Berners-Lee: You've Got Our Data, Show Restraint 76
itwbennett writes "Your browsing behavior may reveal more personal information than you'd tell your own mother. Which is why Tim Berners-Lee is urging technology companies to 'show more restraint' in how they use the information they hoover up. 'We're moving towards a world in which people agree not to use information for particular purposes. It's not whether you can get my information, it's when you've got it, what you promise not to do with it,' said Berners-Lee, speaking out against the U.K.'s proposal to allow government intelligence to monitor digital communications."
what i do is simple, and it works (Score:4, Interesting)
Getting creepy (Score:5, Interesting)
Lately, I have been noticing my "targeted" ads while surfing around the web and am getting a little creeped out. I bought a couch a few weeks back online and I am seeing ads for furniture companies all the time. If my search results and ads are tailored specifically for me, how do I get exposed to new things?
Seems like it will pigeon hole the entire internet into blues records, Linux, Old Vespa Scooters, and furniture ads. It's like having an obsessed girlfriend getting you a bunch of stuff just because you may have mentioned it one time in passing.
USA, Step 1: Change Bankruptcy Law (Score:5, Interesting)
In the good ol' US of A, a company can bend over backwards to in fact do no evil with the personal data they collect. But, if they go Chapter 7 bankruptcy (the full monty), the court is under no obligation to care. They view marketable data as just another asset to be sold off to satisfy creditors... even Scientology [wikipedia.org].
Given the current Congress, I think the easiest (but by no means best) first step towards better privacy protection would be some tweaks to Title 11 of the United States Code [wikipedia.org].
Somewhat easier with corporations (Score:5, Interesting)
I've had good success with my clients and their developers limiting the data they keep by focusing on their potential legal liability should the data leak (internal or external) and/or be misused. The less data you have, and the less sensitive that data, the lower the cost of any data leak.
As Mr Miyagi said "Best defense, no be there."
And while storage is cheap, there is a cost to maintaining data, and that's not insignificant. Keep only what you need, or it's probable that you'll need. Throw everything else away.
When dealing with governments, or corrupt individuals/companies, those arguments may not work as well.
Crack Babies (Score:5, Interesting)
Re:Good analogy (Score:5, Interesting)
Berners-Lee has it arse-backwards, by the way: instead of promising what they won't do, companies should simply follow the law laid down in a number of European countries: if you collect data on your customers, you can only use that data for the stated purpose, and nothing else. Now, I don't mind Amazon and Google having certain data on me. As long as they play nice. Which means some additional rules:
- Don't state that you'll use my data in every which way you see fit: use it only for those purposes that I had in mind when I gave you my data.
- Don't bury your data privacy statement in 54 pages of legalese: the statement should be visible, clear, and at most half a page (I wouldn't mind that rule to be made into law...)
- Be very clear on which 3rd parties you share my data with, for what purposes (see the first rule), and under what conditions.
- You will protect my data well.
- At any time I will have the option to rescind my permission to use my data. (by the way, that does not amount to that godawfully misguided "right to be forgotten" idea. It pertains to personal data that is a shared secret between me and some company, not to public contributions I or others have made)
Of course companies could simply ignore the law and share my data anyway, but at least they'd be breaking the law and you could take them to court if you catch them at it. That is perhaps what Berners-Lee is hinting at: it'd be a lot better if data was shared under clear and enforceable agreements, and agreements that benefit the data owner, not the recipient.