Archive for the ‘CDP Announcements’ Category

Newer Entries »

Raising privacy expectations by raising privacy standards

Tuesday, August 5th, 2008

It’s great that Google is becoming more transparent about how they use your data to tailor your search results. It’s the kind of thing we’d like to see more of. However, is it enough to merely state the status quo? Or should we really be demanding not only transparency but control and ownership as well? Saul Hansell has it right, the data Google collects from you is *yours*, not theirs. So not only should we all get a better look at what Google is doing with “our” information, we need to be able to set some ground rules about what is used and how its used. And by “setting ground rules,” I don’t mean choosing between opt-in and opt-out radio buttons.

Today, privacy policies are meant more to protect companies from liability than protect individuals’ privacy rights. Even though a lot of people don’t fully understand how their information is being collected, we all know that it’s a one-way street. While businesses buy, sell, and share sensitive, personal information, we can’t even access our own information. More and more people are becoming wary of data collection in general, and as a result, the debate between privacy advocates and businesses has become framed as a conflict, privacy versus information. However, we as a society should seek solutions that promote both privacy and information.We at CDTF want to change the culture of data collection from one where one where businesses and other data collectors have all the control to one where individual users are secure enough in their privacy to become active participants and consumers of data. We’ll need new technologies, policies, and possibly legislation, but perhaps most crucial is our need to come to some consensus about how to balance individual privacy rights with our societal interest in information-sharing.We think an important first step is to develop new industry standards that describe what should be happening, not just what is happening in data collection. If more information-sharing is to happen, individual users have to become more confident about their privacy. So privacy standards have to be raised, not maintained.

For example, the first step in certification by privacy companies today is determining whether a company has a privacy policy. Although a company should certainly have a written policy, providing credit for merely having a written policy doesn’t raise the ante in any way.

Currently, many companies’ privacy policies don’t even cover all traffic to a website, as they disclaim responsibility for the practices of their partners and/or third-party advertisers. A standard that declares as a “best practice” the use of an all-inclusive privacy policy that covers all traffic to a site would certainly raise the bar.

Although few companies now would meet this standard, by declaring it to be a possibility, users would become better aware how most privacy policies are not all-inclusive, while companies willing to meet the standard would be able to signal more clearly how they are different from their competitors.

We think the bar should be raised on the following issues as well:

1. How much notice is required when the terms of a privacy policy change;
2. How changes in privacy policy apply to data collected under the previous policy;
3. How long data is stored;
4. How explicitly companies describe how data is used;
5. How data is secured and anonymized before it is shared with 3rd parties in order to provide an “appropriate” level of protection.

At the same time, user awareness of the potential benefits of multi-directional information-sharing, to both individuals and society as a whole, has to increase. We think new standards for user participation in the management of their data should be created around these issues:

1. User access to collected data;
2. User control over whether data is shared and for what purpose;
3. Use control over the “level of anonymization” applied to data before it is shared;
4. Availability of data for public secondary use.

We’re not here to say, “Ta-da! Here are the perfect standards for reconciling the goals of privacy and information-sharing.” Instead, we want to start a conversation on how such standards could be useful, how they could be developed, and how they could be promoted.

Tags: , ,
Posted in CDP Announcements | No Comments »

Geoffrey Desa joining the board of the Common Datatrust Foundation

Tuesday, April 22nd, 2008

We’re very pleased to announce that Geoffrey Desa has joined the board of the Common Datatrust Foundation. Geoff is currently finishing up his doctoral dissertation on technology social entrepreneurship at the University of Washington, Seattle, and will soon begin teaching and continuing his research at San Francisco State University. His research is on small ventures that develop and deploy technology for a social purpose, recognizing that many forms of technology can be replicated and used by large numbers of people at low cost. Geoff has studied organizations and projects from all over the world, from secure documentation programs for human rights field investigators to improved technology for Kenyan beekeepers. In particular, Geoff is interested in how these innovative organizations are launched, how they access and use resources, and how early decisions impact future work.

We’re thrilled that Geoff will be bringing his expertise on nonprofit organizational structure to the Common Datatrust Foundation as we work on creating a nonprofit that sets new standards for transparency, accountability, and trustworthiness.

Tags:
Posted in CDP Announcements | No Comments »

CDTF’s Presentation at the Workshop on Data Privacy

Friday, February 22nd, 2008

The Common Datatrust Foundation recently attended and made a short presentation at the Workshop on Data Privacy, hosted by Rutgers University’s Center for Discrete Mathematics & Theoretical Computer Science (DIMACS).

There were spirited conversations across disciplines as statisticians, mathematicians, computer scientists, and media experts discussed how to balance the public’s interest in both privacy and information sharing. The presentations ranged from tutorials on new security and privacy technology to the management of existing databases of personal information, such as the U.S. Census, as well as thought-provoking presentations on more abstract but highly relevant questions, such as what we mean when we say we want to protect “privacy.” As Professor Helen Nissenbaum from NYU Law School pointed out, certain kinds of information flow are appropriate for certain situations; there is no uniform way to understand privacy protection.

We were excited to see how our presentation provoked questions and conversations as well. Alex Selkirk introduced the concept of a “datatrust,” a secure, structured data storage system where each record in each dataset has a set of rules defining who may use it, what it may be used for, and with what level of anonymity it may be disclosed. The presentation focused primarily on one example of the current limits of data disclosure: the subprime mortgage crisis. Although there is a great deal of data held by banks and mortgage companies on subprime loans, investigators and researchers are unable to analyze the data because the data holders are bound by confidentiality agreements to individual borrowers. CDTF proposed that a datatrust, as a third party, could use new technology to anonymize and aggregate the data in a way that would allow researchers to query the loan data without forcing the disclosure of identifying details about the borrowers. Such data-sharing would further CDTF’s mission to both protect individual privacy and encourage the sharing of information for the public good.

We hope that the conversation we began at DIMACS will continue to engage conference participants and others in the coming months.

Tags: , , ,
Posted in CDP Announcements | 1 Comment »

Announcing the Incorporation of The Common Datatrust Foundation

Sunday, February 3rd, 2008

We’re proud to announce that this blog, “My Place in the Crowd,” has found a new purpose.The issues and ideas that originally gave rise to this blog have led to the recent incorporation of a 501(c)(3), not-for-profit organization, The Common Datatrust Foundation. Our mission is to:

  1. Raise awareness of privacy challenges we face today
  2. Broker the exchange of data between individuals, institutions, businesses, and government; and
  3. Advance new solutions for securely storing and sharing personal information.

We will soon be providing more information on our website, www.commondatatrust.org, about our ideas for achieving these goals. But as the official blog of CDTF, “My Place in the Crowd” will serve as our main forum for developing ideas, raising questions about how personal data is being used by businesses and government, and pushing to define the distinction between real privacy protection and legal posturing. We ask you to join in as well!

As an organization, we value transparency and openness, both in the way we operate internally and the way we promote our goals. We want your thoughts and your participation, as concerned individuals and as representatives of institutions, agencies and businesses. We look forward to hearing from you.

Tags:
Posted in CDP Announcements | No Comments »

Newer Entries »
Get Adobe Flash player