Re: [projectvrm] UMA and personal clouds

[Drummond Reed < >]

>> What is really missing is a good discussion on how personal information control changes the archaic privacy conceptions based on data protection and privacy law.  Especially this archaic discussion about who owns your data. 

Well said, Mark. IMHO the emergence of personal clouds and personal cloud networks will finally cause this paradigm shift that, until they are actually here, has only been theoretical (like discussion of how computing would change before we actually had personal computers or discussion about how telephony would change before we actually had smartphones).

Let's make 2014 the turning point for this whole tide.

On Wed, Sep 25, 2013 at 6:00 AM, Mark Lizar < " target="_blank"> > wrote:

Focusing on the ownership debate is a mistake as it misses the points that were being discussed. 

Wether or not in law it is termed ownership, data control etc.  One party has the ability to use the data (as if they owned it) the other needs to access that data on the other's terms. 

Underneath this debate is the topic of data control (and access) which is the really important discussion to have.  As the customer now has the infrastructure and smart devices to control their own data (wether I own my own data or not is not the point) it should be companies accessing data I control not the other way around.  

The entire system is built upon Data Protection (main frame style legislation)  Since PRIMS it is abundantly clear that Data Protection does not port to the modern information age.  I would go as far as saying that: Modern Privacy is about Personal Information Control 

If I were the data controller for my own personal data then  UMA would be extremely handy, I wouldn't need to remember permissions and passwords for thousands of companies.  I could put my own terms on access to my data, etc, etc. 

Companies would be stuck with data minimisation and specific purpose for use of attributes and the profiles I expose, rather than this idea of data protection and ownership. 

In reality. If a company has a copy of data about you. For intensive purposes they own it, this might not be the legal case, this may not be a politically correct way to talk about it, but in reality, they control the data.  Control= Own. (semantics aside) 

What is really missing is a good discussion on how personal information control changes the archaic privacy conceptions based on data protection and privacy law.  Especially this archaic discussion about who owns your data. 

Some food for thought, 

Mark Lizar

On 25 Sep 2013, at 08:38, Joerg Resch < " target="_blank"> > wrote:

No. Most of the time you cannot own where the data is stored.

Joerg

 

Von: Kevin Cox [mailto:kevin.cox@edentiti.com] 
Gesendet: Mittwoch, 25. September 2013 09:27
An: Luk Vervenne
Cc: Joerg Resch; ProjectVRM list
Betreff: Re: [projectvrm] UMA and personal clouds

 

You cannot own the data but you can own where the data is stored and you can then restrict access to the data which has the same outcome as owning the data.

 

Kevin

 

On Wed, Sep 25, 2013 at 5:23 PM, Luk Vervenne < " style="color:purple;text-decoration:underline" target="_blank"> > wrote:

Thx Joerg,

that nailed it

for good.

 

On 25 Sep 2013, at 09:26, "Joerg Resch" < " style="color:purple;text-decoration:underline" target="_blank"> > wrote:

Yes, correct. And in fact, the legal system in Germany and in most other countries knows the term “ownership” only for physical goods. This is the reason, why you cannot buy software. You only can buy a usage right. Legally, there is no such thing like “personal data ownership”.

Joerg

 

Von: Luk Vervenne [mailto:luk@synergetics.be] 
Gesendet: Mittwoch, 25. September 2013 09:12
An: Kevin Cox
Cc: Liz Coker; Doc Searls; ProjectVRM list
Betreff: Re: [projectvrm] UMA and personal clouds

 

Ownership is a very bad concept.

It is the oldest legal concept (it's my cave...) and should be avoided at all cost when debating personal data.

Instead I would suggest to use "access & usage rights". 

These are somewhat more flexible and distributable, and can be adapted to existing legel frameworks (for starters)

 

L.

 

 

On 25 Sep 2013, at 01:05, Kevin Cox < " style="color:purple;text-decoration:underline" target="_blank"> > wrote:

 

I have been following UMA for many years and they are on the right track. 

 

There are some practical problems that will be addressed as people start to use the ideas.

 

The first practical problem is that most organisations that hold information on people believe it is not owned by the person but is owned by the organisation.  My understanding is that the organisations are correct.  Who owns the place where data is stored owns the data.  In practice this means that the organisation has to give permission for the data to be taken from their storage area as well as requesting permission from Alice.  This set of agreements and access is unlikely to occur unless there is some value through service associated with the transfer of data.

 

The other problems with the approach are usability and scalability.  The setting of permissions is too hard to understand.  A simpler approach is that by allowing both the individual and the organisation to be paid for the data then the contracts around the supply of data automatically enables permissions.  This means that instead of permissions both the organisation and the individual remember sales.

 

Imagine you have 500 different places where your data is stored.  Controlling the permissions is difficult - imagine the dashboard.  A simpler approach is to  remember what has been sold and to whom.

 

We come back to the idea of Value for Service rather than Value for Exchange.  Underlying UMA is the idea that there is value in the data and in the exchange of data.  If instead we think of Value for service when the data is used then all we have to do is to keep track of when the data is sold and the setting of permissions is no longer needed.  Permissions are part of the sales process and only activated when the service is performed.  The value can be very small but it doesn't have to be large because its main purpose is to automatically record the permissions when and only when required.

 

Kevin

 

 

 

 

 

 

 

On Wed, Sep 25, 2013 at 1:47 AM, Liz Coker < " style="color:purple;text-decoration:underline" target="_blank"> > wrote:

Hi Doc -

Hmmm.  I get it and see the value, but it feels a bit clunky.  As I
watched the video I wanted to have those features integrated into one of
my main productivity tools (contacts/email/browser).

It just felt like too many steps.  Could be the demo, as I'm guessing a
user would set up most things once and leave it alone until things change
or need to be added.  A good start, but could use some streamlining.



Liz
-----------------------------------------------
Elizabeth Coker
Vice President, Marketing
3PMobile
Boulder, CO  USA


Improving the Mobile Web Experience

Office:  303.938.1769
Email:   " style="color:purple;text-decoration:underline" target="_blank">
Web site:  www.3pmobile.com

CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files
or previous e-mail messages attached to it may contain information that is
confidential or legally privileged. Any unauthorized review, use,
disclosure or distribution of such information is prohibited. If you are
not the intended recipient, please notify the sender by telephone or
return e-mail and delete the original transmission and its attachments and
destroy any copies thereof. Thank you.







On 9/24/13 8:47 AM, "Doc Searls" < " style="color:purple;text-decoration:underline" target="_blank"> > wrote:

><http://www.youtube.com/watch?v=7J6MurcBX9s>
>
>Thoughts?
>
>Doc