Data Portability Can Mitigate Privacy Issues

from the take-your-data-with-you dept

Ed Felten recently did an interesting series of posts on the challenges of holding companies accountable for respecting their customers' privacy. The fundamental problem is that even today's company executives want to commit to high standard of privacy protection, they may not have any way to credibly bind tomorrow's company executives to keep those promises. Even if the company signs a legally-enforceable contract promising not to violate customers' privacy, that might not be an effective deterrent, especially for a cash-strapped startup that has little to lose. When a startup goes belly-up, its assets -- including its databases -- often get sold off to the highest bidder, and it may or may not be possible to hold the new owner accountable to the same standards as the original firm.

Felten suggests a couple of possible approaches, including putting cash in escrow or putting the actual data in the hands of a trusted third party. Another approach that might help would be to guarantee the customer an exit option by providing the ability to export data to an open format at any time. This obviously isn't a perfect solution, because the company can still do unsavory things with the data it already has. But it would help to protect customer privacy in two important ways. First, because customers wouldn't be locked in, they could prevent the company from getting its hands on any more data. Second, it would give customers some real leverage. A site's customer base is one of its most important assets, so the threat of a significant number of them switching to a competing site would make it more sensitive to customer concerns. Eschewing customer lock-in is a good way for a company to commit in advance to be responsive to customer concerns.

Of course, the ultimate lesson here is that customers should be cautious about putting personal information online at all, because no matter what promises companies make (or what privacy laws Congress might enact), data leaks happen. Security problems, rogue employees, and less-than-anonymized datasets are facts of life in real companies. So while companies should certainly do what they can to respect their customers' privacy preferences, customers should also carefully limit which information they share online. Ultimately, the only real protection against online privacy violations is to not put your information online in the first place.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data portability, privacy