Feeds

Consumer Profile Exchange could protect privacy

If Congress would get off its ass, that is

  • alert
  • submit to reddit

Boost IT visibility and business value

The IBM-backed, XML-based standard enabling companies to exchange consumer data conveniently over the Web called Customer Profile Exchange (CPE) may not be quite the threat imagined by worried US consumers and privacy advocates.

The scheme itself actually includes provisions for the responsible sharing of information, such as enabling one company to make data available only to others that agree to similar use restrictions, and enabling consumers to access and even control their data profiles while confronting a single, consistent format. These could be good things, or not, depending on how the technology is used.

The true danger here is the lack of any regulatory structure requiring companies to use it in a way that benefits, or at least doesn't threaten, consumers. Simply put, technical standards don't threaten people's privacy -- people threaten people's privacy.

"If you have a technology making it easier to exchange information between different databases, the question is whether companies will respect consumers," Centre for Technology and Democracy (CDT) Senior Policy Analyst Ari Schwartz told The Register. "Even a decent policy of industry self-regulation would be helpful here."

Unfortunately, there is little in place, either among industry groups in terms of self regulation, or nationally in terms of government regulation, to prevent something potentially useful like CPE from being abused.

Certainly individual companies can enter into contractual agreements governing the use of information they supply. "If a company were to go beyond what it has agreed to do with the data, that would be a contract violation which would land them in court," Schwartz pointed out.

The companies are protected from data misuse, but of course consumers have no rights whatever under such agreements. They're not even in a position to influence the sort of standards the better class of company might aspire to. There is virtually nothing under the law that one can use to control what is essentially an extremely valuable commodity belonging to oneself.

In terms of leverage, "you don't have anything," Schwartz observed.

So if the technology is hostile to consumers, it's only because the US regulatory environment is so palpably incommodious. If that were to improve significantly, CPE could become one of the best ways yet devised for consumers to stay on top of their profile information and control what can be shared, and with whom.

It would eliminate (among its subscribers, anyway) the need to deal with myriad privacy policies couched in paragraph after paragraph of misleading legalese, unique to every on-line company one deals with.

One could set one's own standards once, and be done with it. If only, that is, the US Congress would see fit to grant something like rights to consumers. This is not exactly a gimme, as the 107th will convene under a veritable avalanche of privacy proposals, the vast majority of which are pure rubbish.

In the highly rhetorical legal marketplace known as Capitol Hill, it's not hard to imagine a comprehensive and realistic opt-out proposal getting so badly stigmatised by privacy fundamentalists that a pathetically weak opt-in proposal would succeed in its place. It would sound good, but accomplish nothing -- exactly the sort of legislation our venerable representatives support most enthusiastically.

The best of all possible worlds would be a solid, comprehensive opt-in proposal, but we've been around the Hill long enough to know that the advertising and data-mining lobbies will ensure that no such monstrous thing happens.

The next best (and most realistic) thing would be an opt-out bill with real teeth, and there CPE could be a definite boon. In the right regulatory environment, it would make it easy to opt out, and convenient for a consumer to examine what his profile contains and just how it's being used. Combine that with granting him something like rights over a commodity which common sense tells us he owns outright, and we'd have a real winner coming out of conference committee for a change. ®

Build a business case: developing custom apps

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
Microsoft: We're making ONE TRUE WINDOWS to rule us all
Enterprise, Windows still power firm's shaky money-maker
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.