Our data, ourselves: The User Bill of Rights

Lawrence Lessig on creativity2.0 and the law

I used to think standards were for squares. Especially when it came to the wild web. That was back in early days of my online life, before I knew about Creative Commons, Lawrence Lessig and Open Source. At that time, I didn’t realise that (democratic and fair) freedom of expression was not incompatible with (democractic and fair) standards of use. And, like many people, I didn’t regard myself as a stakeholder or participant in the development of those standards.

And then I realised there were a whole lot of people who did believe they had a stake in how their information was distributed. Ordinary citizens and professional content producers alike were taking part in a user revolution that defied the top down models of the past. And everywhere I looked, the early adopters were having important conversations about what they would and would not accept. That was 2003 when social networking services were starting to emerge as the_next_big_thing and open source models of thinking and creating were starting to take hold.

A message to the late majority: Define and demand your rights

Read on …

Unfortunately, many late majority [1] participants in online life seem indifferent about their privacy, user controls and the rules and regulations that govern the use of their personal data. And that’s largely, in my opinion, due to the fact that late majority users – by definition – do not regard themselves as stakeholders but consumers. For many consumer-oriented late majority users, the logic is simple: if you create a no-cost system that has the features they want and need, they’ll let you have access to their data.

Hey, I can relate. Plenty of the tools I’m using right now are actively mining my data in exchange for the service. But there’s a difference: I regard myself as a stakeholder in these systems. I also believe I’m entitled to user controls, privacy settings and the right to remove any/all data when I see fit to do so. For some of the companies creating those tools, the options above are no big deal. They know it’s just good business practice to do so. They’ve already capitalised on my demographic data so let me decide when I’d like to remove or change that information.

Why I emptied my Facebook account

Last week, I removed all the profile data from my Facebook account. All my work and personal information along with every stupid application, every fake email message and every stated interest. Though I was already unsearchable and making full use of the (limited) privacy settings, I did not like the fact that I had very limited options around the removal of my data.

The current settings require me to manually select EACH post and status update and delete them individually. Not only that, but some of the settings don’t provide a real delete at all but a “hide this” (I don’t want to hide it, it want to delete it!). In order for me to remove (or more properly, conceal) wall posts, status updates and minifeed items I’d have to set aside an entire afternoon to click each one closed. Nobody has that kind of time and they know it. Why are they making it so difficult for us to remove our own data?

As I’ve said before, none of the above is a matter of technological capacity.

Like me, Fortune Magazine’s Josh Quittner thinks flouting users is bad business – he even gives some examples – and suggests a “Facebook Bill of Rights”:

“Facebook’s response to the events of the past few weeks has mainly been, If you don’t like it, leave. That kind of customer service was also found on Delphi, Prodigy and AOL. If I were Zuck, I’d craft a simple Bill of Rights guaranteeing members that they own their own relationships. With Facebook’s users in control, the company is free to try anything it wants.”

He’s right. If we’re going to build things we call “social” networks then we must also, necessarily, give users the same sorts of options we have in our real lives – privacy controls, boundaries, choices. Simple.

DIY: Terms of Service / Bill of Rights

Do yourself a favour: Take ten minutes and think about the privacy settings and user controls you feel you deserve from a social networking service. If you’re not very technical, think about the kinds of settings you’ve got in other services – email, subscriptions, communities, etc.

Step 1: Ask questions

You are a stakeholder in the services you contribute to. Start thinking of yourself as having some rights. And start thinking about what those rights are. Ask questions about your current relationship with the services you use:

  • What are your current rights? (as defined in a company’s TOS)
  • What choices, settings and controls do you need/want? (think about settings available in other services you’re using – like “delete,””edit,” or “select all/none”)
  • What sorts of features do you want (versus/including those offered)?

For example, would you like to have the option to remove all of your content?

Or how about some “boundary” definitions for different types of relationships (i.e., friends, family, coworkers, students, teachers, employers, high school pals, associates, web only relationships, “fans” etc)?

Think about what your rights SHOULD be and then compare those options to the ones you’re currently offered.

Step 2: Make a list

Now write it all down. If possible, do so here in a comment – other readers could benefit from that list. Or put it up in your own blog (please be sure to link back so we can open up the debate). Here’s a great example of what I’m talking about …

A Bill of Rights for Users of the Social Web
Authored by Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington
September 4, 2007

We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:

  • Ownership of their own personal information, including:
    • their own profile data
    • the list of people they are connected to
    • the activity stream of content they create;
  • Control of whether and how such personal information is shared with others; and
  • Freedom to grant persistent access to their personal information to trusted external sites.

> See also Mary Hodder’s vision of this for Dabble

> And danah boyd’s recent post “Let’s define our terms: What is a social networking technology?

Step 3: Publish and share your list

Grab whatever you like from this post and remix and remash your own TOS/Bill of Rights. Then distribute it – via your blog, wall post, email, photocopier. Don’t forget that CC license!

Think about submitting your Bill to companies, organisations or services you’re currently using. If they really value your business, they might also appreciate hearing how they might better serve you (and gain your brand loyalty, etc). Nobody knows your needs better than you – the user.

Related readings:


1. I use the definition of late majority in relation to chronological rates of adoption not SES, which I currently reject in the present contexts of adoption.