Disreputable Rapleaf aka Fearpal is at it again

December 1, 2007 at 11:05 am | Posted in California, Data Protection Act, EU Directive 95/46, Europe, Legal, Opt in, Privacy, Public Policy, Rapleaf, Reputation, Rights, San Francisco, UK, US | 4 Comments

#2 – You should be able to opt out.

Is this a reputation right … or wrong?!

In today’s story, Towards Reputation Rights, Fearpal’s CEO Auren Hoffman is quoted under the heading ‘Auren Hoffman on Consumer Control in a Data-Driven World‘. His proposed ‘right’ suggesting the possibility of opt-out is wrong, to my mind.

‘Consumer reputation right number two’ that he so cleverly suggests protects Hoffman’s company’s interests while undermining my privacy.  His company would better serve individual members of the public if, instead, ‘Consumer reputation right number two’ were worded:

#2 – You may choose to opt in.

In other words, the rights should be written such that data collectors should only collect, collate and distribute data to all and sundry after obtaining explicit permission from the data owners.  (In this case, I am assuming that I own my own personal data by default, even if I ‘publish’ it online to a group in a social network.  I am not sure that this argument could ever hold water, but I would like to see it try, without involving Rapleaf in any way commandeering my right to my personal information.)

Currently, the situation is that collecting, collating and distributing data from owners without their permission is widespread (Rapleaf’s 60 million and counting in September 2007). As far as I can see that is akin to stealing information and profiting from the proceeds. That is not a reputable way to do business.

The problem with referring to a person’s ‘reputation’ is that it is context-specific. Reputation means something quite different in the online marketing world from its connotation in the real world.

Notice the Rapleaf CEO is suggesting the rights default be defined in favour of businesses involved in data collection, collation and forwarding, i.e. Rapleaf assume your personal data is fine to be deep-mined, organised and passed on to strangers without your knowledge or your permission UNLESS YOU CONTACT EACH INDIVIDUAL AND ORGANISATION TO EXPLAIN THAT YOU DISAPPROVE AND WISH TO OPT OUT OF THEIR SCHEME.

(Regular readers know that I rarely use all capitals to yell, but this is a real concern of mine, especially now that the private data of an entire generation of an entire country has been carelessly mislaid by our government.)

Rapleaf’s approach is the opposite of the laws set up to protect each individual’s data, whereby one grants permission to others to hold data for a specific purpose, limited time and restricted region only. Rapleaf’s reputation management offerings fly in the face of an honourable agreement, so cannot be trusted for managing one’s reputation.

How does an individual opt-out from a data organisation’s collecting scheme? Easy. You just contact the organisation to request opt-out. The problem with that is, of course, that individuals could spend the rest of their lives contacting fly-by-night organisations as they become aware of their details being held, requesting removal of data and demanding permanent opt-out status, with no verification of the response processes possible. Meanwhile, corporate records retain information on each person who has opted out … which means they still hold a record of some kind on each opt-outee!

This is certainly unethical, but I wonder if it may also be unlawful in certain regions of the world, according to EU Directive 95/46 and, in the UK, The Data Protection Act. I wonder what the relevant laws are, if any, in California for this kind of activity?

This is the full article:

Towards Reputation Rights

Michel Bauwens

1st December 2007

As part of the Yale Symposium on Reputation Economies, participant Auren Hoffman, who is also CEO of Rapleaf, proposes a set of 3 reputation rights worth defending and fighting for.

Auren Hoffman on Consumer Control in a Data-Driven World:

“The amount of data collected on you increases every year. And recently, the slope of the curve is getting steeper as there is much more data to collect, including your demographics, digital footprint, purchase history, where you are driving, how you are traveling, your network of friends, and even some of the most intimate details of your personal life.

At the same time, we’re not living in a Brave New World or 1984-type society where there is only one collector of this data, akin to the all-knowing Stasi in East Germany. It is actually much scarier than that. The number of actors collecting this data is growing astronomically. Today there are tens of thousands of actors collecting information about you and these include corporations, government agencies, non-profits, and others.

Of course there are a lot of apparent and unapparent benefits to having all this data collected. We can obtain readily accessible credit – the underpinning of why the U.S. economy is so strong – due to the fact that our debt payment data is easily accessible. Micro-targeting to your likes and interest is much better than receiving irrelevant spam. And very few web sites would work well without cookies grabbing your site preferences or shopping cart info.

Up to now, consumers have been willing to tolerate less privacy for the benefits of a frictionless world. But they are getting increasingly uneasy about this trade, especially since the trade is becoming a far worse deal for consumers. Data collectors are not giving enough back to consumers and that needs to change.

We believe that consumers will demand and receive – either by consumer action or government regulation – the following three rights:

#1 – You should know more about yourself than anyone else knows about you.

Consumers should have the right to find out what data is being collected about them. As a consumer, you should be able to go to DoubleClick, AdBrite, Advertising.com, Google, Yahoo, Aggregate Knowledge, etc. and a list of all the websites that track you. You should be able to go to Choicepoint, Experian, Acxiom, Rapleaf, etc. and see all the data they collect on you. You should be able to see the same government records that the DMV, FBI and Medicare have on you. And you should be able to access this data for free at anytime.

#2 – You should be able to opt-opt.

You should have the right to opt-out, either wholly or partially, of being tracked. That means you should have the right to tell DoubleClick to never track you, or just not on sports sites in particular.

#3 – Your data should be owned by you and be portable anywhere.

You should be able to move or copy your data from one location to another location. Essentially, you should be able to export your data from Doubleclick and import it to a different system. When you join a new social network, you should be able to take your social graph from Facebook or LinkedIn with you and tear down these walled gardens.

While consumer advocates have been talking about these three rights for years, we’re closing in on making these rights a reality.

With respect to item #1, consumers can now check their credit history for free once a year from each credit agency. For item #2, next generation data collectors (like Rapleaf) allow consumers to easily and selectively opt-out. And on item #3, most blog-readers have agreed to a common OPML standard for easily exporting and importing the blogs you read.

But more pressure needs to be exerted on the extreme violators of these three consumer rights and the forward-thinking data-collectors must differentiate themselves with consumers.”

Can you believe he said that “more pressure needs to be exerted on the extreme violators of these three consumer rights”? Talk about a bitter taste for irony.



RSS feed for comments on this post. TrackBack URI

  1. Rapleaf is absolutely terrible. The arrogant founders just want to hear how good their product is. I hope they get sued big time!

  2. I agree. Rapleaf redefines the concept of reputation for its own benefit, to the detriment of online users. The company is an example of the worst of the web purporting to be the best. Ugh.

  3. Hello again, jen,

    There’s another problem with Rapleaf, and that is that it deep mines information on sites such as Facebook and LinkedIn.
    Problems with permanently deleting information on Facebook are explained in this article:

    Hey, Facebook, just let go of me

    Although there is now a way to delete an account on Facebook, I doubt that deletion would filter through to Rapleaf.
    In other words, once Rapleaf have deepmined my information on the web, if I then delete my account on a certain website (such as Facebook) I would also have to request removal of all that info from Rapleaf’s servers. The stories I have heard from people who have tried to get that done do not inspire me with any confidence that Rapleaf fulfil such requests.
    Just like Facebook, Rapleaf are US-based and are not (as far as I know) registered as a data controller in the UK.
    I have no idea what UK and European regulatory powers can do, if anything, about a US company that chooses to collect my personal information and distribute to strangers without my prior knowledge and explicit permission.
    Do you?

  4. P.S. I came across a fresh post today in which a blogger effectively recommends rapleaf as his/her latest tool for investigative research for the purposes of stalking people—as rapleaf makes it easy for anyone to discover all the social networks his or her chosen prey belongs to.
    This is not good.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: