Mary — Personal Data Ecosystem Consortium

Resigning my Post as Chairman at PDEC

19 December 2011 by Mary Leave a Comment

Effective immediately I’m resigning from the Personal Data Ecosystem Consortium’s board after nearly 14 months as Chairman.

As many of you might have seen, we accomplished a lot in the last twelve months, written up in our Part I, II and III end of year summary newsletters (at our blog here, here and here).

In this first year of PDEC, we published papers, spoke at events and contributed to various endeavors in the personal data discussions happening on the web and in person around the world.

I’m personally very committed to a world where individuals drive their own data and I’m very proud of the work we did at PDEC, which is focused on companies and how those companies can build for a personal data ecosystem.

In the past couple of months, I’ve also worked to create a new org: Customer Commons, with about eight other folks, where the org is for Individuals only, no companies may join. Customer Commons looks at markets and data from a strictly individual point of view. I believe that it’s a conflict of interest to work on both organizations (which represent either individuals or companies). Therefore, I want to see Customer Commons get up and running, and I realize I can’t remain at PDEC, which represents the company perspective on the personal data ecosystem.

So for the foreseeable future, I’ll be working on the same personal data issues, but from this Individual perspective, at Customer Commons. I wish Personal Data Ecosystem Consortium all the best.

~ Mary Hodder

Filed Under: News, PDEC's Blog

Who Stewards the Personal Data Question? Org Chart

30 November 2011 by Mary 4 Comments

Org Chart: Stewarding User-Driven Personal Data

Note: This post was originally published at Napsterization.org/stories.

Below is a diagram showing the non-profit organizations (note: no for-profits, conferences or governmental orgs were included) that are stewarding pieces of the Personal Data Ecosystem. I wanted to show how the orgs are relating to the problem of how to remake our digital lives, through more user-driven personal data, for more equal transactions throughout our lives with companies, the online world, and our government.

[Read more...]

Filed Under: Publications, Resources

Personal Goes Live

18 November 2011 by Mary Leave a Comment

Personal launched a couple of days ago, and the coverage has been terrific. As a Startup Circle member, PDEC wanted to share the news.

Personal.com launch photo

Personal’s own post about their launch.

Techcrunch’s post by Leena Rao

Mashable

The Economist’s blog

Identity Woman’s post on Personal

(NOTE: in full disclosure, Identity Woman is Kaliya Hamlin, PDEC’s Executive Director.)

Personal offers personal data store services on the web, for individuals, for free. People put their data into “gems” which then allow for the reuse of the data at the person’s discretion. Personal is very clear that people own their own data in their data stores. Personal plans to add iPhone and Android apps later this month.

PDEC wishes Personal well on its journey toward success!

Filed Under: News, PDEC's Blog

Should an Actress be Suing IMDB Because She Doesn’t Want Her Age Posted?

14 November 2011 by Mary Leave a Comment

(This post is cross-posted at Napsterization.org/stories, my personal blog on disruptive technologies.)

Brad McCarty of The Next Web thinks the IMDb: Age-publishing lawsuit is “a frivolous abuse” and should be dropped.

Reading his piece, I can see that on first glance, it sounds silly. An actress anonymously sues the Amazon-owned IMDB folks because they won’t remove her birthdate, claiming that it will adversely affect her career. And now, IMBD has asked the judge to only allow the lawsuit to move forward if her name is made public:

“Truth and justice are philosophical pillars of this Court. The perpetuation of fraud, even for an actor’s career, is inconsistent with these principals. Plaintiff’s attempt to manipulate the federal court system so she can censor iMDb’s display of her birth date and pretend to the world that she is not 40 years old is selfish, contrary to the public interest and a frivolous abuse of this Court’s resources.”

But this argument between IMDB and the actress points to a much bigger issue, and it’s not the one about IMDB making its living trading on other’s data, whether from Hollywood or the users who add to the IMDB system for free, which I would understand is a fairly selfish undertaking by IMDB.

Why should IMDB be able to operate “selfishly” by publishing people’s personal data, outside their discretion, and the actress in question not be able to “selfishly” make a living by trading in her looks for salary? I would say IMDB is pretty hypocritical here. And do they really think the Judge, the public, or the Hollywood set they make money from, are that stupid that we wouldn’t understand that IMDB is selfish too?

I understand from reading the Hollywood Reporter article that the IMDB believes she may be the same actress that years ago tried to change her birthday, submitted by a previous agent to IMDB. Since IMDB believes this is an issue of fraud (they have no proof), they now want the identity of the actress made public. But since the old information isn’t part of the case, does it really matter? Yes, I get that actresses have lied about their ages for a long time, but is it really “in the public interest” to out this woman? It’s definitely in her economic interest not to out her, so i just think Amazon-IMDB are being nasty and frankly it seems frivolous of them to try to out her.

But this is really beside the point.

The Larger Issue

I believe people should be able to choose what personal information is shown about them on websites.. especially data that isn’t or wasn’t before the past 10 years, public. It’s easy to dismiss this as vanity or frivolous.. but as more and more personal data is out there, and as people lose control of it.. it points to a much larger issue: how do individuals control information about them that doesn’t really need to be public?

I can see that by having her age obscured, the people who hire her would just think of her age based upon appearance.. which is actually for an actress or actor, probably a good measure. Giving the specific age will plant that in producer’s and public’s heads. So I can see her point.

Rather than get into a discussion of harms and “how bad is it” about one or another data breaches, I think the real question is:

What kind of society do we want to have, where everyone’s data is public and out of their control? What does it do to us, to devolve into a totalitarian model where everyone is afraid because frankly, everyone has something to hide? Or maybe their friends do.

Right now, life and health insurance companies are telling the press and their investors that they are screening people in Facebook. And it’s not just you under scrutiny. It’s your friends. This was covered extensively in the Wall Street Journal “what they know” series a year ago. There are also finance companies that are telling users to “unfriend” anyone they are connected to in Facebook with bad credit… because when you are reviewed, friends with bad credit will reflect on you.

This issue of personal data and control is much larger than an actress and her age being displayed without her consent.

It’s about how we allow others to show information about us, verses having control of it ourselves. I think for a civil and democratic society to work, we can’t leave that up to companies with no oversight and a big profit motive, but instead need to think about giving the individual ultimate control over certain types of personal data.

So while the actress may be vain, may be trying to gloss over her age, or may just be reflecting the economic realities of her profession, which i do think are real, and we may poo-poo this as silly, this lawsuit reflects the much greater tension about personal data and control and actually could be a really interesting test case, given that we don’t have much privacy law in the US.

Filed Under: News, PDEC's Blog Tagged With: hollywood, lawsuit, Personal Data, privacy

What’s Up at the Information Sharing Working Group? Toward Voluntary Sharing of Information: A Legal Framework

31 October 2011 by Mary Leave a Comment

By Judi Clark and Joe Andrieu

The Information Sharing Work Group, a working group at Kantara, has been working for several years on translating VRM (Vendor Relationship Management) principles into a legal framework for user-driven information sharing.

The basic idea is simple: before actually sharing information, people should be able to establish appropriate terms of use for their information in a binding contract with the data recipient. Since data recipients can’t afford to review a million different contracts (different ones for each user), we believe the most effective route is to standardize on a fair and reasonable contract that meets both individuals’ and vendors needs.

You can find more details about our work on our Working Group page at the Kantara Initiative.

Our approach has been to start with detailed scenarios outlining the entire relationship between an individual and multiple vendors, assuming a personal data ecosystem that enables permission based information sharing. We did this for a car buying scenario first. And then did a deep dive in the Personal RFP phase to define the actual use cases that would enable that model. We also have real estate and car rental models under development to extend the work into additional domains.

At the moment, we are working with counsel and a creative team in the UK to develop the first working draft and visual presentation of the standard information sharing agreement. Counsel is working on the first draft of the legal agreements underpinning a trust framework that would enable information sharing. The creative team is working on the visual design of the information sharing agreement label, a short form presentation of the specific data transaction agreement covering a specific sharing instance. Our goal is to create an open standard, royalty-free, cost-free legal framework that, ideally, could be used by just about all PDEC participants as a standard way for individuals to share data with value-added service providers.

Filed Under: News, PDEC's Blog

Robert Cringley on Personal Data

21 July 2011 by Mary Leave a Comment

Cringley writes here in The Decline and Fall of Facebook

My interest is in what follows Facebook, which I think must be its disintermediation by all of us reclaiming our personal data, possibly through our embracing the very HTML5 that Roger loves so much. The trend is clear from “the computer is the computer” through “the network is the computer” to what’s next, which I believe is “the data is the computer.”

It’s nice to see more and more folks understanding the need for us to reclaim and control our personal data.

Filed Under: News, PDEC's Blog

PDEC Startup Circle Launched concurrent with World Economic Forum meeting

7 June 2011 by Mary 2 Comments

Who:	Kaliya Hamlin, Personal Data Ecosystem Consortium (PDEC) executive director
What:	Ms. Hamlin announces PDEC’s first class of members in its Startup Circle
When:	Tuesday, 7 June 2011 at 1300 Vienna, Noon London, 5:00 AM New York and 3:00 AM San Francisco
Where:	Vienna, Austria
Why:	The first thirteen Startup Circle companies are building tools that shift control of personal data from corporations to individuals.

Today’s Story:

Vienna, Austria, June 7, 2011. Somebody’s watching you… and we’re not talking about a stalker.

Your interests and browsing patterns, your family relationships and lists of friends, your recent purchases, your income and investments, your job and academic history, and your health – all are of great interest to companies that make it their business to get to know you better.

This isn’t a bad thing, considering that most of the time your preferences are used to help you find more of the things you already like, make your choices easier, solve your medical problems safely, facilitate communication, and help in other life-improving ways. Imagine trying to send webmail without an address book, for example — or applying for a job without a resume.

3 June 2011 by Mary Leave a Comment

Où va la “quantification de soi” ? by Hubert Guillaud, Le Monde, June 3, 2011.

Elle qui promeut un écosystème des données personnelles a quand même trouvé un moment pour défendre sa vision dans laquelle les usagers contrôlent leurs données via des espaces de stockage personnels, plutôt que celui de leurlaisser accéder seulement à des applications dans lesquels les utilisateurs n’ont pas vraiment accès à leurs données, autrement que via des services web et des interfaces de programmation qui ont surtout pour fonction d’envoyer un peu de leurs données ailleurs (comme sur Twitter ou Facebook).

Filed Under: Press

WEF: Rethinking Personal Data

1 June 2011 by Mary Leave a Comment

Kaliya Hamlin will be attending this World Economic Forum event in Vienna, Austria. June 7, 2011. WEF LOGO

Filed Under: News

Tracking Do Not Track at Morris + King

29 April 2011 by Mary 3 Comments

A bit of Context
Obviously, this diagram is a little cynical, but not too far off from how we manage personal data online today. But there are a lot of proposals on the table to fix this dilemma. One is Do Not Track which industry sees as something they can self-impose on an *opt-in* basis (for themselves) and opt-out (for the users) and self-regulate by having advertising trade org.s monitor compliance, with the FTC stepping in as necessary. There are also a number of DNT bills introduced in Congress and various hearings on tracking where the FTC would regulate implementation. And Johns Kerry and McCain have introduce a Rights and Responsibilities proposal in the Senate, that instead of Do Not Track (Kerry’s LA, Danny Sepulveda told me DNT is a waste of time) suggest ways that data collectors would have to be responsible with our data. However, that bill lets 3rd party marketing, data tracking and Facebook’s privacy bending ways totally off the hook. Both of these plans / legislative initiatives completely ignore the more than 40 startups and companies building for the Personal Data Ecosystem where users would collect their own data, and make use of the value, which the World Economic Forum recently said was “a new asset class”.

That said, the rest of this post describes the Tracking DNT panel at Morris + King the other night.

Tracking Do Not Track
Tuesday night I was on a panel at Morris + King, an PR firm in NYC, called Tracking Do Not Track. Our hosts: Andy Morris and Dawn Barber (who co-founded NY Tech Meetup with Scott Heifferman) were very good about putting together a diverse group of people to talk about Do Not Track and the various issues with personal data and the advertising industry that have so many talking these days. My guesstimate was that about 100 people attended, mostly from industry (tech & advertising).

Our group included:
Brian Morrisey (Editor in Chief of Digiday, an ad industry trade publication) as Moderator
David Norris (CEO of Blue Cava)
Dan Jaffe (Exec VP, Govt Relations for the Assoc of National Advertisers – ANA)
Helen Nissenbaum, Professor, Media, Culture & Communication at New York University
and me: Chair of the Personal Data Ecosystem Consortium

We started off with Brian’s question: who are you, what do you do in a nutshell, and what do you think of the state of online privacy these days?

I was first.. and gave a quick explanation of PDEC which is to say that we offer a middle way between Do Not Track (DNT) and what is going on now online (Business as Usual). Our middle way offers a market solution to users’ wanting control of their data, and the tracking and digital dossier building by shadowy companies to stop..we don’t believe DNT will work and don’t support it, though we do see that some kind of “Rights and Responsibilities” legislation would help create a level playing field for any company that collects personal data. Those rights and responsibilities for personal data collectors needs to include giving user’s a copy of their data, so they can then put them into personal data stores (or banks, lockers, etc) and then use the data as the person sees fit.

Oh, and I said the state of online privacy was pretty dismal, though I was optimistic because it feels like this year, it’s actually possible to get personal data some basic protections similar to HIPPA or FCRA where user’s can get their data, and we can make the Personal Data Ecosystem emerge as a market solution that finally works for people. Granted, it’s a 5-7 year proposition to really create a new market, but we can actually start this year because of the 40 or so startups that are funded and building pieces of the PDE and the push in the US Government to do something about the dismalness of online privacy.

Helen Nissenbaum, whom I’ve admired for years for her thoughtful approach to privacy and usability, agreed that privacy online was pretty bad, and explained her work around Adnostic, a “privacy preserving targeted advertising” system made with some Stanford folks.

By far, the best comment Helen made all night was that tracking and aggregating data that pivots on people is not ethical, that it’s bad for people and for the incremental 1% improvement we might see in targeted advertising, it’s not worth the incredible intrusiveness of tracking. In particular she said, “Anonymization does not change intrusiveness.”

Dan Jaffe spoke next, and surprise, agreed that online privacy is not good, but talked about how publishers need to support their businesses and that behavioral advertising is helping them do it, and that Do Not Track should be self-regulated by the industry because they know their business best. And government has a tendency to screw up regulations and therefore, we should let advertisers figure out what works.

Next up was David Norris, who agreed with my use of the word, “dismal” to describe online privacy and said that Blue Cava was supporting a self-regulatory model because they didn’t feel that Do Not Track as proposed for legislation was a good idea.

We chatted about the viability of Do Not Track, and with Norris, Jaffe and me all agreeing it wasn’t a good idea. However Jaffe said he didn’t like the idea of any regulation, that the industry could do it themselves, and that my “data rights and responsibilities” support for legislation would be just as bad for data collectors.

Folks in the audience, like Esther Dyson, pushed back on Jaffe, saying that she wanted the ability to choose where and when her data was out at some vendors site, and that’s why, she said, “I’m supporting Mary and her organization” because it’s a market model that gave her choice.

I was very pleased to hear her endorse us (thank you Esther!)

In the end, I think we got our message out which is that tracking individuals is a bad thing, that users should be the only ones tracking themselves across sites, but that sites can track within the site to optimize business. And that users should have a marketplace to trade data, like they do in mileage accounts, and choose when they trade, as partners, and not have it done for them in secret as is the case now. And that we want to see users data protected with a basic set of rights, like Health, Education and Financial data currently is now.

Curiously, Dan Jaffe made a comment about HIPPA, the health data protection law, suggesting that users get their health data so maybe they could get their personal data too. Given that that is a law, and he was opposed to regulation of any sort otherwise, I wasn’t sure what to make of this.

However, I was really pleased with the opportunity to talk about PDEC, the startups and tech efforts to create a personal data ecosystem, and to provide a different view than the usual support for Do Not Track as we try to figure out what is best for our society.

Thanks Andy and Dawn for inviting me!

Filed Under: News, PDEC's Blog Tagged With: advertising, DNT, Do Not Track, Morris + King, Personal Data, privacy