Re: personal data policy

On 9 Jul 2014, at 9:46 pm, Kingsley Idehen <kidehen@openlinksw.com> wrote:

> On 7/9/14 7:24 AM, Tim Holborn wrote:
>> 
>> On 9 Jul 2014, at 9:08 pm, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>> 
>>> On 7/9/14 6:23 AM, Tim Holborn wrote:
>>>> Reasonably; with special regard to decentralised opportunities, a user in the future may be able to select from an array of standardised positions, such as.
>>>> 
>>>> - use my data for the transaction purpose only
>>>> - add me to your loyalty program (perhaps permissions therein)
>>>> - share my details to your partners, associates and sponsors (equally - perhaps for a specified purpose - i.e. for the purpose of promoting this online petition…).
>>>> 
>>>> secondly; an aspect relating to the data storage and accessibility of data stored by 3rd parties about an individual becomes a secondary inclusion.
>>>> 
>>>> - We’ll store your details securely in our database (you don’t have access to it).
>>>> - We’ll store your details securely and provide you an administration interface
>>>> - We’ll store your details and you can delete / append / modify / change privacy settings
>>>> - We’ll store your details and give you a copy (perhaps 5 star linked data?)
>>>> - You can store the data, we’ll get it from you when we need it, but store a back-up
>>>> - You store your data, if you loose it you’ll need to create a new credential to gain access.
>>>> 
>>>> I’ve found http://wiki.creativecommons.org/CC-inspired_projects_for_Terms_of_Service_and_Privacy_policies
>>> 
>>> You can't ask someone to perform these data access tasks on your behalf, and expect it to happen without privacy (self calibration of one's vulnerability, in any realm).
>>> 
>> At the moment it seems the ‘native state’ of belief - is that in-order for a system to obtain ‘critical mass’ xx% will not read the policy, x/xx% will read, but will be required to agree (because their friends asked them to join, or whatever) and the rest will be left out till they join the other two groups. 
>> 
>> Underlying that - is perhaps a psychological principle?  that if you make it too complicated - people will give-up and agree.  Squeaky wheel gets the grease…  
>> 
>> It’s not my suggestion that i can enforce a policy by way of a creative-commons like mechanism - but rather, provide a capability where someone can declare the principal - like sticking the URI in your FOAF file…. 
>> 
>>> What you can do is publish you data from a personal data space that provides you with the ability to construct data access controls or policies. On the Web, such a system is basically what you end up with when the following are put to proper use:
>>> 
>>> 1. HTTP URIs
>>> 2. RDF statements
>>> 3. Logic.
>>> 
>> understood ;)
>> 
>>> You can invert the current model (where they take your data for the illusion of $0.00 services on the Internet & Web), and leverage the nature of being a human individual en route to achieving all of the above. Remember, social network service providers can't really stop you creating encrypted content in the data space they provide i.e., in the most extreme cases, you can leverage symmetric and asymmetric data encryption. Email (where most privacy compromises start) has always had S/MIME (broadly implemented across existing operating systems -- desktop to mobile) as mechanism for achieving this goal, at internet scale. Add some RDF and Logic, and it works even better at Web-Scale, for instance.
>>> 
>> re: “companies work for $0 - yeah - we understand - we’re experts in the field. We’re one of the few, and i’d put beyond that your probably one of the very few within the group that is only a few, et.al… 
>> 
>> The nature of commerce always depended upon the concept of ‘agreement’. the creative commons approach is not simply RDF.  Yet, GraphDB’s inherently require a new form of thinking around how to approach this arena of dev. 
>> 
>> I was looking for http://www.w3.org/2007/09/map/main.jpg and found http://www.w3.org/2008/Talks/0610-rpi-tbl/
>> 
>>> Government is only useful (re., construction and evolution of relevant laws) when they properly understand privacy in the digital realm.
>>> 
>> 
>> I think the laws exist. it’s about the implicit agreements made, and the ‘catch-up’ needed for an LDP enabled world.  ATM; we’ve got institutional fragmentation of identity related data.  If that’s pulled into data-spaces, I think we need to be more explicit about the use-cases we’re entering into, in relation to that data.  
>> 
>> Given the scope, i figured W3C community group might be a good conduit; given the broad scope of engagement and perhaps also - community groups located in local territories that might in-turn assist in supporting local requirements, etc.  Yet, i’m not particularly sure.  I know it’s relationship to RDF (especially) whilst understanding the broader potential implications…  
>> 
>> Speaking with GOV. Rep. today - it seems he feels it’s not his role to provide leadership in this area, which was disappointing, but accepted.  Other groups provided enormously positive feedback - so, i’m reflecting that back to the community in seeking to define some next steps...
> 
> If we map privacy in the real-world (sorta understood by politicians) to its equivalent in the digital realm (sorta understood by technologists) we will end up with what we need. Getting there, is the challenge as there are too many points of confusion (right now) impeding this desperately needed progress.
> 
> Note, when I refer to "RDF" is am actually referring to a language rather than any specific notation used to inscribe data representation to documents. Unfortunately, specific notations orientation of most RDF specs is still a source of confusion and conflict :( 
> 
> We need to get the folks to perceive RDF as a Language for representing the nature and manifestation or entity relationships, using a variety of notations. Once that's out of the way, folks will start thinking more about the implications of entity relations semantics (which underlie everything) first, instead of thinking (as is often the case) first about who or how they are going to write a parser for a specific specific RDF notation (or which there are many: Plain Old Semantic HTML [POSH], "Link:" in HTTP, and the other usual suspects i.e., N-Triples, Turtle, RDFa, JSON-LD, Microdata etc..) .
> 

The function provided by Creative Commons isn’t simply about compliance or enforcement - it’s more about the agreement.  The fact that someone who created something can assert a form of rights to it, and seek that others respect that decision in relation to their ‘stuff’.  Obviously data relating to a person is different to traditional forms of content; and even within the greeny-grey, and quite opaque sphere of the two fields - the use of ‘metadata’, definitions of what is content and what is data - is often conveyed in an array of different means and definitions.  

If the supplier of this data/content/metadata/identifier data/identity data/sensor-data (etc) sought to assert a license-principle - then overtime, even if it’s simply wordpress users deploying it to begin with, i think, much like Creative Commons, it would slowly gain acceptance.  once something like a cc license is inserted into a table, in relation to data - the data can obviously be filtered in relation to that field.. therein also, if/when compliance requirements change, the cost of maintaining compliance might go down - or moreover, customer relationships become enhanced - another means to reduce unwanted traffic - a really sophisticated ‘web-sticker’ that basically extends that concept of ‘no junk mail please’ to the era of semantic web...

I agree re: RDF.  the semantics of TTL, Semantic Web, JSON-LD and all the other variants describing a similar function - well…  W3C Standards orientated is the most important factor for me.  No point breaking down SNS’s by creating a better, bigger, more uncontrollable data funnel.  At least data is institutionally fragmented in its current SNS structures; yet, i still think we can do better :)

> 
> -- 
> Regards,
> 
> Kingsley Idehen	      
> Founder & CEO 
> OpenLink Software     
> Company Web: http://www.openlinksw.com
> Personal Weblog 1: http://kidehen.blogspot.com
> Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this