Data Property Rights, Not Portability

The recent flood of activity around data portability has stirred in me two reactions: keen interest and a distinct feeling of being underwhelmed. Having been in the data business since the early 90s, it’s clear to me that data portability is a non-solution to a non-problem, a storm in a teacup, an emperor with no clothes.

The real problem — and the elephant in the room – is not whether web app vendors “allow” me to take my data and go play elsewhere, but whether they “play fair” with my data when it’s in the web app. There are basically two choices for a web app user here — one involves having a “voice,” the other, making an “exit.” Data portability focuses only on the “exit” part, which is not only incomplete but for users of the web app, massively disempowering.

Consider a scenario in which a single web app dominates a market segment, such as YouTube in video sharing, or Flickr in photo sharing. In those cases, data portability enables me to take my data and go to another non-dominant web app with a much smaller playground, far away, where my friends don’t play. I most emphatically do not want to do that and I certainly don’t want that to be my only recourse if I find the web app vendors’ policies to be coercive. Data portability actively enables the dominant player to say “If you don’t like our policies, then leave.” But I want web app vendors to behave, and to guarantee certain data property rights as terms-of-service guarantees. Because if data portability is about “exit,” data property rights are about “voice.”

Call me a loudmouth, but I’d rather have a “voice” than an “exit.”

Current discussions about data portability tend to be rather narrowly focused on a small subset of the problem — namely, the ability to transport a social graph from one social networking site to another. But a large amount of personal data on the Net is not social graph data and a large number of people on the Net may be concerned about data issues not directly connected to social graphs. Additionally, taking a social graph from one social networking site to another may be neither practical nor desirable.

I’d like to suggest an alternate approach, one that supports strong TOS guarantees from web app vendors and includes terms that guarantee four atomic data property rights. (I call these rights “dimensions” due to their orthogonality and fundamental-ness.) And I posit that with these four as TOS guarantees, data portability pretty much becomes a non-issue:

1. Data Accessability: The ability to address each element of my data with a URI when it is in the web app. Zero black-box behavior, data addressable in place. This allows me to upload or create data in a web app and have full, in-place programmatic access to each element of it; it also allows me to mashup at the data level and not have to hack the UI via Javascript shenanigans such as Greasemonkey. Property analog: If I own property I may not be denied access to it.

2. Data Visibility: The ability of the user to control the visibility of the data in their account, so that the web app vendor does not set the default visibility policy, the user does. The default, if at all set by the vendor, must be “private” –- only the user can change it, and user settings always dominate. This prevents web app vendors from exercising intrusive and coercive control over user-generated data. Property analog: If I own property I and only I control who has access to it (i.e. modulo lawful search).

3. Data Removal: On account termination by the user, or by the vendor, all data in the user account must be deleted (possibly after a waiting period). If data is ever restored from backups, accounts terminated must not be reactivated and their data must remain unavailable to business processes, such as targeted advertising, etc. This provides a degree of data privacy and non-intrusiveness. Property analog: If I lease property and the lease terminates then the lessee has no residual rights on my property.

4. Data Ownership: Data created/uploaded by the user belongs to the user, and only to the user; it is not automatically “co- owned by the web app vendor with all rights given in perpetuity,” as is so prevalent today. Property analog: If I own property then no one else, as a side effect of some other contract, can gain automatic co-ownership of my property without my explicit consent.

I’d rather have strong TOS guarantees of the above four dimensions than data portability.

It may be argued that with these four dimensions supported in a web app, a vendor will find it impossible to monetize the available user data via intrusive advertising, reporting and other mechanisms. This is a reasonable argument. However, a web app with the above service guarantees the vendor is providing a valuable service and it is perfectly reasonable to expect the vendor to charge for such a service, so that major revenue comes from a user-in-charge, non-intrusive, for-fee model rather than the usual “intrusive data policies + advertising” model.

Incorporating data property rights into the current conversation completes the picture by adding the web app user’s “voice.” This empowers web apps users and it also seeds new, viable business models. For-fee services providing strong user rights without a coercive advertising model will emerge and form a new “data infrastructure” layer of the Internet operating system. If the dominant players do not want to satisfy this need, market forces amplified by user emotion will disrupt them and we will see once again how the Net routes around damage –- in this case badly damaged data property rights.

Nitin Borwankar blogs on tagschema.