Data Ownership Might Not Work for Social Networking Sites
from the open-or-closed dept
Chris Saad, head of the DataPortability Project, weighs in on last week’s announcements from MySpace, Facebook, and Google of new data-sharing services. Saad says that while none of these services fully achieve the goals of DataPortability, all are steps in the right direction, and MySpace’s approach is most promising. Saad points out that data-sharing is grounded in a social contract. He gives the good example of an email address book. When someone sends me email, it’s understood that I’m free to put it in my address book, and that I’m mostly free to do as I please with my address book. I can, for example, export my address book to a third party site to see if my friends are using the site. However, I face social pressures not to do something malicious like sell my address book to spammers. If I did that, many of the friends in my address book might not speak to me again.
Now social networking sites are trying to hash out a similar social contract for the use of their customers’ data. When Facebook cut off Google from its Connect service, it was effectively trying to establish a similar, albeit more restrictive, social contract: using information from Facebook is OK, but sharing it with third parties is not. But it’s not clear how well this will work. As Tom pointed out a few months ago, it’s extremely difficult to limit the spread of information once it’s been released online. Also, notice that in the address book example, much of the force of the social contract comes from personal ties to the people in my address book. Companies don’t have personal relationships, and they can’t exert pressure on one another in the same ways individuals can. So when information-sharing is automated, informal social mechanisms may not be sufficient to stop abuse.
There are several ways the social networking world could evolve. One is the totally open approach of email, in which it’s assumed that any information you put online can be widely shared. Another is the walled garden approach that now dominates with instant messaging, in which sites tightly control access to information and offer very little third-party access to it, and people have to sign up for multiple services to reach everyone. A third possible model is a “data ownership” model, in which sites share information while users retain ultimate control over it. But as Ed Felten pointed out back in January, ownership may not be a good way to think about privacy issues. It may not be possible to design contractual mechanisms that make these ownership claim enforcible. And that would mean we’d face a choice between a totally open model and a totally closed one, with very little in between.
Filed Under: data ownership, data portability, social contracts
Companies: facebook, google, myspace
Comments on “Data Ownership Might Not Work for Social Networking Sites”
But...
But I don’t want to let people know my data who I don’t trust to not sell my data to spammers.
Data portability is a nightmare for CEOs and VCs. Watch the valuation of social networks plummet as customers move quickly and easily from yesterday’s news (MySpace), to today’s news (Facebook), to tomorrow’s news (????). I think this just proves that these social networking sites were never worth their outrageous valuations in the first place…
The Natural Rights of Data Ownership
See my recent blog post about the natural rights of data ownership: Coveting Personal Data.
Excerpt:
Recently I’ve noticed a fair bit of ‘data envy’ going on – suspicion and concern about the personal data silos being constructed for commercial motives. While it may be wise to remain suspicious and concerned about any corporation’s motives, many people appear to feel that personal data about them naturally remains private to them and should rightfully be surrendered, deleted, or tightly controlled at the subject’s behest by any entity who collects it.
In the context of personal data, privacy is not the right to control what other people record or say about you (even if of a personal nature), but to prevent others having access to your private domain and all your personal data or secrets within it, and if they do via unauthorised access obtain such information, to prevent them revealing it further.
Despite an understandable desire by people to have control over circulation of their disclosed secrets and their confidants’ statement of them, moreover to have control over others’ data and databases that may be relied upon to make such statements, there is no such natural right, nor sanction for such an unnatural privilege to be created.
Re: The Natural Rights of Data Ownership
We don’t need any such rights or privileges, just the ability to enforce agreements. If a web site doesn’t want to agree to protect the data I give them in a manner I find acceptable, that’s fine. I have the choice to not do business with them. If someone else doesn’t care about their privacy, and has their data sold to spammers because the company didn’t say they wouldn’t do that… well I’m not sure I’d say that’s A-OK, but there needs to be some degree of responsibility on the part of the customer. The problem comes when companies make guarantees in their agreements with the customer, and then do not fulfill them.
What's private anyway
One of the important nuances often missing from discussions such as these is what can is rightfully considered private data and what is not.
I consider my social security number off limits to Facebook but not to my bank. My medical information is off limits to all except my doctor and possibly insurance company.
The point is that there is a continuum of privacy related to our data. Who we share with is predicated by where on the continuum that data lies. Until we better understand how to rank or categorize data on a scale of privacy, we have little hope of controlling or understanding what other entities do with it.
Some social network apps are beginning to address this issue by, for example, allowing the user to create various groups that can access only subsets of personal data. For example, I blogged recently about zLoop, a social networking application that allows users to create such groups.
Data Ownership
I find it hard to accept that the data pertaining to my private life / personal details can be used indiscreetly by the social networks. In this regrad, I would like if we can keep the data where we like instead of at the website and letting the share feature available from social networks. I am not seeing any progress in that direction and hence really worried about joing some of the social networks.
Techies as a group should look at the possible solution and come up with methods to prevent spamming through social networks.
I agree with Nasch that until then, we will probably hav to stop transacting with the locations that allows such spamming.
While mentioning that my medical records are private between me and my doctor / Insurance company, Roger is alos supporting a similar view.