January 23, 2012

Personal Data is the Currency

Personal data is the currency of today's digital market, and like any currency, it needs stability and trust. Only if consumers can 'trust' that their data is well protected, will they continue to entrust businesses and authorities with it, buy online, and accept new services.

That's from EU Commissioner Viviane Reding, speaking at the DLD Conference in Munich.

I think the final sentence there takes an optimistic view on users' understanding of the issue, but I hope that we can build a Web where something like that will be obviously true to everyone.

Ms. Reding's proposal for new regulations on that front has three main components.

First, people need to be informed about the processing of their data in simple and clear language. Internet users must be told which data is collected, for what purposes and how long it will be stored. They need to know how it might be used by third parties. They must know their rights and which authority to address if those rights are violated.

Second, whenever users give their agreement to the processing of their data, it has to be meaningful. In short, people's consent needs to be specific and given explicitly.

Thirdly, the reform will give individuals better control over their own data. I will include easier access to one's own data in the new rules. People must be able to easily take their data to another provider or have it deleted if they no longer want it to be used.

The first bit, explaining to users that their data is being collected and for what purposes, does happen some today but not always "in simple and clear language" and very often not in a context the user is likely to understand or actively participate in. The second part, that it must be opt in, also may be in common use today with all the click-through TOS, though even I don't read those so I don't know if that's the case.

But it's the third part that I think is really novel and important. Users have a right to be forgotten. I should be able to pull my data back out of a system, and not only the data I actively submitted, but any additional data that's been collected as a result of my use of the system. For example, Google lets me kill my Docs account and pull that content, but they don't let me see, much less manage, the targeted advertising profile of me that they build based on my "use" of Google services like AdSense, DoubleClick, Analytics, and the various other Google surveillance tools I happen across when I'm surfing the Web.

How user data is managed is going to be one of the next big challenges we face on the Web. Europe may set the pace but it's up to all of us to be a part of any solutions.

Posted by asa at 10:18 AM