Feeds

Consumer Profile Exchange could protect privacy

If Congress would get off its ass, that is

  • alert
  • submit to reddit

Build a business case: developing custom apps

The IBM-backed, XML-based standard enabling companies to exchange consumer data conveniently over the Web called Customer Profile Exchange (CPE) may not be quite the threat imagined by worried US consumers and privacy advocates.

The scheme itself actually includes provisions for the responsible sharing of information, such as enabling one company to make data available only to others that agree to similar use restrictions, and enabling consumers to access and even control their data profiles while confronting a single, consistent format. These could be good things, or not, depending on how the technology is used.

The true danger here is the lack of any regulatory structure requiring companies to use it in a way that benefits, or at least doesn't threaten, consumers. Simply put, technical standards don't threaten people's privacy -- people threaten people's privacy.

"If you have a technology making it easier to exchange information between different databases, the question is whether companies will respect consumers," Centre for Technology and Democracy (CDT) Senior Policy Analyst Ari Schwartz told The Register. "Even a decent policy of industry self-regulation would be helpful here."

Unfortunately, there is little in place, either among industry groups in terms of self regulation, or nationally in terms of government regulation, to prevent something potentially useful like CPE from being abused.

Certainly individual companies can enter into contractual agreements governing the use of information they supply. "If a company were to go beyond what it has agreed to do with the data, that would be a contract violation which would land them in court," Schwartz pointed out.

The companies are protected from data misuse, but of course consumers have no rights whatever under such agreements. They're not even in a position to influence the sort of standards the better class of company might aspire to. There is virtually nothing under the law that one can use to control what is essentially an extremely valuable commodity belonging to oneself.

In terms of leverage, "you don't have anything," Schwartz observed.

So if the technology is hostile to consumers, it's only because the US regulatory environment is so palpably incommodious. If that were to improve significantly, CPE could become one of the best ways yet devised for consumers to stay on top of their profile information and control what can be shared, and with whom.

It would eliminate (among its subscribers, anyway) the need to deal with myriad privacy policies couched in paragraph after paragraph of misleading legalese, unique to every on-line company one deals with.

One could set one's own standards once, and be done with it. If only, that is, the US Congress would see fit to grant something like rights to consumers. This is not exactly a gimme, as the 107th will convene under a veritable avalanche of privacy proposals, the vast majority of which are pure rubbish.

In the highly rhetorical legal marketplace known as Capitol Hill, it's not hard to imagine a comprehensive and realistic opt-out proposal getting so badly stigmatised by privacy fundamentalists that a pathetically weak opt-in proposal would succeed in its place. It would sound good, but accomplish nothing -- exactly the sort of legislation our venerable representatives support most enthusiastically.

The best of all possible worlds would be a solid, comprehensive opt-in proposal, but we've been around the Hill long enough to know that the advertising and data-mining lobbies will ensure that no such monstrous thing happens.

The next best (and most realistic) thing would be an opt-out bill with real teeth, and there CPE could be a definite boon. In the right regulatory environment, it would make it easy to opt out, and convenient for a consumer to examine what his profile contains and just how it's being used. Combine that with granting him something like rights over a commodity which common sense tells us he owns outright, and we'd have a real winner coming out of conference committee for a change. ®

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?