Time to define open privacy standards?

Today, I came across this post “Are shoeboxes better than Flickr?” and it got me wondering (again) whether it is time to define open privacy standards much like OpenID did for identity and OAuth did for authentication / authorization.

I come across such privacy discussions frequently but nowhere have I seen any consensus on privacy standards other than broad sweeping statements or wishes such as (quoting from the above article)

I have a policy which I assert over my stuff that I control, which is this protected zone in the cloud. And I have some real control over how I define policies over that thing and who gets access to it and on what terms. And I get to audit that access in a coherent way.

As I said in a comment on the above post, this is a loaded statement or perhaps the devil is in the details. It’s not like people haven’t tried, I know for a fact that there were several such discussions at dataportability.org that never reached any consensus (check out the policy group threads), plus numerous posts by Michael Arrington, Robert Scoble, Marc Canter, Steve Gillmor, etc. My personal take on it “user privacy is a personal and individual thing and is also dependent on the context of usage“. I attempted to define some levels of privacy controls that make sense but it is far from complete. Marc Canter has a similar idea and calls it dynamic privacy.

I understand that this is a difficult area to tackle but I think it is time to define open privacy standards much like the approach taken by OpenID and OAuth. Let’s start with something small and tangible for 1.0 version and build on it based on real-world usage on what works and what doesn’t work, essentially going it the agile way.

3 Responses to “Time to define open privacy standards?”

  1. 1 jpatterson1275 June 25, 2008 at 4:42 am

    I’d probably have to say since the “cloud” has really yet to, uh, “condense” from its current whisps of vapour, we’re just going to have to continue to work on very small building blocks and release them into the wild.

    A lot of people talk. and talk. and have podcasts.

    But in the end its Joe-Lunchbox-Coder that writes that little snippet of something or other, shares it with a pal, and starts a small fire that becomes a wildfire. This happens way way down on the tip of the long tail, you know, that area no one pays attention to.

    Pick a kernel of identity that is neglected, and then hack on it from a number of perspectives. Blog about your reasoning some, and then code some more. Once you get some really pissed off sounding criticism from someone who can’t pinpoint a concrete reason why your idea is bad, but They Don’t Like It — well, then, I’d say you’ve probably done something right.

    I’d say in the short term you might want to make it some cool little service that does a little something-something, and you can move some ads — and I say this because, it seems like we as a collective discover new ideas on the web as proprietary services, and then we make them into distributed protocols. If you try and make the Next Big Protocol right out of the gate, then, well, you are probably screwed since everyone else will be wanting everyone else to use their Next Big Protocol. And then everyone sits around in their own sandbox and nothing happens. However, if you have at least a cool little service that builds some brand recognition, then, well, you’ve got some leverage to trade on, and you can build a coalition to move data around with.

    Just like with research, the proof is in the results, not the podcast.

  2. 2 Daniel Parker June 30, 2008 at 5:06 pm

    I’ve also suggested this to the DataPortability group in a parenthesis in this message: http://groups.google.com/group/dataportability-public/msg/e2a88d8b6fb19ce3?hl=en

    I like the term you use — “Open Privacy Standards”

    How are you thinking this might operate?
    – Like W3C recommendations, just recommendations?
    – Like a reusable privacy policy that has a name, similar to how we repeatedly reuse the Apache license?
    – Like manufacturing standards, where they get a “stamp of approval” that proves they’ve been inspected and have proved to match up to the standards?

  3. 3 Bob Ngu June 30, 2008 at 9:47 pm

    @Daniel, I am thinking more like W3C recommendations WRT the protocol / specs and recommendations though the governance model is up for debate. That said, nothing is set in stone at this time, I am putting this out there to see if such an effort even make sense.

Leave a Reply to Bob Ngu Cancel reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: