- “License Layers” by Creative Commons, used under Creative Commons Attribution 3.0 License
A few weeks ago I attended the Creative Commons global summit, as a member of the CC-UK affiliate team, and came away thinking about lessons for the growing personal data ecosystem.
Creative Commons is a non-profit organisation founded in 2003 to create and promote a set of alternative copyright licenses which allow creative works to be legally shared, remixed and built upon by others. Creators can communicate which rights they want to keep, and which they would like to waive. These licenses are now used in education, cultural archives, science, as well as in commercial contexts. By creating a set of legally robust, standardised and easy-to-use licenses, the organisation has turned a complicated and costly legal headache into an usable piece of public infrastructure fit for the digital age.
What lessons does this movement have for the management and use of personal data? In one sense, managing content is radically different to managing personal data. Consumers generally want to be able to restrict the publication of their personal information, while creative content is generally made for public consumption from the outset. But despite the differences, there are some striking parallels – parallels which point to possible innovations in personal data.
Just as for creative works, personal data bridges technical, legal and human challenges. Personal data is stored, transferred and transformed by technology, in ways that are not always captured by the legal terminology. In turn, the law is usually too complex for humans – whether they be data controllers or individual data subjects themselves – to understand. Creative commons licenses translate a complex legal tool into something that both humans and machines can understand. There are easy tools to help creators choose the right license for their work, and a simple set of visual icons help users understand what they can do with the work. By attaching metadata to content, search engines and aggregators can automatically find and organise content according to the licenses applied.
There are already pioneering initiatives which attempt to apply aspects of this approach to personal data. One promising area is privacy policies. Much like copyright licenses, these painfully obscure documents are usually written in legalese, and can’t be understood by humans or parsed by computers. Various projects are working to make them machine-readable, and to develop user-friendly icons to represent important clauses – for instance, whether data is shared with third parties. Conversely, if individuals want to create and share data about themselves, under certain conditions, they may need an equivalent easy-to-use license-chooser.
The personal data ecosystem is in need of public, user-friendly, and standardised tools for managing data. The Creative Commons approach shows this can be done for creative works. Can a similar approach work for personal data?