​User data manifesto seeks to give people control of their data

Your personal data is the currency of the modern Internet. Google, Facebook, and LinkedIn -- to name but three -- all primarily profit from collecting your personal data. At the same time, data breach after breach, such as Office of Personnel Management, Ashley Madison, and Anthem, have revealed the secrets of tens of millions of people. What can you do about it?

Frank Karlitschek, founder of the open-source ownCloud program, has been seeking to define the "basic rights for people to control their own data in the Internet age."

Karlitschek and his colleagues have been working on this idea since 2012. Now, in Berlin at the ownCloud Contributor Conference on August 29, they've launched the User Data Manifesto 2.0. This time, it has the support of not only its developers but multiple open-source organizations as well. The Manifesto is being backed by KDE, GNOME, and Free Software Foundation Europe,

The Manifesto aims to explain what it means to control your data and offers basic guidelines for services to measure their respect for users and their data.

In an e-mail interview, Karlitschek explained:

With the increased reliance on online services today come risks. Many terms of services under which many modern businesses operate do not respect ownership of data in a way that benefits their users. Often, data uploaded is largely or even entirely owned by the service, creating a vendor-lock in. Users can not switch to other services, can not extract their data, see their data sold to other parties or are forced to pay increasing fees to access their own data. As users put more and more important, sensitive and private data online, this poses serious risks and puts undue power in the hand of the providers of these services. Unfortunately, there is an awareness problem as many people lack the information to judge the dangers associated with online services.

Therefore, according to the User Data Manifesto, there are three core user personal data rights:

1. Control over user data access,
2. Knowledge of how user data is stored, and which laws or jurisdictions apply.
3. Freedom to choose a platform, without experiencing vendor lock-in.

The organizations behind the Manifesto are encouraging users to demand that online and cloud services honor these rights. If they do so, they could then place the following declaration on their websites: "X (organization name) consider the rights described in the User Data Manifesto important in this day and age and we are co-signers of version 2.0." This would let people know that these sites and services -- by implementing these rights -- should be safe for use with even very private or personal data.

For this to work in the real world, users must demand this. Considering what an awful job companies do on all these points, not to mention their dreadful track record of protecting personal data, it's high-time users demand this level of control over their personal data. After all, it is your data.

Related Stories:

• Windows 10 sends data to Microsoft, despite privacy settings
• How to secure Windows 10: The paranoid's guide
• NIST floats framework for privacy risk management in Fed systems