Personal Data Representatives: An Idea

The problem in a nutshell

Introducing Personal Data Representatives

How would this work at a technical level?

  1. A data standard is agreed so that apps and services can communicate their plans for a user’s data to a server in machine readable form. For example ‘This app wants to send this user’s exact location data to servers controlled by Google inc’. Such a standard could very quickly become unwieldy, attempting to model all of human life, so ensuring that the standard only covers a limited problem space is going to be very important here.
  2. The staff or volunteers of a Personal Data Representative would meet to discuss an initial set of default permissions they want to see implemented, such as ‘Let any app owned by Facebook access the camera’. This decision is then entered into a software system that is capable of talking to other apps using the standard described above.
  3. The subscriber to the personal data representative service would have to have software running on their device that was monitoring for attempts to load new apps or visit new untrusted web applications. There is a debate to be had about what part of the stack such software should live, but I’m bypassing that for now.
  4. The very first time a user runs a newly installed app on their phone, structured data about the permissions that the app wants to have are sent to the Personal Data Representative server, via API.
  5. The server would look at the list of permissions being requested by the app, would compare these against the rules that had been entered by its programmers, and then would reply to the user’s device with one of three messages: ‘Go ahead’, ‘Stop now’ or ‘You may go ahead running this app if the app is happy to run without only these particular permissions enabled’.
  6. The app would receive the message from the server, and either run with the personal data settings set as the server requested, or refuse to run on the grounds that it had insufficient permissions to operate properly. In that case the user would be told ‘This app cannot be installed because it your Personal Data Representative believes it will not treat your personal data in a way that you would approve of’. The user would then have the option to overrule the choice — the representative is a servant, not a master, after all.

Who is this for? Would anyone actually want it?

On incremental introduction

Objections and problems

  • It might not be possible to develop a security model that prevents apps from simply lying about what they plan to do.
  • How do you stop the data standard becoming flabby, over-broad and unusable? Standards that try to model the whole world tend to fail.
  • How do you make OS, app store or device manufacturers decide that it is in their own interests to explore or implement something like this?
  • How do the personal data representatives pay for the staff to make the decisions about so many potential apps, services and permissions?
  • Shouldn’t we be getting AIs to do this, not pathetic, fleshy humans?
  • Shouldn’t we just have tough laws that protect everyone’s personal data from mis-use? Why appoint special data representatives when we already elect real representatives to implement policies that protect us from bad stuff?




Trying to get real about the connection between digital technologies and social needs. Full list of writings at

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Airdrop For The All Holders on PRE-SALE

Protecting Trade Secrets Through Contracting

Odin: 1 Walkthrough Vulnhub

Proof Of Humanity

US vs China Privacy Policies

Anonymizing Web Traffic in Kali Linux

{UPDATE} STEINS;GATE 비익연리의 달링 Hack Free Resources Generator

Repelling A Ransomware Attack: Glenn Kapetansky of Trexin Consulting On The 5 Things You Need To Do…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tom Steinberg

Tom Steinberg

Trying to get real about the connection between digital technologies and social needs. Full list of writings at

More from Medium

Data Privacy — Spotify Wrapped but the rest untapped

“I told them eVar7 no longer works!” [VIDEO]

Be Data Curious — Part 4

Alexandra Kireeva, Senior Data Analyst at Delivery Hero : “I am a great fan of automating…