At Fission, we believe that people and the communities they belong to deserve more agency over their data. In the Harvard Business Review article, Why It's So Hard for Users to Control Their Data by Bhaskar Chakravorti, digital agency is defined as the ability of users to own the rights to their personal data, manage access to this data and potentially be compensated fairly for such access.
The Case for User-Owned Data
Web 2.0 saw a huge rise in app platforms, and users became used to sharing their personal information to gain access. But as data breaches occurred and tracking became more sophisticated, users started pushing back against data collection and its resulting invasions of privacy.
Legislation like GDPR was passed to protect users by spelling out their rights over their data, but this isn't enough. How many users tick the checkbox and authorize data collection and tracking on the websites they visit simply so they can carry on with what they were doing?
Many users care about data privacy, but their actions don't always match their concerns. Chakravorti lays out three possible reasons: 1) Data is intangible, and because we're not physically handing it over, it doesn't feel as meaningful to us 2) Users have little leverage to negotiate more data agency because they feel trapped in many services 3) Managing one's own data is complex.
How can we mitigate these roadblocks and empower users to take back control of their data and privacy, but do so in a more intuitive and user-friendly way?
Local first apps adopt principles and practices prioritizing data ownership, privacy, and control. Data is stored locally on users' devices, giving them direct control over their information. Even if data is synchronized across devices or stored in the cloud, local-first apps often use end-to-end encryption to ensure it remains inaccessible to unauthorized individuals. Users can even modify their data when there is no Internet connection!
The way changes are made in local-first file systems also empowers users. For example, CRDTs handle data synchronization and guarantee eventual consistency while allowing users to collaborate with others and retain control over their data.
Fission's Webnative File System (WNFS) is a local-first E2EE file system that developers can integrate with their apps to ensure their users are in control while they remain GDPR-compliant. It's a win-win!
As mentioned earlier, many users feel trapped on their platforms because there is no easy way to transfer their data from one service to another. There are ways a user can download their data and request its deletion from the server, but porting that data over to another similar service and picking up where they left off has not always been that simple. It wasn't until GDPR mandated the right to data portability that big tech companies came together to work on the Data Transfer Project and make downloaded data standardized. As a result, companies like Apple, Meta, and Google now interoperate with each other.
Another way of using standardization is to create a protocol. Sir Tim Berners-Lee, the creator of the World Wide Web, has been working on a new web infrastructure called Solid. Solid lets users store their data securely in "Pods". Pods are decentralized data stores that act as secure personal web servers for data. It is similar to the local-first app approach in that the data remains with the users. Applications that adhere to standard, open, and interoperable data formats and protocols, like Linked Data, can store and access data in Pods with the user's consent using the Solid Protocol.
Blockchain technologies have also empowered users to store their data with more agency. Disco.xyz uses a "data backpack" to keep their data portable while transitioning from Web2 to Web3. By combining Decentralized Identifiers (DIDs) with Verifiable Credentials (VCs), users can cryptographically verify their identities and share their data with their chosen communities or apps.
Data Trusts and Data Commons
A data trust looks after the data and data rights of individuals. Trustees act on behalf of the collective good of the group and can decide whether to grant or revoke access to their members' data. And according to the MIT Technology Review article How Data Trusts Protect Privacy by Anouk Ruhaak, "because the data trust would represent a collective, it could negotiate terms and conditions on our behalf. Thus, it could allow us to exercise our rights as producers of data in much the same way trade unions allow workers to exercise their rights as purveyors of labor."
Furthermore, data trusts are a way to make larger data sets more available for AI training, research, and innovation while keeping users in control. This could even be a mechanism for users to get paid for their data - similar to how people are paid when participating in clinical trials.
The growth of user-owned data solutions can lead to several benefits, such as increased transparency, privacy-centric and user-friendly applications, and more healthy competition across platforms. User data is less susceptible to breaches or unauthorized access, and users feel empowered and in control.
Which of these solutions resonates with you? Were there any solutions we didn't mention that you'd like to discuss? Leave us a comment below!