Enterprise Architecture Blog Posts
Need a little more room to share your thoughts with the community? Post a blog in the SAP Enterprise Architecture group to explain the more complex topics.
Showing results for 
Search instead for 
Did you mean: 
Neither my reading list nor my medical records should be accessible to people I don’t trust. I don’t allow them to record what I buy in the super market, even if they offer me bonus points. I am not posting food on social media channels, because I consider what I eat a personal matter. Still there is not much I can do to keep my data private, because I don't really own my apps. I may deny the consent to receiving cookies or clear my browsing data, but still my usage data will be stored in their databases. Whenever I sign in to one of their services they will share my profile with advertising networks like Doubleclick in order to sell it to the highest bidder.

Twenty years ago I attended Kevin O'Connors keynote at Milia 2000 in Cannes. The Doubleclick founder and CEO presented then what would become the predominant business model of the upcoming internet era. And I ranted and raved that online advertisers were foredoomed, because internet users always find workarounds to block their ads. How wrong I was! O'Connors sold his business to google, and due to their market penetration nobody could escape their data leeches. Back in the days most of us owned our websites, not only the content but also the technology. Today I know that I completely misjudged the development of the medium. With the internet becoming mainstream, content production exploded, but users didn't care about who owned the technical platforms they used for publishing content. Any why should they care as long as they get what they want?

Kevin O'Connors describes himself as a "hardcore free market libertarian". Libertarians basically want to be left alone by authorities and state powers. They claim that the free market will fix problems most efficiently by itself. Admittedly I sympathise with the libertarians, since I doubt that average internet users or governments will be able to change surveillance capitalism. I can also imagine that libertarians find the vision somewhat creepy that an omniscient Laplace 2.0 demon is supervising what they or their kids are doing. To replace surveillance capitalism by a better system I am hoping for a technical solution, perhaps developed and supported by some of the players who pioneered successful internet business models in the first place. Internet users must regain control over their digital identities. Like back in the days everybody who cares should be able to own his personal data, while still being able to access their content and use their apps. To be compatible with their users' personal data services service providers would need to extend their platforms. There might be also a grassroots movement to switch over to alternative communication platforms based on different business models.

Technically, my envisioned solution for a personal data service would include Credentials, Access Control, Permission and Role Management based on open standards and Open Source software from ORY. What would be the benefit to the users? Given that open standards such as OpenID and Oauth are supported, users could still sign in to their preferred communication platforms. With their personal data app users could configure their accounts, and manage their privacy and personalisation settings, similar to how they are doing it on Google today, but different because they would own their data. Personal identity and self esteem rely on the ability to write and rewrite your personal story. Of course you leave a trace. But you should be allowed to correct your mistakes without having to ask an impersonal instance.

Using a commercial app is entering a business relationship, even if no money is being transferred between users to their app providers. Business partners make deals, and good deals are profitable for both sides, buyers and sellers of data. To negotiate and agree on a deal they must be on a par with each other. Users need to share their personal data with others, but they want to regain part of their autonomy by knowing and controlling what their business partners know about them. With the a personal data app users would configure the settings of their apps through a single user interface in a standardised way. If they decide to sell their usage data to advertisers directly, in order to collect bonus points or other benefits, they can do so. The Brave web browser, created by Brendan Eich who also invented Javascript, released in 2019, already uses a model that helps its users receive payments when they permit advertisers to use their personal data.

As my SAP colleague you might ask: we are selling enterprise software. So what, who cares about ownership of personal data in a B2C scenarios? Isn't a "business user" the same as a "user"? I would answer that companies are no different from the rest. As a company I have my trade secrets and a lot of confidential data. I don't want to reveal to everybody who works for me or who my customers are. With a growing dependence on external business services I see a risk that parties I don’t trust will track my biz related activities in order to gain intelligence about my business. When all my sales people are using the Maps app, the app provider will be able to evaluate which prospects they visited. When I use the analytics app of an external provider they will be able to track who visited my online store, and what they purchased. You may call me paranoid, but if I had a company I really couldn't approve of that transparency. I would feel better if my sales people could still use their preferred Maps app, but they would be able to sign in using a company ID issued by an enterprise personal data service.
1 Comment