At DataGrail, we believe that privacy is a human right. But, currently, exercising privacy rights—like the right to delete personal data, or access data—is too difficult for individuals.
To get us closer to achieving DataGrail’s vision of people having control over their privacy and identity, we are collaborating with the Consumer Reports Digital Lab (CR Digital Lab) and other industry leaders to make it easier for consumers to exercise their rights. This starts with developing a standard way for businesses to process these privacy requests—a protocol is specifically intended to scale out the number of requests an individual can make. This includes the ability for a person to hire an authorized third-party (aka Authorized Agent) to perform several privacy requests on their behalf.
As new privacy regulations emerge and awareness grows, we expect more and more people to exercise their newfound privacy rights. That makes it more critical than ever for the privacy software industry to come together to create a new standard.
The process to exercise privacy rights today is messy. Let’s say a consumer wants to understand what sorts of personal information online brands have on them so they can have better control over their online identity. The process starts with trying to figure out what brands have your data in the first place!
Assuming you know what brands have your data, the next step is to initiate requests to access or delete that data. I recently tested out the privacy request process with 14 different brands, and it took me over two hours. For each request, I spent time searching for the right page on the brand’s website, and each site had a different process. It was frustrating, and in some cases, impossible to complete. I received several error messages, challenging (and overreaching!) identity verifications, and lots of spinning wheels.
Our own data shows that people have embraced CCPA, and as we look ahead we expect we’ll see even more people exercising their rights as privacy issues continue to dominate the headlines. With Apple leading a new charge on privacy and CCPA entering its enforcement stage, consumers are not only more aware of how their data is being used than ever before, they also realize, perhaps for the first time, that they have options to protect their information.
Today is just the start: Consumer Reports is co-hosting a virtual Data Rights Roundtable with MIT Media Lab to discuss an early draft of a data rights protocol. Our goal is to develop a standardized way consumers and Authorized Agents can exercise personal data rights, receiving the data in a standardized way. The protocol will integrate with an ecosystem of data rights middlewares, agent services, automation tool kits, and privacy-respecting businesses, empowering and building trust with consumers while driving the cost of compliance towards zero.
This virtual event begins at noon ET today and you can register here. Consumer Reports Digital Lab is also inviting public review on our work to date starting today. You can offer feedback on the current draft of the protocol via this input form or pull requests to the public GitHub repository.
We’re thrilled to be a part of this process, and look forward to forging a path that makes it even easier, more secure, and more scalable than ever for people to exercise their privacy rights.