Five steps to fix social media
Legislation should be introduced in 5 phases:
- Companies must publish a technical specification of all information they collect and store about people that use their service. This specification must be written from the perspective of an individual person using their service. This specification must include which of that data is shared with 3rd parties and on what terms that sharing happens. Think about this specification as a ‘data contract’ and an addendum to the privacy policy of the service
- Companies must make APIs available to allow people to download all their information at any point in time and this downloaded information will comply with the data contract.
- Companies must support storing and retrieving this information for a person at any and all times in a data storage platform specified by that person. This data must always match the information stored in the internal systems of the company.
- Companies must allow persons to demand that all data about them is only stored in and fetched their data storage platform and that none of this data must be stored in the internal systems of the company.
- Companies must not store any data about any of the people that use their platform but must store and retrieve that data from the data storage platforms specified by those people.