A path to standardizing data rights with a common protocol

October 21, 2021ā€¢3 min read

Share this article

This week, Transcend and a consortium of privacy infrastructure companies led by the Consumer Reports Digital LabĀ publicly announcedĀ the development ofĀ a common Data Rights Protocolā€”a standard method for consumers to exercise their data rights under the California Consumer Privacy Act and beyond.

You can see current progress on the protocolĀ on Github.

The decision to be involved in this initiative was an easy oneā€”our mission is to put users everywhere in control of their data, so anything that we can collectively do to support this and give internet users the strongest possible agency over their online privacy is always our north star.

Whatā€™s so exciting about our work here on this protocol, and something thatā€™s a focus of our own work at Transcend, is the notion that getting your data back from the companies you engage with should be as fast, easy, and effortless as it is to provide your data in the first place.

The analogy I like to use is a six-lane expressway of data entering a company every day compared to the bumpy dirt road of an experience in returning that same data to those who have a right to access it.

When my co-founder Mike and I started working together on this at Harvard, we were first focused on the consumer side of the privacy equation, but we quickly realized that to give internet users this control, you have to start with where the data lies. And thatā€™s within the hundreds of data sources and terabytes of personal data that companies hold.

Itā€™s a world in which only a deeply engineered approach can succeed. We believe that the single most important stakeholder to realizing a world of privacy and data rights is the engineer. Why? Because encoding privacy into the foundations of wherever data lies is the only way we can both deliver the data rights users deserve and allow companies to do so in a way that is easy and efficient, scalable, and grounded in positive ROI.

What weā€™re seeing today, and what these new privacy laws reflect, is an evolutionary trend in privacy from compliance-oriented ā€œbare minimumā€ privacyā€”best reflected in the walls of legalese confounding users everywhereā€”to a need for sophisticated engineering implementations that are insanely user-friendly, scalable, and infinitely adjustable to permutations and edge cases.

And we know this isnā€™t just a noble goalā€”our own research proves that at the end of the day, getting privacy right for internet users is good for the companies that hold their data, too.

InĀ a survey of 1,000 American consumers, we found that 88% are largely frustrated by the fact they donā€™t have control over their personal data today, and 93% would switch to a company that prioritizes their data privacy if possible.

A final point thatā€™s of particular interest for me is ensuring that the protocol does not sacrifice security and the protection of user data in the pursuit of interoperability, and Iā€™m particularly excited for Transcend to continue to contribute here. When we were in the early stages of building our platform, we made a decision to architect from the ground up to beĀ secure-by-designĀ and with data minimization at the core, and I believe the same principles apply here. It would be deeply ironic for a privacy provider trusted with handling such sensitive data to be operating from any other baseline.

This goes too for the companies that will interface with this protocolā€”trusting a third party or authorized agent with the orchestration of personal data is an incredibly daunting prospect without the strongest protocols in place. Itā€™s a crucial piece that I believe can make or break our success here.

So to sum up, Iā€™m excited to represent Team Transcend in this work and be part of what weā€™re setting out to do with this initiativeā€”coming together to take todayā€™s and tomorrowā€™s privacy laws and turn them into real control and agency for internet users everywhere.

Read more on the Data Rights Protocol and offer inputĀ here, and check outĀ the Github repo.


Share this article