The Privacy API: Facilitating Insights in How One's Own User Data is Shared

Abstract

This work describes a proposal to increase transparency and legibility for users of services where the service provider is handing over user data to marketeers, advertisers and other third parties in order to cover the costs of providing the service or to increase revenue. The proposed solution takes the form of an API, offered by the service provider to the user, which provides the user with the same data that is passed on to third parties, but limited to data related to this particular user. In this work, it is discussed how such an API should be implemented, how it should be enforced, and which important considerations should be made when implementing it. The API maps directly on already existing channels used by the service provider, and should require minimal implementation effort while substantially increasing transparency. It provides benefits to users by providing better insight in how their data is used and what it is worth, to service providers by making it easier to comply with regulations and by increasing (potential) user trust, and to regulators by providing a consistent framework for assessing compliance. Furthermore, the proposed approach allows the inclusion of consumer organizations or other trusted third parties as part of the information flow.