Working Wider

Data Dandruff Control:
The Challenges of Privacy vs. Permission

privacyUnless you constantly cleanse yourself after every contact with the world, you’re dropping flakes of personal information behind that make the DNA information in epithelial cells found at TV crime scenes pale in comparison.  That’s data dandruff.

Data dandruff comes from social network posting, cell phone and surveillance cameras, GPS sensors, web search queries, affinity credit cards and shopping clubs purchases.  It tracks where you are, where you’ve been, what you bought, and via search queries, what you’ve thought about.  Unless you intentionally go off the grid, you’re flaking data bits.

What’s changed is that now there’s a giant Dustbuster called Big Data that sucks, stores and searches data dandruff hoping to find bad guys who set off bombs, sell us more stuff, track the latest bird flu strain and more.  Sure each flake may not have your personal ID but many do and by looking for patterns, it’s not that hard to find that out.

Here’s the kicker, what might sound like a paranoid evolution of Big Brother usually happens with our permission; if not initiative.  We give permission every time we click “accept” and “share”.

This piece looks at the rapidly evolving dance between privacy and permission and offers a few new rules for consideration.

Generational-Exponential Evolution Mismatch

As Ray Kurzweil points out, technology develops exponentially.  2-4-8-16 and by step 30, you’re at a billion. Cell phones are a millions times cheaper and a thousand times more powerful than those room-filling computers we had 25 years ago.

Humans don’t change anywhere near that fast.  We evolve linearly at best.  We mark the striations between generations with terms like “millennials”. We know technology marches forward but that doesn’t mean we’re all that different from Warner Brothers Studios’ founder Harry Warner who said in 1927, “Who the hell wants to hear actors talk?”

As a result, we’re constantly trying to control technology as it evolves.  What was wondrous at small scale becomes concerning as it grows.  Giving permission to one retailer or web-site at a time morphs into a personally sanctioned public presence beyond our original intentions.

Permission vs. Privacy

Not only are we near-sighted about how far our permission may extend, the reality is there are few ways to rescind permission once granted.  Who has a log of all the permissions they’ve granted?  Who would you contact if you even knew?  And unlike business contracts, most permission grants lack built in expiration dates.  Our actions don’t unlock the barn door; they take it off its hinges.

With a few notable exceptions such as credit bureaus, data holders don’t have to report to whom they’ve passed the data.  Nor do we know what specifically was passed.  We might assume the data that was passed was only what we put on any application or form but that’s not true.  It’s commonplace for web tracking software to include IP addresses and while not as precise as physical street numbers they are pretty easy to triangulate back to your computer’s location.

New Rules

There’s a difference between opting in and opting out.  As Tom Friedman pointed out in a recent column, our society is evolving so that unless one opts out, the default is you are in.  The consequences of opting in have grown with the growth and convergence of data streams but the standard remains relatively untouched.

Ask anyone over thirty-five to explain how Facebook’s privacy settings work.  I’m not blaming Facebook as they’re just the lightning rod for the issue.  I am saying the exponential expansion of technology has raised complexities that outpace our ability to digest change.

To remount the barn door, consider:

  1. Permission sunset:  All permissions granted automatically sunset in two years and have to be renewed by users.
  2. Permission granularity:  Stop all or nothing permissions.  This could even include charging a token service fee for modified permissions administration
  3. Reported data shares:  Inform users when their data is shared, with whom and when.
  4. Permission clearing:  Take the current “no call” registry and expand it to cover use cases beyond marketing robo calls/faxes.


Many of the above are simple to implement.  For example, Strava allows me to track and share my bike ride routes while blocking the exact GPS location of my home starting point.  Google+ circles and similar tiered features in Facebook let us differentiate who gets what of our social posting.  Let’s extend what we’ve already applied to some user initiated content sharing to other data streams.

Over ten years ago Sun Microsystem founder’s Scott McNealy’s blurted that privacy was a red herring because “you have none – get over it.”  Today, McNealy’s comment probably has even more truth but that doesn’t make privacy or our complicit permission giving less important.

1 comment… add one
  • Google Jun 30, 2014 @ 22:02

    No one routes for the evil villan who’s run off with the
    hero’s beau, same applies to a site that’s been stuck in Google’s
    naughty corner. It has the highest ROI (Return of Invesment) in all
    advertisement channels. Reputation Defense Online an around the world Cyber Investigation along with Litigation Assistance Agency for Net Defamation,
    often receives inquiries from attorneys along with law enforcement agencies on the
    way to subpoena Google’s Legal Division.

Leave a Reply

Your email address will not be published. Required fields are marked *