This morning, we are officially publishing the User Data Manifesto 2.0.
Today, most of users’ data are not stored on their computer’s hard drive any more, but rather online on a service provider’s server somewhere in a data center.
While most computing happened on local machines, in the late years a new kind of “computing“ has emerged in daily use. Marketers have called this “Cloud computing”—but do not mistake, as there is no cloud, it’s just some one else’s computer.
Most popular online services nowadays are gratis, but that does not mean that they come at any cost. Instead of paying with money, people are paying allegiance to service providers. In the land of “Minitel2.0”, Google and Facebook are like feudal lords of the Internet and we are their mere subjects. The exploitation of user data and of personally identifiable information is leading to numerous privacy invasion, some of which were only revealed thanks to Edward Snowden’s leak from the NSA.
If you’re looking to protect your privacy or if you want to know how your rights can be affected when using these online services, you usually don’t have many options but to look for adjusting increasingly complex privacy settings or you need to be a full time lawyer to read the lenghty terms of service.
The User Data Manifesto aims at defining the basic rights that users should have on their own data when using online services. Recognising these rights is an important first step towards a free society in the digital age, along with Free Software.
Indeed, users should have:
Control over user data access
User data should be under the ultimate control of the user. Users should be able to decide whom to grant direct access to their data and with which permissions and licenses such access should be granted.
Data generated or associated with user data (e.g. metadata) should also be made available to that user and put under their control just like the user data itself.
Knowledge of how user data is stored
When user data is uploaded to a specific service provider, users should be informed about the geographic location that specific service provider stores the data in, how long, in which jurisdiction that specific service provider operates and which laws apply.
This point is not relevant when users are able to store their own data on devices in their vicinity and under their direct control (e.g. servers) or when they rely on systems without centralised control (e.g. peer-to-peer).
Freedom to choose a platform
Users should always be able to extract their data from the service at any time without experiencing any vendor lock-in.
Organisations and activists defending digital rights are joining in this effort to support online services that respect users’ rights. I am proud to be part of that effort and I hope it’s the start of a constructive debate and, hopefully, a humble contribution to our society.
I look forward to your feedback on the manifesto, which I view as a starting point rather than an end in itself.
Thanks to ownCloud, Inc for inviting me over to the ownCloud conf in Berlin.