Remixing Creative Commons Licenses for Personal Information: What, Why, and Challenges to Making It Work
A thought experiment to try and imagine the ways in which licenses for personal information might work or not work.. Read in PDF form.
- What would a Creative Commons-type license for personal information look like?
- Why do we need Creative Commons-style licenses for personal information?
- What are the challenges and how would you deal with them?
Creative Commons1, in creating its licenses2 , did a very sexy thing. It didn’t repeal the Sonny Bono Copyright Term Extension Act, it didn’t change technology. Yet it managed to shift the social norm around intellectual property. It’s now cool to share. And they did this, not by forcing people to give up their rights, but by offering a set of choices by which those rights can be exercised in a way that encourages collaboration and ultimately benefits the public.
Imitation being the sincerest form of flattery, we at CDP have been playing around with the idea of creating personal information licenses, a la Creative Commons. Right now, we live in a pardadoxical world where 1) people have little control over how their information is used and reused, and 2) lots of valuable, fascinating raw data is locked up because of the danger of violating privacy. Big corporations get a lot of value out of their data-mining; researchers and regular individuals, not so much. Modern privacy problems aren’t exactly analogous to modern intellectual property problems, but we think Creative Commons-type licenses could have a lot to offer in addressing these two issues. We’re certainly not the first3 to think along these lines, but we want to add our voice to the ongoing discussion.
1. What would a Creative Commons-type license for personal information look like?
What choices would the licenses offer?
Imagine a set of licenses with a specific, pre-determined set of choices. Anyone who wants to signal their willingness to make their personal information available to the public could choose among these licenses and display it prominently, wherever their information is provided, whether it’s an online forum, a social network, or even personal website or blog.
The choices could include the following:
- First ask my permission before using the information
- Tell me that you are going to use my information.
- I don’t care.
B) COMMERCIAL/NON-COMMERCIAL USE:
- I’m okay with non-commercial academic use for research and/or publication.
- I’m okay with non-commercial governmental use.
- I’m okay with all uses.
C) LEVEL OF PRIVACY
- If I’ve provided any of this information, strip my information of classic identifiers (as enumerated, most likely, name, email address, etc.), though with no guarantee that this equals “anonymous.”
- If I have not provided any identifiers, do not try to re-identify me.
- [Intermediary option of better anonymization, should the technology develop.]
- I don’t care.
What kind of “personal information” could be licensed?
The license could be attached to any personal information the individual has gathered and displayed. It could apply to:
Specifics of a medical condition, as shared on an online forum.
An individual’s profile information on Facebook, MySpace, or other social networking site.
An individual’s personal website and/or blog.
As these examples make clear, we’re not talking about slapping a license on “all personal information” about a person in the abstract universe, but about placing a license on specific bits of data collected and displayed by an individual online. A set of information, a dataset, even arguably a database. It’s an open question, what might be “licensable,” what might even be worth licensing.
Which brings us to the question, is it worth licensing information that’s already out there, in public view? Would a license end up restricting rather than enabling more information sharing?
So what if one person uploads a dataset on her blog, making it public, and then says it’s available for reuse? How does that make the world a better place?
3There are others who are interested in applying Creative Commons principles to the issue of privacy and data, such as the group described here: http://www.securitycatalyst.com/creative-commons-for-privacy/. Their focus is a little different from ours, as they’re more focused on creating simple concepts for privacy rather than data-sharing.