Re: [projectvrm] Ownership of information

["bernard lunn" < >]

I am also new to this list, so please excuse if I am making "no duh" comments.

My understanding is that ownership is not legally possible. I cannot
own data about me. The directory/database vendors don't own data about
me either - they own the layout and other forms of organization but
not the underlying data.

Also data is out there - you cannot squeeze toothpaste back into the tube.

But that does not matter. What matters is that I have data about
myself that is a) unique and b) valuable to markers. Data value erodes
over time. So if I control the new data I control the value.

The issue I am wrestlng with is what type of entity can be the trusted
infomediary so that buyers can be anonymous while sellers get just
enough data that they need for that transaction? Technically this is
relatively simple. The trust issue is critical. Please don't say we
need Congress to change the law!

Bernard

On 10/29/07, Iain Henderson 
<
 >
 wrote:
> Hi Joerg,
>
> I'm just catching up with this thread. I take the view that VRM will
> put in place the building blocks that will enable some degree of
> ownership of personal data by its 'subject'.
>
> The main piece of infrastructure, in my opinion, will be the personal
> data store. Such services will enable the individual to put in place
> a 'customer record' that will be deeper, richer and more accurate
> than anything their supply base can put together.
>
> In turn that will lead to the individual, should they choose to,
> being able to sell access to that data to organisations they wish to
> engage with (orgs are already well accustomed to buying poorer grade
> data). So if one can sell something, and wrap some contract law round
> about the sale, then by default the individual owns at least that
> part of the data relating to them that they are able to sell.
>
> There are obviously many other aspects of data that relate to the
> individual that will remain less clear in terms of ownership
>
> I've blogged a bit more on this issue at the Right Side Up blog
> ( http://rightsideup.blogs.com/my_weblog/2007/10/can-i-own-my-da.html )
>
> Cheers
>
> Iain
>
>
>
>
>
>
> On 12 Oct 2007, at 09:14, Joerg Resch wrote:
>
> > After some time of reading – my first posting now. I´m not very
> > used to mailinglists, please excuse if I force any written or
> > unwritten rules.
> >
> > Mitch,
> > I would like to point to the fact that information cannot be owned,
> > because it is not kind of an object which may be attributed to a
> > subject by law (which itself is information as well). There is a
> > very good publication about the ownership of information from Jean
> > Nicolas Druey: http://cyber.law.harvard.edu/home/uploads/339/
> > Druey.pdf .
> > So, talking about the persistence and flow of identity information
> > between parties and through market places, we should not try to
> > think, that we can own that information. If I understand the VRM
> > discussion and the concept of user centric identity right, it is
> > about creating a more balanced position between parties taking part
> > in whatever market place, where some kind of "rules layer" on top
> > of the information layer gives me the power to influence it´s flow.
> > I´m not the owner of my doctor´s diagnosis, even if it concerns me.
> > But I may have some rights influencing the distribution of this
> > diagnosis, because it affects me. We need a home for these rights,
> > instead of trying to own information.
> > VRM, how I understand it, is about creating kind of a rules
> > metasystem above or beyond the walled gardens we currently have.
> >
> > Joerg Resch
> > Kuppinger Cole
> >
> > From: Mitch Ratcliffe 
> > [mailto:
 ]
> > Sent: Freitag, 12. Oktober 2007 04:32
> > To: Mark Lizar; ProjectVRM list
> > Subject: Re: [projectvrm] Microsoft's Personal Health Care Records
> >
> > Bank = owner? Banks don't own the money they hold. Remember that
> > every ledger sheet has to balance--banks make a profit on their
> > management of money, including their own balancing of assets and
> > liabilities as well as from fees paid for transaction (management
> > of money) services.
> >
> > Banks don't own money, which is technically the property of the
> > central banks that issue currencies.
> >
> > We may own our data, but it seems the problem is working not with
> > one intermediary, as in the resource-constrained geographically
> > disparate cash or electronic money economy, but many intermediaries
> > in a variety of domains. Even banks have clearinghouse services.
> >
> > Perhaps the better taxonomy is:
> >
> >           Money = Data
> >           Central Banks create and own bank notes = people create
> > and own data about themselves (and have the same level of
> > connectivity, albeit not throughput).
> >           Banks = "value-added" domain-specific intermediaries
> >           Currency = no user-centric analog, which is why banking
> > analogies fall down and why VRM pushes social exchanges to the fringe.
> >
> >           We don't need a currency to complete this picture. We
> > need to forget it.
> >
> >           Data flows from place to place, but must be recallable by
> > the owner as the volume of bank notes in circulation may be
> > expanded or contracted by a central bank. That leaves the bank
> > dependent on the central bank, just as an intermediary should be
> > dependent on rather than in control of its customers, the owners of
> > data.
> >
> >           Transactions in social environments are not solely about
> > the exchange of monetary or commercial value, as it may also be
> > gifted value, prospective sharing of data to discover potential
> > value (which may be the basis of a future negotiation that, if it
> > fails, results in revocation of access to data), or may have no
> > value ("sharing" or "altruism"). Trust cannot stand in for a
> > currency, because it serves a different function and is variable
> > from moment to moment and relationship to relationship across
> > various topics.
> >
> >           I spent several years working with the Chaordic Commons,
> > which was attempting to extend the shared ownership-distributed
> > governance system that produced VISA. The type of "bank of the
> > future" mentioned below is tremendously complex and not amenable to
> > comparisons to cooperative banks, because there are many informal
> > settings for the exchange of information prior to, during and
> > after, even in lieu of, a commercial transaction that was simply
> > ignored by banks. Indeed, many of the functions of those banks
> > formalized processes that are trivial today. Being an objective
> > third-party recorder of transactions  and notary services were the
> > primary value-add provided by these cooperative banks, and at a far
> > higher cost to users than data networks require today.
> >
> >           So to draw out the metaphor based on this taxonomy, if
> > the money is like data, the basis of exchange can be negotiated
> > anywhere, but the access to the actual specie needs to reside on
> > each of our "central banks" on or controlled by our PC, phone, etc.
> > so that the owner of that data/specie can regulate the value of
> > that asset, and in both strictly monetary and social senses.
> >
> >           The problem that I've finally identified in my reading of
> > this discussion over the past months is that all the scenarios
> > proposed describe commercial transactions of one sort or another as
> > the default design challenge, to the detriment of the much wider
> > range of social interactions in which we use and share information.
> >
> >           We don't change currencies from dollars/euros/yen/RMB to
> > split a bill and pay for drinks among friends while using some
> > other currency to pay for business services or capital goods,
> > unless geopolitical borders are crossed. Money is money, give or
> > take the current exchange rate between currencies.
> >
> >           We don't call the minister to talk about giving alms in
> > the form of livestock while insisting he pay us for what we sell
> > him in cash.
> >
> >           Even in medical records we see the need for different
> > forms of access to, and management of, personal medical information
> > that do not relate to commercial transactions or value exchange. We
> > don't create medical information, we are medical information, most
> > of it necessarily recorded by experts who interpret many factors to
> > provide a diagnosis, treatment or as a part of wider study. We pay
> > a doctor to see and diagnose our condition; she writes that
> > information down not only because of the fee we paid for the visit,
> > but for her own future use, because of regulatory requirements, the
> > requirements of insurers and transaction processors, legal
> > liability management and, if they participate in clinical research,
> > for use in research. We may want to share that some or all of our
> > medical information to find others with similar conditions or to
> > contribute to research for a cure without ever contemplating an
> > exchange of value.
> >
> >           The problem, then, is how to interact with the different
> > intermediaries who might interact with our information in response
> > to economic, social or survival needs. I'd wager that the majority
> > of those interactions during your typical day, while they may be a
> > source of value to someone, are not primarily commercial from your
> > perspective. So, before we get to the bank, we have to start with
> > the social interactions that precede or moot the need for fixed
> > exchanges of value. Before we are a customer we are someone or many
> > persona who isn't a customer, yet in discussing this question we
> > begin with the role of customer. That isn't user-centric.
> >
> > Mitch Ratcliffe
> > Tetriad LLC
> >
> >
> > On Oct 11, 2007, at 5:48 PM, Mark Lizar wrote:
> >
> >
> > The idea of a community driven and trusted intermediary is a very
> > attractive model for a  bank of the future.   Theories that trust
> > can be used as a currency replacing money provide a good concept of
> > how an identity bank may prove valuable.  Although I think for VRM
> > and the user centric perspective as a whole, there is the core
> > concept that the individual should be the identity bank.  What is
> > underlying such an effort is 'clarity' over control of identity.
> >
> >
> > On 10 Oct 2007, at 14:13, Bart Stevens wrote:
> >
> >
> > All,
> >
> > Why don't you start with setting up some sort of bank? (The Swiss
> > are good at this in the old world with the numbered accounts).
> > And you structure it into some sort of corporative framework. (In
> > some European countries farmers started banks in the old days, like
> > Rabobank in Holland and KBC in Belgium)
> >
> > This way you "give" the ownership/shareholder-ship to the community
> > members, and by doing so you can create some sort of trust. Instead
> > of leaving this to the Microsoft's or Google's of this world.
> >
> > Hope it's clear, if not let me know.
> >
> > Bart
> >
> >
> >
> >
> > On Oct 10, 2007, at 2:47 PM, Michael Becker wrote:
> >
> >
> > From a marketers prospective, one of the leading Relationship
> > Marketing theorists, Gummensson (see ref. below), tells us that
> > there are 30 different relationships that the marketer must contend
> > with, including government.  So, you're absolutely right.  There
> > are a tremendous number of governmental rules and regulations,
> > industry best practices and self-governance code of conduct and
> > similar guidelines, specific corporate compliance rules (e.g. rule
> > one must follow to deliver traffic on a mobile carrier network) not
> > to mention common sense that the marketer/brand/company must adhere
> > to in order to compete and thrive in our ever increasingly complex
> > world.
> > One thing that comes to mind while reading these threads is that
> > there may be a situation where the VRM system actually knows more
> > about the consumer than the consumer themselves.  In fact, the
> > consumer may not like what they see, in which case we're going to
> > be grappling with consumer psychological avoidance and acceptance
> > models when considering the diffusion and adoption of VRM business
> > models.  For instance, using the health care example, some people
> > may simply not want to to know that they have Cancer.  Also, for
> > some other diseases that carry with them a social stigma the
> > consumer may know the results of the test but simple does not want
> > this data memorialized in their PKB.  Moreover, with the later
> > situation, who will own the liability if this data "accidentally"
> > gets out to the real world? The PKB developer, the hosting agent,
> > the bank, hospital, brand, the consumer (what if the breach was no
> > fault of the consumer)?  Who will be responsible when the consumer
> > has their health insurance raised, or loses coverage, has their
> > reputation within their social circle damaged when the data some
> > how goes public and hits the press, etc.  These are some very real
> > and quite challenging situations to grapple with.
> >
> > Michael
> >
> > Ref: Gummesson, E. (2002). /Total Relationship Marketing/ (Second).
> > London: Butterworth Heinemann.
> >
> > Rick Schaefer wrote:
> > First, I must confess that the intellect of this group never ceases
> > to amaze
> > me.   I often feel like a kindergartener eavesdropping on the "big
> > kids"
> > during recess.  Whew!
> > I hate to ask this question because the subject grates on me, but
> > isn't
> > there another stakeholder that needs to be considered when
> > discussing health
> > records and VRM?  What about the role of government?   Uncle Sam
> > has issued
> > some pretty strong regulations about privacy and personal records
> > under
> > HIPAA.  **I am not trying to drag us into the public health vs.
> > medical
> > privacy debate.**  However, I am pointing out that businesses have
> > to be
> > very careful not to cross regulatory lines as they design and
> > implement VRM
> > systems in certain industries.  I know that HIPAA paranoia is
> > rampant in the
> > medical and related fields.
> >
> > BTW. some of Matt's questions can be found in the consumer overview
> > of HIPAA
> > at http://www.hhs.gov/ocr/hipaa/consumer_rights.pdf. In a nutshell,
> > you have
> > the right to have your medical records information corrected if you
> > and the
> > provider mutually conclude the information is wrong. If there is a
> > dispute
> > between the patient and provider as to the information, the
> > disagreement
> > must be noted.
> > But Matt's questions do raise another issue for me. If VRM is going to
> > decentralize data that could have an impact on others, won't VRM
> > also have
> > to deal with reliability and verifiability of the data? VRM is
> > going to have
> > to come up with processes to 1) certify and/or 2) lock down data
> > from third
> > parties to prevent modification and misrepresentation..   As a person
> > controls her/his personal data  that is supplied by others as well
> > as the
> > level of disclosure, it is important for us to recognize that this
> > power can
> > and will be used for nefarious purposes. I certainly would not be
> > in favor
> > of a patient with a contagious disease altering their records in a
> > manner
> > that would certify perfect health either thru failure to disclose
> > relevant
> > information or falsifying a record.
> >
> > On a final note, there have been a few references to corporate ROI,
> > and not
> > all of those have been positive.  I guess I've been one of the "bad
> > guys"
> > all my life :-)  My opinion...  unless the Getty, Gates, or Buffet
> > foundations are going to build out VRM for philanthropic reasons,
> > VRM will
> > need to demonstrate greater corporate ROI to be adopted by existing
> > corporations.  Just demonstrating the same ROI provides no motive for
> > switching costs. This means that the likely candidates to disrupt the
> > current system are not existing companies willing to cannibalize
> > existing
> > strategies.  Rather, new companies without ties to the old ways
> > will need to
> > emerge.   Therefore, it is not necessarily greedy business managers
> > that are
> > going to need convincing, it's creating compelling ROI arguments
> > for the
> > sources of investment capital.
> >  I'm immersed in the VC funding process out here (which is about as
> > much fun
> > as biting on a canker sore.)  The VRM community may argue against
> > silos, but
> > the investment community wants to see defensible market and technology
> > strategies before they invest. The first rule is not to expose their
> > investor's capital to undue risk. VC's also want to get excited
> > about how an
> > investment in a company is going to earn them 10-15X on their money
> > in 5
> > years or they won't play  . This VC message is loud and clear about
> > ROI.  If
> > we want VRM to be built out, it's up to the VRM proponents to
> > demonstrate
> > how the investment community will make MORE money.   A look at all
> > the new
> > investments in clean and green tech show that investment dollars
> > will flow
> > if we make a good business case.
> > I hear the bell signaling the end of recess, so it's back to finger
> > painting
> > .. :-)
> >
> > Rick Schaefer
> > (408) 445-8130
> >
> >
> > One thought that comes to my mind is, even though this is your
> > data,  should some of it be locked away from you? For instance, if
> > you  interact with your doctor through a similar application, and
> > he  uploads some recent tests or whatever. Should you be able to
> > modify  that? Will your health records lose some of the authority
> > that might  come with information directly from a doctor?
> >
> > Would it be a better situation to let such "authority" figures
> > input  data that's non-modifiable to preserve their authority such
> > as with  doctor's prescriptions? Would that change the concept of
> > VRM if you  could own your data, but not modify all of it because
> > it came from  another source?
> >
> > Matt
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Bart Stevens
> >
> > TenForce
> > Pragmatic Project Management
> >
> > T +32 16 31 48 60
> > F +32 16 65 90 85
> > M + 32 473 985 450
> > http://www.tenforce.com/blog
> > 
 
> > Skype: berendbotje2
> >
> >
> >
> >
> >
>
>