There is space in the market for a company to become an Data Guardian for the digital trails and activities created everyday by everybody that users the Internet.
This
would be a service provided to the end user (person or company) that
would store and anonymize the user's data (as stored or used by 3rd
party services), in a way that the user would be able to control who,
what, how and when their data is shared and used.
In practice
this means that the user would stop being 'the product' (whose data is
used and sold without his/her control), and would become 'the customer'
(able to control/manage its own data).
From a technological
point of view, this would be a service that acted as a Data Broker (or
Guardian) between the user and a particular service (or government). A
key requirement would be the security of this service, maybe even
including features where only the user is actually able to
decrypt/unlock data (i.e. even the 'Data Guardian' service would not
have access to the data, which makes it easy to protect :) ). This would
also reduce the amount of (real) user's data that is stored by
analytics companies, banks, supermarkets, loyalty cards, websites, phone
companies, etc... (you can think of this service as 'TOR for day-to-day
data')
Unfortunately companies like Google, Facebook, Twitter,
LinkedIn and our own Governments, have a business model that is
designed around the erasure of user's privacy. They are also actively
engaged on social engineering their users into accepting less and less
accountability into how their user's data is used, stored and sold.
Their real customers (the ones actually paying) want to have more and
more access to their product (ie. the users), which puts these companies
in a conflict of interest situation on the topic of their product's
privacy.
But are the users (i.e. the product) happy with this
situation? Are they happy with the fact that they have no control over
who gets their web, banking, geolocation or even PII information? Of
course not! But since the risk is still low (or only affecting a small
number of the wider population), there is still no critical mass in
demanding change. That said, we can start to see the change happening by
the recent moves by the EU and US, although I think that we are still a
couple 'major incidents' away from real changes to be forced into the
industry.
So who is going to lead this effort and become a
trusted 'privacy' brand for users? A brand/service so good that the
users are willing to pay them for data protection. Well, for sure the
companies whose business model depend on No Privacy will not be
the ones pushing (which is a massive blind spot for then, since for
example, Google business model should be based on protecting my data, not
in selling it).
Maybe its a government agency or NGO that will do this?
Most likely it will be a company whose business model is aligned with the user's privacy and data sharing desires.
The
irony is that when users allow their data to be shared with company
XYZ, they are actually much more valuable to that company (which is
something that can be sold, and maybe the user could even be given a
share the profit generated by those transactions). After all, users like
targeted marketing and information, as long as it is relevant to then,
actionable and non-intrusive. Google (and others) make billions on
selling our data, why should they keep all the profits?
