Data Portability Can Mitigate Privacy Issues
from the take-your-data-with-you dept
Ed Felten recently did an interesting series of posts on the challenges of holding companies accountable for respecting their customers’ privacy. The fundamental problem is that even today’s company executives want to commit to high standard of privacy protection, they may not have any way to credibly bind tomorrow’s company executives to keep those promises. Even if the company signs a legally-enforceable contract promising not to violate customers’ privacy, that might not be an effective deterrent, especially for a cash-strapped startup that has little to lose. When a startup goes belly-up, its assets — including its databases — often get sold off to the highest bidder, and it may or may not be possible to hold the new owner accountable to the same standards as the original firm.
Felten suggests a couple of possible approaches, including putting cash in escrow or putting the actual data in the hands of a trusted third party. Another approach that might help would be to guarantee the customer an exit option by providing the ability to export data to an open format at any time. This obviously isn’t a perfect solution, because the company can still do unsavory things with the data it already has. But it would help to protect customer privacy in two important ways. First, because customers wouldn’t be locked in, they could prevent the company from getting its hands on any more data. Second, it would give customers some real leverage. A site’s customer base is one of its most important assets, so the threat of a significant number of them switching to a competing site would make it more sensitive to customer concerns. Eschewing customer lock-in is a good way for a company to commit in advance to be responsive to customer concerns.
Of course, the ultimate lesson here is that customers should be cautious about putting personal information online at all, because no matter what promises companies make (or what privacy laws Congress might enact), data leaks happen. Security problems, rogue employees, and less-than-anonymized datasets are facts of life in real companies. So while companies should certainly do what they can to respect their customers’ privacy preferences, customers should also carefully limit which information they share online. Ultimately, the only real protection against online privacy violations is to not put your information online in the first place.
Filed Under: data portability, privacy
Comments on “Data Portability Can Mitigate Privacy Issues”
How does this change anything?
What is to keep company A from simply holding on to a copy of your data or selling it to a spammer along with the name of the company you moved to? The problem with putting something on line is that it is very hard to delete all of it. The ability to opt out has never really worked well.
I don't think that...
…I should have to give my information out to most of these asshole who ask for it. I pay my telephone and cable bills before I receive the service, so they don’t need to run a credit check or anything. I’m not on a contract with those companies. Why the hell do I need the third-degree? So they can sell my info. The only people who need to know who I am are my physician, my place of employment, my insurance company, and anybody I ask for money on credit.
Out of those people, they either already have very strict privacy practices in place, or they’re not neccesary services. But nowadays everyone wants to be Big Brother. Even news sites want to know who the hell you are, no matter how many times people put fake info in there.