Wednesday, February 6, 2008

Privacy and Intellectual Property: Two Sides of the Same Coin?

I have been catching up my blog reading and I run into an interesting posting by William Cohen about personal control of personal information, where he talks about the idea of controlling the
personal information that we generate by simply "being" in an online world. He points to the new Attention Profiling Markup Language (APML) protocol, that can be used to capture and standardize the way that we record personal information, such as browsing history, video rental preferences, and so on. If we have such a standardized preference profile, then we can start building interesting applications, since we can have access to a much more holistic profile for a given user. Fernando Pereira on the other hand points out to issues related to privacy and security controls. Who controls and has access to such information?

Reading the arguments, I started thinking the relation between intellectual property and privacy. Fundamentally, both deal with control of information. Intellectual property deals with the control of data that are generated by someone and are "creative works" and privacy deals with the control of "non-creative" data that are generated by someone as a result of simply being and acting in a society.

There is a tremendous amount of attempts to enforce the control of intellectual property, with Digital Rights Management being a prominent, controversial example. Additionally, there are proposals for embeddings watermaks in songs, videos, and books to be able to know who has leaked a protected file.

Interestingly enough, I have not seen anyone proposing to use DRMs and watermaks for controlling the availability of personal information. I may want to reveal my video rental preferences to Amazon and Netflix, but I do not want other companies to have access to these data. Similarly, I trust Google with my search history, but not anyone else. Given APML-coded profiles, together with DRMs, we can specify who has access to such data, in the same way that music labels are now trying to control who can listen to a particular song.

Maybe this is the real application for DRMs, and not ebooks, music, and videos?

PS: One obstacle is, of course, the fact that the privacy-sensitive data are not controlled simply by the person who generates them. To consider some types of data to be a privacy threat, there is another party that observes the same data: what I buy and what I view are actions observed by the party that sells me something or allows me to browse through the website. Therefore, private data are a form of shared property and while one party (e.g., the user) may be able to control how these data are distributed, the other party (e.g., Google) gets the same data in a format that is beyond the control of others. This makes privacy-related data to be a little bit more complicated to deal with compared to data that fall under the provisions of the intellectual property law.