Data portability, privacy and personal data stores

Marshall Kirkpatrick wrote an interesting post yesterday on ReadWriteWeb entitled Towards a Value-Added User Data Economy. He applies network theory to data portability to show that all companies will be better off if they all allow data to be ported in and out. Essentially each social application will add value to the data making the overall experience richer on every site. To adopt this strategy a site needs confidence in the quality of its offering and its ability to keep innovating, but the alternative is to try and lock the user in, and we all know where that ends up – eventually.

The eventually is important here – it took a long time for AOL’s walled garden to fail and their investors and management made a lot of money in the meantime.

Marshall also discusses the privacy issues created by data-portability. Until I read his post my thoughts on this topic had been limited to the simple point that porting data from one application to another creates more copies in more places, thereby increasing privacy risks. Marshall makes the additional point that because these applications are social our personal data is inextricably bound up with that of our friends – thereby increasing the complexity of the problem.

All of which makes me think of personal data stores – the idea that we store our core personal data in a single place and allow services to access it on a permissioned basis. The sites that access that data and add value to it might store the derivative data they create, but the core data would be in one place. Replacing the many to many relationships of multiple social apps talking to each other with a hub and spoke architecture like this would give the user better control over their private data whilst maintaining the network benefits that data portability offers.

I feel an example might aid understanding.

Let’s say I’m a music fan – the core data would be the music I listen to – maybe scrobbled by LastFM, or scanned from my harddrive. That should live in my personal data store and be accessed by derivative services that might generate recommendations. The recommendations wouldn’t constitute core data and could live in the application that generated them.

The personal data store might be an existing service like Facebook (or even LastFM) or a new service created specifically to form this function. And different people might choose to use different applications as their hub.

This model of a personal data store where the user allows different service to access the data on a fine grained persmissioned basis has a lot in common with the VRM vision of how advertising might evolve.

I’m attracted to the conceptual elegance of this view of the future, as well as the efficiencies and benefits I describe above. I think we will get there eventually, but it may be we don’t take the straightest path.