Data Portability Can Mitigate Privacy Issues

from the take-your-data-with-you dept

Ed Felten recently did an interesting series of posts on the challenges of holding companies accountable for respecting their customers' privacy. The fundamental problem is that even today's company executives want to commit to high standard of privacy protection, they may not have any way to credibly bind tomorrow's company executives to keep those promises. Even if the company signs a legally-enforceable contract promising not to violate customers' privacy, that might not be an effective deterrent, especially for a cash-strapped startup that has little to lose. When a startup goes belly-up, its assets -- including its databases -- often get sold off to the highest bidder, and it may or may not be possible to hold the new owner accountable to the same standards as the original firm.

Felten suggests a couple of possible approaches, including putting cash in escrow or putting the actual data in the hands of a trusted third party. Another approach that might help would be to guarantee the customer an exit option by providing the ability to export data to an open format at any time. This obviously isn't a perfect solution, because the company can still do unsavory things with the data it already has. But it would help to protect customer privacy in two important ways. First, because customers wouldn't be locked in, they could prevent the company from getting its hands on any more data. Second, it would give customers some real leverage. A site's customer base is one of its most important assets, so the threat of a significant number of them switching to a competing site would make it more sensitive to customer concerns. Eschewing customer lock-in is a good way for a company to commit in advance to be responsive to customer concerns.

Of course, the ultimate lesson here is that customers should be cautious about putting personal information online at all, because no matter what promises companies make (or what privacy laws Congress might enact), data leaks happen. Security problems, rogue employees, and less-than-anonymized datasets are facts of life in real companies. So while companies should certainly do what they can to respect their customers' privacy preferences, customers should also carefully limit which information they share online. Ultimately, the only real protection against online privacy violations is to not put your information online in the first place.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data portability, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Gary, 26 Mar 2008 @ 6:26am

    How does this change anything?

    What is to keep company A from simply holding on to a copy of your data or selling it to a spammer along with the name of the company you moved to? The problem with putting something on line is that it is very hard to delete all of it. The ability to opt out has never really worked well.

    link to this | view in thread ]

  2. identicon
    Rose M. Welch, 26 Mar 2008 @ 10:06am

    I don't think that...

    ...I should have to give my information out to most of these asshole who ask for it. I pay my telephone and cable bills before I receive the service, so they don't need to run a credit check or anything. I'm not on a contract with those companies. Why the hell do I need the third-degree? So they can sell my info. The only people who need to know who I am are my physician, my place of employment, my insurance company, and anybody I ask for money on credit.

    Out of those people, they either already have very strict privacy practices in place, or they're not neccesary services. But nowadays everyone wants to be Big Brother. Even news sites want to know who the hell you are, no matter how many times people put fake info in there.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.