By Ben Brook
October 21, 2021ā¢3 min read
This week, Transcend and a consortium of privacy infrastructure companies led by the Consumer Reports Digital LabĀ publicly announcedĀ the development ofĀ a common Data Rights Protocolāa standard method for consumers to exercise their data rights under the California Consumer Privacy Act and beyond.
You can see current progress on the protocolĀ on Github.
The decision to be involved in this initiative was an easy oneāour mission is to put users everywhere in control of their data, so anything that we can collectively do to support this and give internet users the strongest possible agency over their online privacy is always our north star.
Whatās so exciting about our work here on this protocol, and something thatās a focus of our own work at Transcend, is the notion that getting your data back from the companies you engage with should be as fast, easy, and effortless as it is to provide your data in the first place.
The analogy I like to use is a six-lane expressway of data entering a company every day compared to the bumpy dirt road of an experience in returning that same data to those who have a right to access it.
When my co-founder Mike and I started working together on this at Harvard, we were first focused on the consumer side of the privacy equation, but we quickly realized that to give internet users this control, you have to start with where the data lies. And thatās within the hundreds of data sources and terabytes of personal data that companies hold.
Itās a world in which only a deeply engineered approach can succeed. We believe that the single most important stakeholder to realizing a world of privacy and data rights is the engineer. Why? Because encoding privacy into the foundations of wherever data lies is the only way we can both deliver the data rights users deserve and allow companies to do so in a way that is easy and efficient, scalable, and grounded in positive ROI.
What weāre seeing today, and what these new privacy laws reflect, is an evolutionary trend in privacy from compliance-oriented ābare minimumā privacyābest reflected in the walls of legalese confounding users everywhereāto a need for sophisticated engineering implementations that are insanely user-friendly, scalable, and infinitely adjustable to permutations and edge cases.
And we know this isnāt just a noble goalāour own research proves that at the end of the day, getting privacy right for internet users is good for the companies that hold their data, too.
InĀ a survey of 1,000 American consumers, we found that 88% are largely frustrated by the fact they donāt have control over their personal data today, and 93% would switch to a company that prioritizes their data privacy if possible.
A final point thatās of particular interest for me is ensuring that the protocol does not sacrifice security and the protection of user data in the pursuit of interoperability, and Iām particularly excited for Transcend to continue to contribute here. When we were in the early stages of building our platform, we made a decision to architect from the ground up to beĀ secure-by-designĀ and with data minimization at the core, and I believe the same principles apply here. It would be deeply ironic for a privacy provider trusted with handling such sensitive data to be operating from any other baseline.
This goes too for the companies that will interface with this protocolātrusting a third party or authorized agent with the orchestration of personal data is an incredibly daunting prospect without the strongest protocols in place. Itās a crucial piece that I believe can make or break our success here.
So to sum up, Iām excited to represent Team Transcend in this work and be part of what weāre setting out to do with this initiativeācoming together to take todayās and tomorrowās privacy laws and turn them into real control and agency for internet users everywhere.
Read more on the Data Rights Protocol and offer inputĀ here, and check outĀ the Github repo.
By Ben Brook