Personal Data Vaults Put You in Control of Your Data Online
Hundreds of Web companies, such as Facebook, give away a free service in exchange for the right to collect data about the consumers who use the service. In their marketing messages and other public declarations, these companies tend to focus on the wonderful service they’re providing, and on how it makes the world a better place, while keeping quiet about the data they’re taking in return. (See “Data Snatchers! The Booming Market for Your Online Identity” for more about this topic.)
The Facebook IPO earlier this year brought this new kind of business model into sharp focus, however. For the first time, many people came to understand that their biographical, demographic, and preference data has real value, and that it should be regarded as personal property.
In the past few years, startup companies have emerged to provide consumers a way to take control of their data. Services such as Personal, Qiy, and Singly offer to store and protect the data, loaning it only to Internet companies and advertisers that the consumer trusts and approves of. Better still, the services allow users to offer their data in exchange for something, such as rebates or discounts.
This arrangement could benefit advertisers, too. Collecting accurate consumer data is difficult for marketing, advertising, and data-brokerage companies. Even after spending millions to collect tracking data on potential customers, marketers often find out later that the data was incomplete, incorrect, or outdated. And they can't know for sure who the data came from: A consumer might order something online through a particular home computer, but the data broker might receive only the PC's IP address, so anybody in that household could have placed the order.
Data-vault companies claim that if the individual consumer is included in the process of data collection, then advertisers and marketers can obtain more-accurate data.
The data-vault companies we know about so far are a young bunch. All of them are startups, and most of them have yet to make it out of beta with their service. In this article, I'll give you rough outlines of the services they intend to offer upon launch.
I’ll start with Personal, because it has the most fully baked service of any data-vault company. The service is already available to the general public, too.
Personal does a few different things: It provides a secure data vault for all your information, offers a private network for sharing your info with family and friends, and gives you a means of granting or revoking marketer and advertiser access to your data.
Shane Green, CEO of Personal, says he has the cure for the anxiety that people have over sharing their personal data online at banking sites, e-commerce sites, and social networks. Personal treats your information--including your personal details, financial information, health data, and shopping habits--as precious commodities to be locked up tight and protected in one place.
The idea is that one day Personal will serve as a marketplace where you can barter, share, or exchange your data with third-party services. That's better than today's environment, says Personal, where Web services simply take your data and treat it as their own commodity.
Right now Personal offers a secure place to bank your personal data, and it throws in a set of tools to manage your online identity. Personal also provides you with easy ways to give other Web companies access to your data on your terms, not theirs. Green says that this setup is a complete reversal from the way things work right now, as we hand over our personal data to large companies like Facebook, and they decide how to use it.
Aside from the convenience and control you get, your agreement with Personal might assign real value to your data, in a legal sense. Joshua Galper, Personal's chief policy officer and general counsel, explained to me that right now there is no basis in the law to say that an individual's personal data has real property value. Courts consider it to be “information,” not property. The devices that carry your data, such as smartphones or computers, are considered property, but not the data itself.
When you sign an “owner data agreement” with Personal, you enter a contract with the company. And if some other business were to misuse or lose the data it “borrows” from your Personal account, that business would be in violation of the agreement, and could be held liable on that basis.
Personal can run on your desktop; the company has cool Android and iPhone apps as well. Through the desktop interface or the apps, you can divide your personal data into all kinds of categories, from health information to financial details to social data.
Next Page: Qiy, Lifedash, Allfiled, and Mydex
Possibly the second-best-known personal data-vault service is the Netherlands-based Qiy (pronounced “key”). Through Qiy's secure Web utility, users can create their own personal Web domain. Users can store all of their information in this secure domain, and can access it and update it at any time.
Users can also set their domain to release certain parts of their personal data to companies and other organizations they trust. In turn, outside organizations such as vendors, marketers, or advertisers can present users with new information (user data, offers, and so on) via the familiar Qiy domain.
The people at Qiy say this approach prevents users’ personal data from wandering around the Web as various data collectors buy, sell, or share the information.
Right now Qiy is working with organizations such as universities and insurance companies to provide students and customers with a platform for exchanging information with the organizations. Once a user is connected to an organization, the user can invite other organizations they deal with to connect to the platform. At all times, the user--not the organization--remains in control of the data flow.
Florida-based Lifedash is still in beta, but upon release it will offer a personal data platform similar to Personal’s, allowing the user to capture, curate, and manage all sorts of personal data in an account, as well as to provide access to the data to trusted companies and institutions (banks, insurers, and the like).
However, Lifedash differs from Personal in its focus on allowing users to create multiple profiles, each representing one of the “various roles they play in day-to-day life.” For instance, a user may be a cancer patient but also a Girl Scout leader. He or she might deal with completely disparate sets of data in each of those roles, and may have good reasons to keep the two data sets separate.
This concept of controlling privacy and anonymity by using multiple online personas is near and dear to the hearts of many privacy proponents.
The small UK-based company Allfiled has been offering its service for five years now, making it one of the first publicly available personal data-vault products. Like other services, Allfiled gives the consumer a data locker that can store personal, demographic, financial, and preference data. The platform lets the user approve, deny, or revoke access to the data.
Like other services, Allfiled also allows users to fill in forms automatically using the carefully organized data stored in the personal account. In addition, the locker stores each user’s passwords for the Web services he or she uses.
Allfiled believes that, in the near future, financial institutions, advertisers, and marketers will develop systems to pull personal data from the locker based on parameters the data owner has established. Using that information, companies may be able to serve more-relevant ads to the user, or they might offer items such as affinity points or special deals in exchange.
After five years of opening accounts, the service is currently undergoing a redesign; it will start to sign up new customers when it’s complete.
Mydex, a new company based in Scotland, has been developing aspects of a “personal data ecosystem” for the past few years. The company intends to provide a “personal data store” (similar to what Personal is offering) that lets users store, manage, and share their personal data.
Users can set the preferences and permissions for their data stores to protect their privacy to various extents. In other words, users can make their data available only to a narrow group of third parties, under strict terms, or they can choose to open most of their data to anyone who wants to advertise to them.
For example, imagine that a charitable medical research foundation wants access to an individual’s health records for research purposes. The individual says, “Yes, you may have access to this information for free, on the condition that you do not pass it along to anybody else and that it remains anonymous, so my name and address do not travel with it.”
Like the other services, the Mydex platform can broadcast users' preferences or intentions (to buy something) to Web marketers and advertisers too. The thinking goes that if marketers can get that intention information directly from the user (as opposed to buying it or trying to infer it from other data sets), they can be sure that the data is correct, and they can advertise their products more easily and cost-effectively. Mydex and similar services also provide third parties a way to verify that the owners of the data lockers are who they say they are.