By Ben Brook
October 21, 2021•3 min read
This week, Transcend and a consortium of privacy infrastructure companies led by the Consumer Reports Digital Lab publicly announced the development of a common Data Rights Protocol—a standard method for consumers to exercise their data rights under the California Consumer Privacy Act and beyond.
You can see current progress on the protocol on Github.
The decision to be involved in this initiative was an easy one—our mission is to put users everywhere in control of their data, so anything that we can collectively do to support this and give internet users the strongest possible agency over their online privacy is always our north star.
What’s so exciting about our work here on this protocol, and something that’s a focus of our own work at Transcend, is the notion that getting your data back from the companies you engage with should be as fast, easy, and effortless as it is to provide your data in the first place.
The analogy I like to use is a six-lane expressway of data entering a company every day compared to the bumpy dirt road of an experience in returning that same data to those who have a right to access it.
When my co-founder Mike and I started working together on this at Harvard, we were first focused on the consumer side of the privacy equation, but we quickly realized that to give internet users this control, you have to start with where the data lies. And that’s within the hundreds of data sources and terabytes of personal data that companies hold.
It’s a world in which only a deeply engineered approach can succeed. We believe that the single most important stakeholder to realizing a world of privacy and data rights is the engineer. Why? Because encoding privacy into the foundations of wherever data lies is the only way we can both deliver the data rights users deserve and allow companies to do so in a way that is easy and efficient, scalable, and grounded in positive ROI.
What we’re seeing today, and what these new privacy laws reflect, is an evolutionary trend in privacy from compliance-oriented “bare minimum” privacy—best reflected in the walls of legalese confounding users everywhere—to a need for sophisticated engineering implementations that are insanely user-friendly, scalable, and infinitely adjustable to permutations and edge cases.
And we know this isn’t just a noble goal—our own research proves that at the end of the day, getting privacy right for internet users is good for the companies that hold their data, too.
In a survey of 1,000 American consumers, we found that 88% are largely frustrated by the fact they don’t have control over their personal data today, and 93% would switch to a company that prioritizes their data privacy if possible.
A final point that’s of particular interest for me is ensuring that the protocol does not sacrifice security and the protection of user data in the pursuit of interoperability, and I’m particularly excited for Transcend to continue to contribute here. When we were in the early stages of building our platform, we made a decision to architect from the ground up to be secure-by-design and with data minimization at the core, and I believe the same principles apply here. It would be deeply ironic for a privacy provider trusted with handling such sensitive data to be operating from any other baseline.
This goes too for the companies that will interface with this protocol—trusting a third party or authorized agent with the orchestration of personal data is an incredibly daunting prospect without the strongest protocols in place. It’s a crucial piece that I believe can make or break our success here.
So to sum up, I’m excited to represent Team Transcend in this work and be part of what we’re setting out to do with this initiative—coming together to take today’s and tomorrow’s privacy laws and turn them into real control and agency for internet users everywhere.
Read more on the Data Rights Protocol and offer input here, and check out the Github repo.
By Ben Brook