StJohn,
Yes,, this is not only a huge problem, but well discussed here, (a.k.a major) VRM issue that has been discussed here since the beginning of this list.
As you know we (the open notice initiative and the VRM based Kantara Workgroup CISWG) have been working on addressing this for sometime. Although, the issues is a bit more complex than just the TOU's as Privacy Policies are subject to TOS, and all of this is subject to data protection (or privacy) laws that vary depending on what jurisdiction a “Data Subject” is in.
It is very well pointed out here that vendors change terms unilaterally and that in many jurisdiction this means that the vendor is no longer legally compliant and is breaking laws. Laws which continued to go un enforce. (A topic i completed and published an MSc thesis on)
So to get to the point we have been developing a scale of compliance that is usable across jurisdictions to accompany a consent receipt. Which we hacked with the Respect Network that we hacked at the Berlin based convergathon July 13. (It ranges from non-compliant to above compliant and then Trusted)
With this we hope to provide (with the minimum viable consent receipt specification) a standard way to see just how VRMy a company is. Hopefully, by the end of next week we will have the draft and example up in the Consent & Information Sharing Work Group at the Kantara Initiative. This will be based on the consent legal map which we have been working on for quite some time and the UK Privacy regulators (Traffic light) compliance scale.
This is also in a traffic light view. So it seems there is lots of convergence here and the point being we need something that we all can get behind, share support as a community as the issues are big and the call to action needs to be scalable and effective.
Kind Regards,
Mark
On 24 Jul 2014, at 12:03, StJohn Deakins <
">
> wrote: You’re absolutely right that ToS are overlooked and a huge problem across the industry. They form the contract through which we interact commercially both online and offline (e.g. take a look at the small print on your credit card terms). As they’re written by lawyers representing the Vendor they are inevitably skewed – often heavily. To start raising awareness, we just announced the citizenme app which provides a traffic light view of the T’s & C’s that digital citizens have signed up to via their device https://itunes.apple.com/gb/app/citizenme-lite/id863070348?mt=8 (android coming soon). The intention is for it to act like an antivirus for ToS – providing actionable alerts as and when a Vendor changes terms unilaterally. As for the ethics of providing every day digital citizens with the means to take control of their own data (including if/how they trade it), this isn’t only ethical, but is essential, if we’re going to evolve the web in a way that benefits all. It’s great to see other services like DataCoup creating choice for consumers in how they’ll do it (and I’d be surprised if they didn’t update their T’s & C’s before they launch and start trading). StJ <image001.png>
citizenme
StJohn Deakins
skype: stjohndeakins twitter: @stjohndeakins / @ctznme From: Graham Reginald Hill [
">mailto:
]
Sent: 24 July 2014 07:54
To: Matt Hogan; Doc Searls
Cc: ProjectVRM list
Subject: Aw: Re: Re: Re: [projectvrm] Tim Friedman's column I am sorry but I do not buy your excuse for creating such ethically problematic and patently unfair T&Cs. It simply doesn't wash. Either you treat customers fairly, or you don't. There is no half-way house. Being a lean start-up is most certainly not an adequate excuse. I have the ProjectVRM Forum to thank for making me so aware of the importance of reading T&Cs. They say so much more about a vendor's underlying approach to business than any amount of flash web pages or glossy marketing. I wonder how many of the other VRM vendors' T&Cs are full of similar one-sided clauses, weasel words and scant regard for customer ethics, as Datacoup's is. More generally, I find it interesting how, on the few occasions that someone has pointed out a serious shortcoming in a VRM solution or its ethics, practically nobody has anything to say about it on the ProjectVRM Forum. Even Doc, who normally has a well-thought through opinion on most things VRM, passed on Datacoup's ethically problematic T&Cs. Yet if a marketer, data seller or politician says or does anything contentious about consumer data, the same ProjectVRM Forum is instantly up in arms. Somethink is not right. Has the ProjectVRM Forum lost its moral compass? I hope not.
Best regards from Cologne, Graham
Graham, If your point, as you stated in the follow-up email, was: "The point isn't so much that it is technically difficult for an average Joe to take charge of his own data, but that no average Joe can be bothered to do so." then I don't think I missed it. I addressed it in the first two sentences of my email, which I'll paraphrase here: People won't take control until it's worth their while, which likely happens at a choke-point for a big ticket item. Regarding TOS, we don't have the legal budget (at the moment) to spend on our ideal TOS. In absence of that, we need to start with something broad-sweeping that mitigates our liability as a company, so we an stay alive until we can improve the next version of TOS, product and marketplace. We abhor contracts of adhesion, and are working toward a goal of transforming our TOS into something much more in line with what Doc espouses in The Intention Economy. Building a co. is all about incrementalism. Utopia is not for this world. If you think you are going to open a box and find a panacea, you'll be opening boxes 'til you are blue in the face. As far as datacoup goes, I didn't offer it, to this email chain, as a solution to the ills of all consumer experiences. In fact I didn't make any mention of it at all... you did. If you'd like to chat about my platform, we can set up a call or side email to discuss at further length (current abilities, goals, future path, etc)... I'd be happy to do so. I think you rather missed the main point. The point isn't so much that it is technically difficult for an average Joe to take charge of his own data, but that no average Joe can be bothered to do so. It is primarily about the lack of interest, not just the lack of ability. As the research on the behavioural economics of privacy suggest, personal data managemnt is a very incomplete, messy and technical solution for a privacy job-to-be-done that practically no Joe is really all that bothered about. Today's post-recessionary Joe's are too busy trying to make ends meet and getting on with their busy lives to be bothered with something as irrelevant as data management. As Hume's Guillotine illustrates; 'ought' is not the same as 'is'. You list a short range of data that can be dowloaded through, e.g. APIs. Yet your own company, Datcoup only allows users to download two of them, a range of ephemeral social data from the usual suspects and credit card data. Your service doesn't allow you to download data from 95% of the categories that make up the typical household expenditure, nor does it allow users to control how what little data that can be downloaded is used once it has been downloaded. And it doesn't stop any of the social media or credit card companies from using the data they already collected about you in any which way they want, nor from using the data against you, e.g. by offering you only higher-priced products (as this article on Sell Your Personal Data for $8 per month http://www.technologyreview.com/news/524621/sell-your-personal-data-for-8-a-month/ points out). Despite the claims to democratize personal data by establishing an open, fair marketplace for individuals to sell their personal data, the insistence in Datacoup's long and convoluted T&Cs on mandatory arbitration is anything but fair and democratic. In fact I would go as far to say that it is morally and ethically unacceptable, as it denies one or both parties their fundamental rights to a fair trial by their peers, a foundation of justice (see Signing Away Your Rights http://prospect.org/article/signing-away-our-rights-0 for more details). Under no circumstances would I sign such an unfair contract in order to use Datacoup's services. Best regards from Cologne, Graham
It's time, capital and technical skill intensive for average Joe until it's not. Meaning, at the right choke point, be it for mortgage or other loan product, insurance product, or other big ticket item where the value gained from the vendor is enough to warrant someone to "take control" (aka aggregate and share), then people will do it in droves. As a technical matter, it's really not that difficult at all: Social data: oauth, api's Quantified self data: oauth, api's Search data: browser extension (as effortless as ad blocker) Device data: native or even just mobile browser app Did I miss any major data sources? This all exists, and connecting these data sets in perpetuity takes less than a minute. I think management of personal data by the individual is a lot closer than you are surmising. And why is it fanatical to want to harness the value of an "asset", ostensibly created by yourself (with help from platforms) that others are making billions from? Seems pretty reasonable to me. If you hate to make an ad hominem argument then don't make one. I agree with you that there are many examples where privacy has been trampled upon. And of course, they are a source of much existential angst for the chattering classes. But there are very few examples where your average Joe had decided that enough is enough and that he needs to take charge of his data in future. Installing an ad blocker is almost effortless. And it makes web pages load so much faster. Taking charge of your data is far from it. It requires, time, money and technical skills that the vast majority of Joes do not have. Even if they did, the market for data management tools is at the rapid development stage of market evolution, placing a huge additional integration burden on any Joe bold, or stupid enough to want to manage his own data. To be blunt, personal data management is currently something for fanatics. Moore and Schumpeter may change that, but probably not in the next few years. The market for intermediaries has been well documented. Consumer Focus (http://www.consumerfutures.org.uk/files/2014/01/Next-Generation-Intermediaries.pdf) and Ctrl-Shift (http://www.consumerfutures.org.uk/files/2014/01/The-Rise-of-the-Consumer-Empowering-Intermediary-Ctrl-Shift.pdf) have both produced excellent reports recently describing how they have stepped-up to the plate to provide customers with, e.g. comparison sites and product aggregation for complicated financial services products. AirBnb and Uber whilst superficially similar are not quite the same, as the products they offer are much easier to understand. Both in complicated finanacial services and easier hotel listings, intermediaries provide a multi-sided market (MSM) platform that allows consumers to more easily find, compare and in some cases, buy services from sellers. But in reducing the customer's costs they may increase sellers' costs by a similar or greater amount (see http://www.hbs.edu/faculty/Publication%20Files/14-052_41d72e17-7ca8-4090-99eb-a7d24e8eaa0f.pdf and Section 1 of http://www.econ.cam.ac.uk/research/repec/cam/pdf/cwpe1361.pdf for more details. That is why most MSMs charge sellers to offer their services, at no cost to consumers. And why most brands are keen to get off intermediaries and go direct to consumers. For example, when I worked in the Netherlands insurance market a couple of years ago, one particular motor insurance aggregator had become so powerful that it distorted competition for the industry as a whole. Not only did insurers feel that they would be competitively disadvanteged if they didn't list on the aggregator, but also the aggregator was able to demand lower factory gate pricing than the insurers could offer on their own websites. There was little suggestion that consumers benefited from this centralisation of power in a single aggregator. It was a market failure every bit as large as the previous difficulty in consumers being able to easily compare like-for-like prices on insurer's' websites. Intermediaries are not the competitive panacea that many would like them to be. As the old saying goes, 'be careful what you ask for, you might get it'. Best regards from Cologne, Graham
Responses inline below... AirBnB is interesting. Chesky suggests that Millenials are different to the rest of us... but are they really?
She does cite research, though. I just can't help wondering how tendentious her argument might be. The evidence suggests not. And that bodes poorly for the versions of MeCommerce that requires consumers to raise a finger when it comes to data and privacy.
Ends require means. Lack of means does not argue for absent ends. The appetite for privacy online is real and growing, especially as offenses to it pile up on all generations. Here's the important fact: The Internet is a public space. By design. It's kind of like the physical world that way: "Here ya go, people. You're naked and living outdoors. What are you going to do about it?" (Hmm. Perhaps biting the forbidden fruit in Eden gave us an appetite for privacy, property, and other things to hassle each other about.) Anyway, we've had thousands of years to create privacy technologies such as clothing and shelter. Frank Lloyd Wright said "The meaning of the word 'shelter' includes privacy." He also said architecture was the original art form. We don't have either yet, except through centralized services. We've only been at the Internet we know now for eighteen years. We have a long way to go. Digression... Last night, when our 17-year old son asked me what the big deal was with wanting private (non-intermediated) communications online, I said this: "Imagine if the conversation we are having now in the physical world first required signing in to some company's facility before we could have it." The future looks much brighter for the versions that allow intermediaries to do it all for them.
Airbnb is an intermediary. So is Uber. Both are more lightweight than the traditional forms they supplement or replace. But they still intermediate. They lean toward what Brian the other day called "minimal viable centralization." I think that's a good way of putting it. But do we really want self-serving intermediaries expropriating value by placing themselves between consumers and brands? The evidence from other industries, e.g. airline travel, book selling and general insurance, suggests not.
I'm not sure who you're calling self-serving intermediaries. Travel agents, book stores and insurance agents? I'm guessing, but I don't know. Just looking for clarification. Just a thought.
Best regards from Cologne, Graham
On Sun, 20 Jul 2014, Dan Miller wrote: http://nyti.ms/1yI1ake
If I'm mistaken, many of us have been pretty dismissive of Tom in the past, myself included. But I think this column gets to the heart of how mainstream columnists can and do connect the dots between all of the headline grabbing surrounding the sharing economy and Big Data and the notion that each individual's personal info counts.
The irony of course is that many of us won't use AirBnB thanks to heavy lifting they require in terms of validating our own IDs. Like uploading fotos etc.
Airbnb lost us as customers when they required us — loyal, frequent customers who liked the service a great deal — to "verify" our identities by logging in with Facebook or uploading a personal video. After I posted a critical (but constructive) blog post about it <http://blogs.law.harvard.edu/doc/2013/05/28/lets-help-airbnb-rebuild-the-bridge-it-just-burned/>, they reached out to tell us a bug was involved, and that they were fixing the system. But I don't know if they actually fixed it. From what I gather at <https://www.airbnb.com/trust>, a "Verified ID" still requires exposure through social networks, or ... not sure. And, looking at <https://www.airbnb.com/help/article/450>, I'm not interested in trying. Does anybody know if "verifying" one's ID still requires a video if one is not on Facebook or Twitter? I think someone inclined to rent a room out wouldn't let that stop them, and as much as I care about my privacy I certainly understand the value/purpose to a validated identity in situations like this. What worries me a bit more is:
Chesky answered. “I think now, for the younger generation, ownership is
viewed as a burden. Young people will only want to own what they want
responsibility for. And a lot of people my age don’t want responsibility
for a car and a house and to have a lot of stuff everywhere. What I want
to own is my reputation, because in this hyperconnected world,
reputation will give you access to all kinds of things now. ... Your
reputation now is like having a giant key that will allow you to open
more and more doors. [Young people] today don’t want to own those
doors, but they will want the key that unlocks them” — in order to rent
a spare room, teach a skill, drive people or be driven.
Are we truly at the point in society where no one ever loses their public reputation unfairly, where building a positive reputation is universally accessible and yet hard to game? Are we no longer at risk of confidence games (short or long), where referrals can be minted from thin air, or achievements claimed without any risk of fraud?
These same "young people" also presumably don't want the burden of pensions, insurance, wills... but when cornered will fight for rent control, Medicare, Social Security, and regulations.
I'm reminded of the discussion here about the Uber drivers working 10 hour days at a net wage that only barely covers the gas and wear/tear on the car.
Is that really (or often) the case? I've only used Uber twice, but both times the drivers bragged on the service and told me they were making good money at it. I don't think they were being insincere. And the rides were a helluva log cheaper (in both cases going from airport to home) than taxis. Or this, echoed by a comment on the NYT article by "SJ" of Wash DC:
I find the phenomenon of things like AirBnB to be more of a sign of
economic desperation than any kind of growing interconnectedness. It
also represents a disconnected population willing to give up their
residences to complete strangers for purely financial reasons. In other
words, as the world becomes more and more cutthroat people are becoming
more and more willing to sell every aspect of their lives. What's next.
I do think there is an optimal state where the AirBNB hosts who truly do this for "more than financial reasons", and yet are able to do so profitably, are the vast majority; but as it expands in popularity if the focus is too much on inventory and scale, eventually it will go south, a la Ebay, and have difficulty recovering. Maybe that's the great cycle of these kinds of things, from niche to novelty to winning to scale to decay.
Hope AirBnB doesn't speed through that too quickly, or burn too many people along the way.
Brian
Well, we never used them again. Important fact: there are other choices for some locations, such as VRBO: <http://www.vrbo.com/>.
-- CEO/Co-Founder
DataCoup, Inc.
|