data

This post was co-written by Shane Green (@shanegreen) and Tarik Kurspahic (@tariktech) and originally appeared on Medium.

Anyone familiar with digi.me and our mission knows we are focused on empowering people with their data. We are building a data-driven future aligned with the needs and interests of people — where individuals can securely and privately aggregate, analyze and share massive quantities of data from across their life.

This user-centric approach to data also holds promise for developers and companies who want to collaborate with their users in a win-win data partnership. We think social data is a great place to start.

We have launched a new API and SDK for accessing normalized, integrated user data from five of the top social networks: Facebook, Instagram, Twitter, Pinterest and Flickr.

The idea is simple:

— A single integration to access tons more social data from your users wherever they may be

— The ability to establish your own terms of service with your users by asking them for their data and breaking free of the terms of service and restrictions from social networks

— Wicked new opportunities to innovate

— Protection from regulators by requesting permission from your users and embracing transparency

— Democratizing data by promoting the mission of empowering people

A single integration for tons more social data

Digi.me’s consumer app allows users to import their social data from five of the leading social networks. Recent court cases in Europe have affirmed the right of users to download and sync complete copies of their data, including their own posts, photos, videos, likes and comments, as well as many of the same types of data from friends where they have been tagged.

Without ever seeing, touching or holding a user’s data, digi.me makes it easy for users to connect to their various accounts and get a complete library of their social data. Our ontology, data normalization and standardization techniques ensure the data is easily accessible and reusable via a single API and SDK.

Your users will need the digi.me app to connect to their accounts and fetch their data. From there, your app needs to ask the user for consent to access it under terms you agree to with your users. Once the user approves your request, you get access to the requested data under terms you set with the user.

Break free of onerous terms of service

Again, due to our unique architecture and business approach, the users themselves are not subject to the normal terms of service of social networks that apply to businesses. Once users download their own copy of all of their social data (which they hold — not digi.me), they are free to share it however they choose and without restrictions.

So you can enjoy the peace of mind knowing that you have the ability to collaborate with your users and get permission to access the data that drives your business.

More data + new rules = more opportunity to innovate

We are constantly amazed at the things people build when they have access to data and the freedom to innovate. Digi.me provides a permission-based way for you to seek access to ever-expanding datasets far beyond social, including financial, wearables, health and entertainment directly from your users.

Never before has such a combination of up-to-date datasets been available to analyze and leverage.

Speaking of innovation, we decided to put the API through its first real test by putting on a hackathon at Reykjavik University in Iceland and the results were nothing short of awesome. Check out this page to see what smart people like you are already building on digi.me.

Regulators will love you

Instead of worrying about the uncertain regulatory environment, lean in to a user-centric model, a favorite of regulators in both Europe and the United States.

Digi.me has been recognized by regulators as the ideal approach for a fair, ethical and sustainable data-driven future. Everyone is a winner — consumers, companies, developers. Plus, in Europe, digi.me is entirely compliant with the new General Data Protection Rules (GDPR).

Your customers will love you

Your users won’t forget that you introduced them to this revolutionary new way of being in control of their digital lives. Help your users break free of data monopolies. Study after study shows people are deeply uncomfortable with the current model.

It’s not just great marketing, be among the first to do the right thing by your users.

We are already working with people to change the world and create innovative solutions, but we are just getting started. We’d love to hear what you think!

Personal Receives pii2011 Innovator Spotlight Audience Choice Award

When you spend almost two years working on something, and you show it for the first time to a room full of 250 experts, you start to reconnect with long-forgotten anxieties from, say, your first day at a new school. And when the internet connection for the live demo fails, albeit momentarily, you are right back on your first date trying to remember even the most basic details about your life.

Thankfully, Personal’s debut at pii2011, the Privacy Identity Innovation conference, was well received by a patient and supportive audience, who selected us and PassTouch (a super cool visual touchscreen login app) for the Innovator Spotlight Audience Choice Award. Given all of the thoughtful people and companies in the room working on this historical shift towards a user-centric data ecosystem, we are thrilled to get this recognition.

I have a lot of competing reflections from the conference. At times I have complete confidence that the company-centric data ownership model will change quickly now that  public awareness is growing so fast and real alternatives are emerging. But I also appreciate how hard it will be to align all of the good intent from so many different players, some of whom are still thinking too incrementally, while the current model continues to accelerate wildly (I couldn’t help but notice LinkedIn’s meteoric IPO updates while listening to the speakers).

Finally, please check out Personal’s new web site and videos at www.personal.com to let me know what you think. We spent a lot of time and effort trying to make our product and vision accessible to people who are not experts. They are the ones who have to buy in to this model for it to ever have a chance of succeeding.

Data Gems and the Value of Data

Data gemsIt’s been a while since I’ve had time to write – at least thoughtfully. We have been heads down since the beginning of the year finishing our user-centric data platform, data vault and permission-based data sharing service, and are excited to start moving into our next closed beta release shortly.

One of the biggest challenges with a product and model as different as ours – where individuals aggregate, own and use their personal data for their benefit – is demonstrating the real world value of such data and making it easy to manage in large amounts across one’s life. We developed the concept of a “data gem” to help make abstract, “lifeless” data more tangible and real, and to highlight its literal and figurative value (and where else would you store your gems but a vault!).

A data gem is discrete set of reusable, modular data that addresses some kind of activity, thing, issue or need. The three examples in the image are a Wi-Fi gem, which contains information about my router and how to access my Wi-Fi network, an Air Travel Preferences gem, which contains information about how I like to fly, and a Car Insurance gem, which effectively replaces the print or PDF car insurance policies locked away in my filing cabinet or my hard drive with actionable, structured data. Some gems are for organizing information in your life, while others are designed for sharing, and yet others for commercial activities.

The bright orange circle is Personal’s particular take on how a data gem might look, but the concept goes beyond our implementation. As we developed them, you can enter or import data once and have it populate the same fields across multiple gems. They are also designed to be modular so they can be easily combined when shared with others. For example, a babysitter could easily be granted access to related gems on the kids, the home, the television, and emergency contacts. The granularity of gems also allows a high degree of control over how much information is shared with others without creating burdensome user controls.

We have created about 100 gems so far, and are starting to engage others to define new gems and standards for making them as interoperable as possible. I would enjoy hearing your thoughts. S.