Recently I used Mine to send deletion requests to many services I used in the past and no longer need. It’s been quite interesting seeing how much variation there is in how companies handle these requests. I can now say with some confidence that Beeminder handles these requests far better than probably 90% of organizations.
The worst has been that two companies so far (REI and the New York Times) responded to my request and basically said “We’re not going to delete your data because the laws where you live don’t compel us to.” Receiving these responses had me pretty frustrated and angry. Are we really going to only respect users’ privacy requests if the law forces us to?
This has got me thinking about how I handle data with TaskRatchet. After going through this stuff from a user’s perspective, I want to make sure I set up TaskRatchet to handle this kind of thing in a way that respects users’ privacy needs.
Currently I’m using three different analytics solutions–Google Analytics, Amplitude, and Highlight. In addition, I’ve been building out public metrics here:
I think what I’d like to do is move away from using third-party analytics solutions, and instead put more weight on the anonymized public metrics stored in Beeminder plus any metrics I decide to bake out in Firebase.
I do realize that privacy is a sliding scale, and that there will always be people who think I haven’t gone far enough in that direction. For example, I’m sure there are users who would prefer that we used end-to-end encryption such that we would have zero access to the details of their commitments beyond due date and stakes. I don’t intend to go that far any time soon.
I think what I want to do is start thinking more in terms of tradeoffs. That is, any time I modify TaskRatchet in a way that results in collecting more user data and/or distributing that data to more third parties, I need to view that as a cost and make sure that the value provided to the user is enough to reasonably justify that cost.
The first step toward that is to look at the ways I’m already using user data and look for ways that I’m collecting data without a clear end-user benefit. When there are clear benefits, I should look for ways that I can reduce the amount of data and number of third parties who receive that data while still retaining most of the resulting benefit.
Aside: It would be cool to quantify this cost in terms of a budget, similar to how some projects have a performance budget they use to make sure they aren’t building a slow product. I’m not sure what that would look like, or how it would be tracked.