Last week while covering a tool for analyzing your iPhone location data (or as it turns out, your nearby cell tower and hotspot location data), I mused on my long-time interest in data portability - giving users access to and control over their own data. It's an idea we've been covering here for years.

This week, the customer control over data received more attention, with a write-up in the New York Times, a new Facebook acquisition and the revelation that TomTom sold data on its customers' driving habits to law enforcement. These are three different matters: access, use and control. But they are all connected, and as more of our data is stored in the cloud, I'm glad these matters are starting to get more attention.

Here's what we should be demanding of companies:

Give Us Access Our Data

We covered the The Commercial Privacy Bill Of Rights last week, a bill which if enacted would give the FTC regulatory control over users' data privacy. Some people think these new rules will cause problems for startups. But Richard Thaler, writing for The New York Times, thinks the bill doesn't go far enough in giving consumers control over their data.

Thaler points to the British government initiative called "mydata," on which he was a advisor:

Here is a guiding principle: If a business collects data on consumers electronically, it should provide them with a version of that data that is easy to download and export to another Web site. Think of it this way: you have lent the company your data, and you'd like a copy for your own use.

Phil Wolff of the Data Portability Project plays devil's advocate:

Is it really your data? It's about you but the company spent time and money collecting that data, defining it, refining it, aggregating it, and turning it into something useful. Maybe they use it to serve you better. Or maybe they use it to drive down their costs, keep your prices high, and fight off competitors. Companies think of the data as theirs.

Indeed, in many cases you're paying for the privilege of using a free service like Facebook or Twitter with your data. In this case, I'm not sure regulatory sticks are the best approach in this case. What carrots would entice a company to give users' access to their data?

Here's an example. One of my favorite features of Netflix is the recommendation engine. I've spent a lot of time teaching Netflix what I like and don't like. Amazon.com may be getting into the streaming movie business. So may other companies. Some of them might be better. But Netflix already knows my preferences, and I'm not keen on the idea of repeating the whole process of training another service, especially since I may end up deciding not to stick with it. It's a classic vendor lock-in scenario.

But if one of those services would let me export my preference data? That would be an enticing reason to give it a try. Of course, it wouldn't be very valuable if there wasn't a common format, and other services that use that format. But if multiple companies started adopting it, it could become a common feature. Data portability could be a value-add, instead of a lock-in. Imagine being able to share data between Netflix, GetGlue and Hunch for example. There's no reason I have to use only ONE of these services, so some co-opetition would be healthy in this area.

Enable Us to Use Our Data

As far as I can tell I'm a pattern following animal. There are whole years of my life that I cannot clearly remember. Sometimes in an effort to recover those years, and in the absence of a journal or diary to remind me, I grab a pile of bank statement from that year and study them to see roughly where I was and what I was doing. Usually mind numbing patterns emerge. Same Safeway, same day, every two weeks, roughly the same amount spent. Same ATM every friday night roughly the same amount. Every two weeks a meal at one of a small number of revisited restaurants. Every month rent cheque, haircut, some aberrant item like clothing or travel. If I continue long enough the pattern breaks up temporarily as I move to another city and then quickly settles down again. If I had my grocery receipts I'd find roughly the same food items recurring for months at a time. If I could trace my movements I'd find myself taking similar routes over and over again to get to the same set of destinations.

Show people their patterns in a way that might be directly useful and interesting to them, even suggest changes in behavior and be able to measure and show direct changes in mood resulting.


-Ben Russell, Headmap Redux

This week Facebook acquired a company called Daytum. Daytum is - or was - a Web and mobile app that enabled users to track information about themselves and create visualizations based off it. We covered it here. Reportedly, this was a talent acquisition and the two person team behind Daytum will be joining Facebook's product design team. That's too bad, but hopefully it will help raise awareness of the concept behind Daytum: giving individuals tools visualize their own data.

There's a whole movement known as "the quantified self." People are collecting all sorts of data about themselves and applying it in various ways. Some are relatively easy and automated - Mint.com, for example. Others are using sensors or plain old pen and paper to gather information about themselves.

The thing is, you need good tools for working with data about yourself - just like enterprises do. This is a huge opportunity for companies.

Let Us Control Our Data

This week it was revealed that the in-car GPS company TomTom has been selling data on its customers' driving habits to law enforcement. TomTom is certainly not the first company to sell its customers information, but the press this is receiving highlights the lack of control customers have in how their data is used.

Doc Searls has been talking about this for what seems like decades in Internet years. In the rant we recently covered he wrote:

As calves, we request pages and other files from servers, usually getting cookie ingredients mixed in, so the cow can remember where we were the last time we suckled, and also give us better services. Especially advertising.

We have no choice but to agree with this system, if we want to be part of it. And, since the cows provide all the context for everything we do with them, we have onerous "agreements" in name only, such as what you see on your iPhone every time Apple makes a change to their store.

He points out that these are called "contracts of adhesion," which are defined by Free Dictionary as:

A type of contract, a legally binding agreement between two parties to do a certain thing, in which one side has all the bargaining power and uses it to write the contract primarily to his or her advantage.

An example of an adhesion contract is a standardized contract form that offers goods or services to consumers on essentially a "take it or leave it" basis without giving consumers realistic opportunities to negotiate terms that would benefit their interests. When this occurs, the consumer cannot obtain the desired product or service unless he or she acquiesces to the form contract.

Don't like Dropbox's new terms of service? Tough - you either live with it, or you delete your account. Financial institutions and telecommunications companies are even worse about this sort of thing. Don't like the new fees they just added to your bill? Tough. You have to pay them anyway, because when you signed up you agreed to let them add random charges to your bill.

A Change in the Winds?

Searls has been talking about his proposed solution, vendor relationship management since 2006, and we've been covering the idea all along. Are people finally starting to become receptive to some of these ideas?

Bobbie Johnson at GigaOm writes about the TomTom incident; "I suspect it's time for companies to realize that user concerns about location data aren't simply because people don't get it: it's because they have a fundamental right to know how people are profiting from what they do."

The recognition of these rights is long overdue, and I hope these recent events will drive these issues home.