The idea of Cookie Laws requiring millions of websites to self-declare their use of profiling* techniques should have been passed-over in favour of promoting/requiring easy-to-use client side anonymity settings within** the handful of browsers on the market. I believe things are moving this way now, but they should have started this way. The ‘bad tech’ of profiling (something I’m a big fan of so apologies for the term) should have been fought with the ‘good tech’ of client side anonymity protection (like cookie-denial and the more extreme, anti-fingerprinting approach of a virtual machine per session). Requiring ‘good tech’ to (be allowed to) serve the needs of consumers, not only leads to a better user experience, it is also delivers a far more robust system – one which doesn’t depend on self-regulation and manual audits.
Financial services regulation has identified the need to ‘crack open’ the data assets of banks (via PSD2 and APIs) to bring about a wave of innovation and competition. The mandating of a ‘good tech’ layer (in the form of APIs) is truly enlightened. I’d like to see a similar approach introduced to help protect against the current giants of the internet economy resting on their laurels and achieving/maintaining hyper-profitability (with all the social issues this creates – something which is now being talked about more and more as technology owners [and not technology workers] lay claim to an ever greater share of the economy). So what might this look like?
Lets take the example of Location Data …
Google knows where you’ve been. With this they can enhance the experience their products deliver to you, and I like many of you am willing to make the trade-off of less privacy for greater functionality. I have no problem with this. However with every passing year, any new entrant faces ever greater barriers to entry. And this is not good for competition. But, if my phone (or personal cloud) stored by location history (for me), and could, upon a request from a new provider allow me to share my location history with a single click – then the playing field is suddenly a lot more level. The user would always be in control. And crucially the user would now know themselves as well as others do, enabling them to capture/offer the value of this to whomever they chose. Most probably not in terms of selling it for direct monetary reward, but rather by facilitating a competitive market delivering better functionality and lower prices.
I should be able to let the next competitor to Uber, the one that hasn’t spent billions trying to create a monopoly, get a leg up when I join them by sharing my past activity. They can then offer me an equivalently tailored service – but at a 10% take-rate rather than 20% (I’ll split the difference 50:50 with the drivers).
Regulation that allows consumer loyal technology services to emerge would do more to fight oligopolies and protect privacy than legislation aimed at making the big players ‘behave’. Red-tape would give way to a red-ocean of competition.
What would the regulation for the above look like?
Intelligent defaults would be used to neutralise the need for future (profit margin reducing) market entrants to spend billions (that they wouldn’t / shouldn’t need or have) on consumer marketing to promote the idea of data portability. Legislation would see consumers default opted-in to a data portability standard.
Device manufacturers would be denied sole access to data assets. For example, all location logging would be mirrored to a portable data standard. This does not mean 3rd parties would be granted access to location logging functionality, but rather the location logging allowed by the manufacturer (limited perhaps for battery performance reasons) would be made available to both the user (for future use via the portability standard) and the manufacturer.
Regulation would then be outlined to help layout how data once stored should be able to be shared. For example, users should have the option to share all, or only a limited time window or data. Or users should have the option to share exact locations, or ‘rough’ location data no more granular than 5km grid squares.
Manufacturers of devices would be required to deliver the technology to support the logging of the data – consumers would be responsible for providing a 3rd party cloud data store if they wanted to keep data beyond the life/or (allocated) capacity of the device.
This would essentially see ‘connection requests’, much like we see now from services wanting access to our Google or Facebook Accounts, coming directly to us. New services would ask to connect with our data, and not the data Google or Facebook hold on us. The experience should/could be just as simple, but the market structure implications would be huge.
* And some non-profiling use-cases that got caught it the same net
** The settings may be in the browser, or a service that the browser is required to call