Berners-Lee: You've Got Our Data, Show Restraint

itwbennett writes "Your browsing behavior may reveal more personal information than you'd tell your own mother. Which is why Tim Berners-Lee is urging technology companies to 'show more restraint' in how they use the information they hoover up. 'We're moving towards a world in which people agree not to use information for particular purposes. It's not whether you can get my information, it's when you've got it, what you promise not to do with it,' said Berners-Lee, speaking out against the U.K.'s proposal to allow government intelligence to monitor digital communications."

what i do is simple, and it works

[FudRucker]

do not trust the internet, treat it like a criminal or like holding a poisonous snake, = you got learn to use the internet without letting the internet use you.

Getting creepy

[bigredradio]

Lately, I have been noticing my "targeted" ads while surfing around the web and am getting a little creeped out. I bought a couch a few weeks back online and I am seeing ads for furniture companies all the time. If my search results and ads are tailored specifically for me, how do I get exposed to new things?

Seems like it will pigeon hole the entire internet into blues records, Linux, Old Vespa Scooters, and furniture ads. It's like having an obsessed girlfriend getting you a bunch of stuff just because you may have mentioned it one time in passing.

USA, Step 1: Change Bankruptcy Law

[cmholm]

In the good ol' US of A, a company can bend over backwards to in fact do no evil with the personal data they collect. But, if they go Chapter 7 bankruptcy (the full monty), the court is under no obligation to care. They view marketable data as just another asset to be sold off to satisfy creditors... even Scientology [wikipedia.org].

Given the current Congress, I think the easiest (but by no means best) first step towards better privacy protection would be some tweaks to Title 11 of the United States Code [wikipedia.org].

Somewhat easier with corporations

[gstrickler]

I've had good success with my clients and their developers limiting the data they keep by focusing on their potential legal liability should the data leak (internal or external) and/or be misused. The less data you have, and the less sensitive that data, the lower the cost of any data leak.

As Mr Miyagi said "Best defense, no be there."

And while storage is cheap, there is a cost to maintaining data, and that's not insignificant. Keep only what you need, or it's probable that you'll need. Throw everything else away.

When dealing with governments, or corrupt individuals/companies, those arguments may not work as well.

Crack Babies

[SuperCharlie]

Call me Luddite, call me an old fogey, hell, call me Aunt Mable and dress me up in a nice billowy dress. What has happened here is we have a generation of internet crack babies. We all know there is no chance in hell that everything we do on the internet, and on our nifty phones is not databased for sale and control of us. The issue is that we (as a group) simply can not put down the crack pipe. We wont. We dont care if you strip us down and shove a data tracker striaght up our ass, just give me more internet. And dont bogart the bandwidth. The answer is to abstain. The reality is we are way too far down this addiction to stop.

Re:Good analogy

[JaredOfEuropa]

There are many cases where you'd want to give your data to online entities. Slashdot has my email address. Amazon has my physical address, which kind of helps them delivering the stuff I order from them to my doorstep. The utility company has my physical address and my bank details. And so on. Sure, you could pay everything in cash, not order anything online or set up a P.O. Box, and create dedicated email addresses and identities for every site that makes you sign up. But I'd rather not go through the trouble.

Berners-Lee has it arse-backwards, by the way: instead of promising what they won't do, companies should simply follow the law laid down in a number of European countries: if you collect data on your customers, you can only use that data for the stated purpose, and nothing else. Now, I don't mind Amazon and Google having certain data on me. As long as they play nice. Which means some additional rules:
- Don't state that you'll use my data in every which way you see fit: use it only for those purposes that I had in mind when I gave you my data.
- Don't bury your data privacy statement in 54 pages of legalese: the statement should be visible, clear, and at most half a page (I wouldn't mind that rule to be made into law...)
- Be very clear on which 3rd parties you share my data with, for what purposes (see the first rule), and under what conditions.
- You will protect my data well.
- At any time I will have the option to rescind my permission to use my data. (by the way, that does not amount to that godawfully misguided "right to be forgotten" idea. It pertains to personal data that is a shared secret between me and some company, not to public contributions I or others have made)

Of course companies could simply ignore the law and share my data anyway, but at least they'd be breaking the law and you could take them to court if you catch them at it. That is perhaps what Berners-Lee is hinting at: it'd be a lot better if data was shared under clear and enforceable agreements, and agreements that benefit the data owner, not the recipient.