Working toward Personalized Commerce

The Office of the Privacy Commissioner of Canada made this outstanding video called Privacy and Social Networks. It’s important to understand, as this video shows, that this harvesting of personal data is going on all the time.

Coaching moment: There are two sides to this problem. On one side are the account holders of these social networking sites. They are busy disclosing their interests, connections, and lives. These account holders may not realize that they are being mapped and sold out to the extent that they are. Perhaps they think it’s ok.

On the other side are the businesses that run these sites. They have Terms of Service (TOS) contracts that account holders agree to, whether they read the terms or not. The businesses engage in harvesting and selling practices that benefit their bottom line. (Would you expect anything less? They are businesses, and this is one way that it’s done.) The problem is that the buying and selling of account holder data is not transparent to the account holders.

If this makes you feel uneasy (and I think it should), think about how you’d change this model. An underlying assumption of the whole user data exchange is that companies want to sell you their stuff. The harvesting and data collection is about making sure you’re more likely to be interested in what they want to sell you. Marketers don’t like guessing, and they often get it wrong. (When you don’t buy, it’s a wasted catalog).

But what would it look like if you had a platform for requesting marketing material for something you’re interested in buying, instead of getting angry that you have so much spam and bulk mail (catalogs and the like)?

This is a much longer post about some work being done in this area.

The most notable work is being done by Project VRM. The term VRM stands for Vendor Relationship Management. Doc Searls and others working in this area acknowledge that VRM is a placeholder term. The idea behind VRM is that its an alternative to CRM, or customer relationship management, which marketing departments and firms use to keep track of the people they sell stuff to. In my mind, what this group is working toward is something I’m calling Personalized Commerce.

How do we get to this state? Let’s take a few steps back. There are two significant barriers to overcome. First, the social networking sites, as well as banks, credit card companies, phone companies, and many other industries that we currently do business with, consider the data that they gather to be theirs to sell. Second, we don’t have a platform for exchange: how do we talk to the market, aside from going to a store and buying what we need? What if it’s not sold at a store? or not sold nearby? or specialized in some way?

In this post, I’m not going to talk about the legal framework for data ownership and exchange. We’re agreeing to the Terms of Services, which makes this a complicated legal issue. Additionally, this can be looked at as a copyright problem. There’s a law review article or two waiting to be written on this topic.

What then about the platform for exchange? A precondition for individual-oriented or personal commerce is a set of understood and agreed upon standards for exchanging data. To bypass the need to do marketing and targeting based on our social networks (above), we need to have a way of identifying the specific elements that connect our purchasing power and interest with the market goods and services. When others control the information about us, they control and limit our freedom to redefine and redevelop more open and free-flowing systems. Remember, VRM is trying to redefine the dialog about how we might do business.

If commerce is to be defined and encouraged on our terms, we will need to be in control of the terms. Here’s a place where we can start: make our data portable so we can gather and move it around, and disclose it to parties as needed (and no more than needed). In this way, for example, if we change our address, everyone that needs it gets the right address.

Thinking back to the early days of the web, HTML gave us freedom to do something similar: display a variety of information formats (text, pictures, etc.) in any location, using any computer, any browser. Look where we are today! How do we transform our personal data in such a way?

The Foundation for a Free Information Infrastructure (FFII) recently released Guidelines to Protect Freedom and Competition in the Cloud. In this document, the group outlines three criteria for Customer Freedom, which I’m paraphrasing here:

1. Data Freedom: the freedom to move all of your user data, including your config files and logs, to another service,
2. Software Freedom: the freedom to have benefits of using open source or other software (non-proprietary benefits),
3. Competition Freedom: the freedom to copy and provide the same service (e.g., from your own servers)

Additionally, the FFII suggests that providers of these identity services have four criteria for customer loyalty:

1. Access Rights: disclosure is non-discriminatory, can be shared with anyone
2. Privacy Rights: NO data is provided (even in anonymous form) without prior explicit approval
3. Notification: customer is notified of incidents or changes that may cause a security breach or change in services
4. Disclosure: service provider must ensure that these policies are enforced

This set of guidelines is consistent with Kim Cameron’s Seven Laws of Identity. I encourage you to read Kim’s paper for a better understanding of his laws. I’m taking a bit of license interpreting them here.

1. User Control and Consent (must only reveal information identifying a user with the user’s consent)
2. Minimal Disclosure for a Constrained Use (discloses the least amount of identifying information and best limits its use)
3. Justifiable Parties (systems designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in the relationship)
4. Directed Identity (system must support use by both public and private entities, to facilitate discovery of information while preventing unnecessary release of data)
5. Pluralism of Operators and Technologies (must work among multiple identity providers and technologies)
6. Human Integration (defining human user as part of the system, offering protection against identity attacks)
7. Consistent Experience Across Contexts (a simple, consistent experience)

Now that we’ve got a basic sketch of what our identity management system will look like, let’s step forward again to see how personal commerce intersects. Doc Searls wrote a post on the Project VRM blog entitled Because principles are good to have, which points several things out:

In order to have a working personal commerce system, it must first and foremost be personal. This means the system has tools (2) for customers to use (1), to communicate their data and requests (5, 6, 7) to the marketplace (called vendors, 3, 4). Customers can make any kind of request (7) based on their personal data (8) for any kind of business (9). This open market dialog is supported by open tools (10).

Essentially, we’re taking our own data, about ourselves and our interests, and opening the marketplace in a way similar to how HTML opened the Internet for messages in text and image form.

One more model. Drawing from the Open Source Initiative‘s definition of open source, we can see that a few driving forces are lined up once again. This isn’t a perfect model, but the points are clear: we are free to develop our identity models in a way that others can learn from and use, in a non-discriminatory way (can integrate with other systems) for any purpose (commercial and otherwise). Where this model is limited is in the fact that we specifically give a limited per-transaction license to a specific party to access specific information for a specific transaction. As applied to our software and interface tools, however, the OSI license model applies: our tools need to be designed and built to allow for open development.

Finally I wish to point out, borrowing from the Free Software Foundation, that using personalized identity and commerce tools is important for society because it is a “political and ethical choice asserting the right to learn, and share what we learn with others.” [This open process is] “the foundation of a learning society where we share our knowledge in a way that others can build upon and enjoy.”

In the case of personalizing commerce, the process and tools are all about finding ways to make the marketplace more efficient and responsive to our society’s collective needs.

More »