|Data Privacy, Context and Intents
Changing contexts and intents, by Tim O’Reilly
Alright, changing gear here. Going back to privacy. As always, Tim O’Reilly is on point with his contributions, this time on how data should be managed whenever the context of an initial consent has changed.
“We need to think about privacy in terms of when data moves from one context to another, rather than in absolute terms”
That applies to when users are using your product which generates data. What you do with that data afterwards needs transparency and consent.
“What do we do when the contexts themselves change? That’s a question we must work hard to answer. Part of the problem is that contexts change slowly, and that changes in a context are much easier to ignore than a new data-driven application.”
“One special type of meta-context to consider is intent.”
Meaning that consent provided before may apply to future uses if the intent is in-line with initial consent. But if you overshoot, users should be able to state that you went to far and remove consent.
Think back to the process of when your users are joining your product. What explicit/implicit consent have they provided you? What sort of identifiable profile elements and behaviours are you currently harvesting? Was that part of the intent that they initially consented?
For example, when you registered to this newsletter, you consented to receiving a fresh email every 2 weeks and maybe for me to track when you opened this email and clicked on something. What if I started to send you targeted promotions? Or if with some wizardry, I could now start tracking what you do on my website lantrns.co? Those are different contexts, but were those intended in your initial consent?