Privacy and Data Ownership Do Not Apply

Given the recent block of Google Friend Connect by Facebook, TechCrunch and Robert Scoble decided to start an argument. This is perfect fodder for this week’s bitchmeme as there are a few issues that people tend to ignore. First, if you put any data on the internet, privacy is an afterthought. Basically, if you put data into MySpace, Facebook or LinkedIn, it is getting crawled and recrawled every day. When you start making friends on social networks, you are willingly foregoing your right to privacy. You are granting permission for these people to view whatever data you have placed on the social network. By default, you are also giving access to your data to their friends as well, because most networks allow some visibility to second degree relationships. But privacy is not really the issue.

Data Ownership

Data ownership is the concept that most people are getting wrong. If you enter data into a service on the internet, that service owns the data that you entered. They typically will state this in the terms of service. They also have a privacy policy that states they will not share the data without your consent and will not do anything bad with it. TechCrunch has argued that the user owns the data, and they are only partially right. As an example, here is an excerpt from the Facebook Terms of Use:

All content on the Site and available through the Service, including designs, text, graphics, pictures, video, information, applications, software, music, sound and other files, and their selection and arrangement (the “Site Content”), are the proprietary property of the Company…

If you compare this with any other site that allows the same type of interaction, you will find the same type of language. This basically means that if you enter data into their site, they control it. This is very standard. You probably agreed to something like this when you signed up for GMail or Yahoo Mail. The main point is that the service owns the “implementation” of this data, essentially the physical data storage and internal representation. Obviously, they need to control that as tightly as possible. They have absolutely no obligation to allow exports of this data (though that is a good idea) or to provide an API to access the data. These activities could possibly go against the stated terms of service or the privacy policy. That is why Scoble has a point in saying that Facebook was (somewhat) correct in blocking Friend Connect.

In the background you hear people screaming, “But it is my data, my personal information and network.” No, it is not your data, it is stored on the Facebook servers and they have allowed you to create a “social network”. You own the real, physical relationships. You are the one who met the person that gave you that email address. An email address is important to us, and hopefully we have stored it in a safe place. Storing all of you personal and contact’s information in a service like Facebook and making that the “main” store of the information is a terrible idea. Cell phones and day planners are perfectly fine for this. Does more synchronization and backup capabilities need to exist with the social networks? In today’s internet, sites are being criticized for not providing these capabilities. Data portability needs to gain acceptance, but people have to understand that we do not just “flick a switch”. This will take a long time. Lawyers will get involved to determine whether the APIs required to support data portability do not violate the terms of use or the privacy policy. Given that Google, Facebook and MySpace all want to be the one to control all of your data, this could take a very long time.

10 thoughts on “Privacy and Data Ownership Do Not Apply

  1. We have become spoilt in a way with the APIs and openness of some services that it has become ‘expected’ that this will exist everywhere (hence the whole data portability movement) but as you rightly say, this just isn’t the case.

    There is an element of jump on board or get left behind, however, and it is up to each service to decide how they want to go about these things but the crux is if they don’t open up – at least to a degree – then the user will migrate to someone who has.


  2. @Colin
    That is the reason we keep seeing data portability announcements. Everyone knows they need to support it in order to stay competitive. The problem is that data portability still needs some work, specifically synchronization and privacy.

    We will get there, it will just take time.


  3. […] admin wrote an interesting post today on Privacy and Data Ownership Do Not ApplyHere’s a quick excerptGiven the recent block of Google Friend Connect by Facebook, TechCrunch and Robert Scoble decided to start an argument. This is perfect fodder for this week’s bitchmeme as there are a few issues that people tend to ignore. … […]


  4. Great post… I have a take on this as well:

    “An alternate solution would be to allow people to own their personal information store, and choose to allow social network sites access to this store. Sites that behaved badly could be banned. This is much like OpenID and Oauth in concept, where one’s identity is tied to a DNS-like way of creating a single namespace for unique user identifiers. It could take the form of a fancier version of an “Attention Profile Markup Language” file; a “Social Profile Markup Language” file, say. It would be stored on my own web server and under my direct control. If I wanted to share with Friendfeed or mybloglog (for example) what sites I’ve been posting to, saving, liking, or reading, I could allow them to access my SPML file under the condition that it be removed if I decided not to use the application any longer. (This is a geeky solution, but that’s usually where these things start.) There should be a better solution to the new portability of social data than exists today, or my own understanding of my personal information will mean less and less.”


  5. The only point that I would add… is that if you pay to store your data on a site, i.e. using Yahoo to host your work email domain, etc. Than shouldn’t we be able to expect that by paying Yahoo (or Google) we are trusting them not do anything with our data but to make sure it is safe and backed up??


  6. @Ben
    I commented on your blog regarding openid and oauth. Definitely the right way to go.

    By paying someone, you are hopefully getting the ability to enforce the terms of service and privacy policy. The commercial service allows you to expect certain things, but it is also the nature of supply and demand that allow companies to charge for certain services. Granted there should be some level of data backup, but that may not be guaranteed.


  7. @Kevin
    Interesting analogy with IMs. There is only limited interoperability by publishing APIs. XMPP is meant to provide true interop, but there does not seem to be a ton of support. However, I do not follow IM technology at that detail anymore.


Comments are closed.