Feeds

Consumer Profile Exchange could protect privacy

If Congress would get off its ass, that is

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

The IBM-backed, XML-based standard enabling companies to exchange consumer data conveniently over the Web called Customer Profile Exchange (CPE) may not be quite the threat imagined by worried US consumers and privacy advocates.

The scheme itself actually includes provisions for the responsible sharing of information, such as enabling one company to make data available only to others that agree to similar use restrictions, and enabling consumers to access and even control their data profiles while confronting a single, consistent format. These could be good things, or not, depending on how the technology is used.

The true danger here is the lack of any regulatory structure requiring companies to use it in a way that benefits, or at least doesn't threaten, consumers. Simply put, technical standards don't threaten people's privacy -- people threaten people's privacy.

"If you have a technology making it easier to exchange information between different databases, the question is whether companies will respect consumers," Centre for Technology and Democracy (CDT) Senior Policy Analyst Ari Schwartz told The Register. "Even a decent policy of industry self-regulation would be helpful here."

Unfortunately, there is little in place, either among industry groups in terms of self regulation, or nationally in terms of government regulation, to prevent something potentially useful like CPE from being abused.

Certainly individual companies can enter into contractual agreements governing the use of information they supply. "If a company were to go beyond what it has agreed to do with the data, that would be a contract violation which would land them in court," Schwartz pointed out.

The companies are protected from data misuse, but of course consumers have no rights whatever under such agreements. They're not even in a position to influence the sort of standards the better class of company might aspire to. There is virtually nothing under the law that one can use to control what is essentially an extremely valuable commodity belonging to oneself.

In terms of leverage, "you don't have anything," Schwartz observed.

So if the technology is hostile to consumers, it's only because the US regulatory environment is so palpably incommodious. If that were to improve significantly, CPE could become one of the best ways yet devised for consumers to stay on top of their profile information and control what can be shared, and with whom.

It would eliminate (among its subscribers, anyway) the need to deal with myriad privacy policies couched in paragraph after paragraph of misleading legalese, unique to every on-line company one deals with.

One could set one's own standards once, and be done with it. If only, that is, the US Congress would see fit to grant something like rights to consumers. This is not exactly a gimme, as the 107th will convene under a veritable avalanche of privacy proposals, the vast majority of which are pure rubbish.

In the highly rhetorical legal marketplace known as Capitol Hill, it's not hard to imagine a comprehensive and realistic opt-out proposal getting so badly stigmatised by privacy fundamentalists that a pathetically weak opt-in proposal would succeed in its place. It would sound good, but accomplish nothing -- exactly the sort of legislation our venerable representatives support most enthusiastically.

The best of all possible worlds would be a solid, comprehensive opt-in proposal, but we've been around the Hill long enough to know that the advertising and data-mining lobbies will ensure that no such monstrous thing happens.

The next best (and most realistic) thing would be an opt-out bill with real teeth, and there CPE could be a definite boon. In the right regulatory environment, it would make it easy to opt out, and convenient for a consumer to examine what his profile contains and just how it's being used. Combine that with granting him something like rights over a commodity which common sense tells us he owns outright, and we'd have a real winner coming out of conference committee for a change. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
4chan outraged by Emma Watson nudie photo leak SCAM
In the immortal words of Shaggy, it wasn't me us ... amirite?
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.