The Personal Data Trade, and Apple's new permission requirement
This article may contain personal views and opinion from the author.
In response to the outcry over Path, and iOS access to users' Address Books, Apple has come out and told AllThingsD that "any app wishing to access contact data will require explicit user approval in a future software release." This is raising all sorts of questions about privacy, and the personal data trade that we all make with companies. But, first of all, let's just get the blatant question out of the way: why weren't apps required before to get explicit consent from users before allowing apps to access Address Book data? Well, it sort of was and it wasn't. See, Apple has had an iOS App Guideline
on the books for a while stating that developers should get authorization before "transmitting data about a user", but it wasn't a hard requirement. Now, because everyone has gone completely mental over a silly mistake by Path
, Apple is making it a requirement that developers get "explicit consent" from users before the app can access the Address Book.
So, this means that we all have to get ready for more annoying dialog boxes to come popping up in all of our apps. This kind of reaction is perfectly understandable from a company like Apple, because Apple would rather make everyone's lives just a little less efficient, and add just a bit more annoyance, than ignore complaints from common users. Apple is perfectly willing to ignore complaints from power users, because that's a small group with a limited reach. However, when an issue threatens to take away the love that Apple gets from mass media outlets, that's a problem that will get fixed very quickly. Power users can complain forever about how they want widgets in iOS, but Apple won't bother, but if common users are scared that apps are accessing their address books, suddenly Apple has a new mandate for all developers.
Here's the issue we have with this reaction: it's punishing the wrong people. Essentially, this new rule punishes users with more annoying dialog boxes to deal with, and it punishes all developers rather than the ones that are misusing user data. The problem with Path was not that it had access to user address books. The real problem was that Path was storing user address books on its servers
, and keeping them in order to be able to continuously check and alert users when new people that they knew joined the service. Yet, somehow everyone has completely ignored that issue in order to rage against another perceived attack at user "privacy".
Fighting wrongdoing rather than fear
Don't get us wrong, apps should be open about when and how they access user data, and companies should never store user contact data without consent, but that's as far as it needs to go. Path deserved to get some heat because it was storing user address books on its servers, but it is not some huge invasion of privacy that social apps access your address book. If you want to find friends through an app like Path, foursquare, Yelp, etc., how exactly would you expect that app to figure out who you know? It will access your address book. That's the way this stuff works. There is no value in social apps without knowing who you know and making those connections. Making it a requirement that every app get explicit permission before accessing the address book is overkill that's targeting the wrong problem, and all it will do is add a bit more annoyance to millions of users' daily lives.
before that, the only real problem was that the story about Path suddenly made people aware that their address books were being used. We shouldn't be wasting time fighting people's fears, because fears are nothing more than not understanding something, and not understanding the role you play.
This awareness that apps use address data leads inevitably to fear, because people don't seem to understand how all of this stuff works. So, let's try to break it down: social apps need to make connections with the people that you know in order to give you any sort of value, and that means access to your contacts. The other side of the conversation is that ambiguous word "value." Value is a very personal thing, and when it comes to the Internet and apps, value is something that many people see as a one-way street. It is always seen as companies taking our data and giving nothing of value in return.
The Personal Data Trade
Likely, this is because that is how the personal data trade has traditionally gone down. Well before the Internet came along, advertisers got your information from newspaper subscriptions or cable subscriptions in order to send you ads. Every time you signed up for a "member's rewards card" at a store, you were trading those savings (which stores were offering before anyway) for your address and therefore more catalogs and advertising in your mailbox. Every time you dropped your business card in a bowl to "win a free lunch", you were trading that chance to win for your address and of course more ads in your mailbox. Personal data is currency, and it always has been, there's nothing new there. Of course mass media makes no attempt to change this view, so whenever software uses personal data, it is seen as though the tech company is "stealing" data and using it without giving users anything in return. The difference is that this trade is no longer as much of a one-way street as it has been in the past.
The Internet adds major new benefits to the personal data trade dynamic. First, you control your data far more than ever before and more and more you can see where and how it is used. This level of transparency has never been around, and unfortunately it is a double-edged sword. We know far more about how our information is used, which means we can complain when we see misuse, but the visibility makes people think it is a new phenomena that has come along with technology. As we've covered, this data trade is nothing new, but the transparency allows us to control our data far better. More and more, we know how company's gather and use our data, and can act accordingly. The one big exception are Internet Service Providers, which know everything you do on the net, far more than Facebook, Google or anyone else, yet have no obligation to tell you how they use that data.
Another major benefit of the Internet has been that you don't need to give personally identifiable data in order to get value. This is one benefit that is slowly fading, because personally identifiable information is far more valuable than simply personal data. You can give very little and you can still get a ton of value from Google with targeted ads, better search results, etc. even if you never sign-in to Google services. Your browsing history, search history, etc. has value on its own. Even when you are signed in, your data may be connected to demographic information or location information, but that still doesn't tell anyone who you are, and yet you get even better value for your data. And, this is all separate from the various benefits
The biggest benefit of all, however, is that the trade of personal data is no longer your data for some vague savings or potential to win something. Now, the trade is your data for a full service. Some people rage about how Facebook should be paying them for all of the data that it has. Of course, this is absolutely absurd. In the Internet world, we trade our data for the services that we use. Google connects us to any information we are searching for, and all we have to pay is a bit of attention to the ads on the side of the page and, if we choose, we can give Google our search history as well. Facebook connects us to everyone we've ever known (whether we want to or not), and we willingly add data to that machine, because it makes the service better.
And, that's the dirty secret that people haven't yet understood, or are still choosing to ignore. Social companies aren't built on taking our data, they are built on us sharing that data both with them and with our networks that we build with the help of those companies. Facebook would be useless without people sharing data on it, and Path would be just as useless if it had no way to connect you with your friends.
We have every right to get angry and fight back when companies misuse data like Path did, but that doesn't mean we restrict access to everyone. We just have to be careful how and where we direct our anger, and we have to be very careful how these issues get framed. We all get quite a bit of value from social networks, and those networks need access to who we know. However, as long as the companies are transparent about how our data is used, all we need to do is fight back against misuse, not against the fear that maybe our data could be misused.
And, maybe more than anything else, we have to make sure that we help those who are scared of these new services understand why there really isn't anything to fear, but rather there is a lot of value to be gained. If you think this article could help in getting the word out, please feel free to share it wherever you'd like.