solid/solid-spec

higher-level questions about who controls what data

Opened this issue · 1 comments

From #174 (comment):

Defining who controls what data. Examples of where confusion may occur include:

  • derivative data such as recommendations generated as a result of combining data produced while using an app with external data lists e.g. my playlist with playlists of others
  • data generated by an employee using an app at work e.g. documentation written by an employee for a project proposal of a company
  • groups without a formal legal structure who want to do different things with the data collected. For example, a group of footballers who collect data on training times, half of which want to take the data to a fitness app, the other half do not - who has the final word on data control decisions?
  • data of a baby or a child who is below the age of consent. In particular when the child wants to join an app that the parent is not wanting the child to join
  • data of the deceased. (What if the next of kin have differing opinions?)

Good questions! here is my personal opinion about each one:

re derivative data, if a user runs an app that creates derivative data then that user can store that on their own pod, but if it used data from others then the user is responsible for attribution. the app should help the user with that. we can add that to recommendations for apps.

re data generated by an employee, the employment contract governs there, we should build solid apps whose terms and conditions are compatible with common practice employment contracts. we can add that to recommendations for apps too.

re who has the final say in group-collected data, each user who has a copy of the data is responsible for using that copy of the data in such a way that they don't annoy others. for instance if i allow you to take a group photo, that doesn't mean i automatically give you permission to post that photo publicly. i think this one is for users to be aware of, would be hard to make apps that help with that, but if you can suggest a UX mechanism for it, then maybe we can add it as a recommendation for app developers too.

re data of a minor, the parents decide

re data of a deceased, the next of kin will have to come to an agreement; if they need help with that then they probably need to get that help from a psychologist or a lawyer, probably not much a software application can do there to help, unless the app helps users to record what they want to happen with their data after they die, a sort of testament for user data. of course, that would probably help in resolving the dispute. but that's then maybe something a pod provider could do? if i were worried about what happens with my data after my death, then i would probably send out an email to several family members about it. i don't really see a role for the pod provider or for solid apps in that, IMHO.