It’s over 6 years since I blogged about how the principles of Creative Commons might be applied to privacy and data protection, particularly to help simplify users’ understanding of what would be done with their data.
I included this mock-up of how this might look when citizens are submitting their data into the custody of an organisation, echoing the look and feel of Creative Commons licensing:
So, what progress in the meantime?
In terms of the thinking around how we treat personal data, I think there has been good if slow progress. The recent work on the draft identity assurance principles shows a growing maturity in learning the lessons of the past – and what makes for well designed, or badly designed, information systems.
But I’m not sure there’s been enough progress both in terms of being explicit with citizens and businesses what permissions they’re granting to third parties – nor in terms of making very clear to users in those organisations what rights they have to the personal data entrusted to them.
Alongside the visualisation of the rights associated with data, we need the underlying rights enforced computationally. Ultimately too we need to realise that ensuring the right data is available to the right people at the right time can be done in a secure and trusted fashion – and does not require the potentially dangerous legalistic approach of enforced “data sharing” (with all the security and privacy problems that produces), but rather the better design of our information systems. Achieving this much needed re-design I suspect still remains the most significant challenge.