I just came across an old article from Jerry Fishenden proposing how a more Creative Commons approach to the giving of personal data permissions.
The way in which we give and store data about ourselves is based on a very old model at its core. Somehow data about us becomes “their” data, and then we have to trust that “they” manage and protect and respect the permissions that we have given “them”. Oh, and that “they” delete that data at the end of its lifetime.
Too many people holding too much data with too much complexity for it to ever work, other than as a way to allow data protection experts to make a living.
But in these days of APIs, why should we keep all of our data ourselves, and then grant permission to third parties to access that data as and when we see fit? A single repository of data, under our control. Still complex, but surely a better model to protect information than throwing it to the wind?
To an extent this is starting to happen with the use of services like Facebook to provide identity to other online providers. The only issue with this (and for the permissions for things like apps on smartphones) is that the conditions tend to be non-negotiable and unchangeable. When I try to use, say, Facebook, to authenticate myself on another service, that service will tell me what it wants access to, and it’s all or nothing. I can’t tailor those requests – it’s a binary decision.
There is also a question about whether I would want or trust Facebook to be my primary store of personal data. Who should we trust to provide such a service becomes a big issue. However, do I trust my core data more with one supplier than all of them? At least I’d have a sense of control.