Refining Open Data Sharing with Privacy Controls


#1

Currently the option to share data is all in or all out, but considerations of how nuanced controls for privacy can be implemented to provide transparency of what is being collected and could encourage participation in data donations.

Two potential nuances to the open data sharing setting:

  1. Personal Review before release - I would be happy to donate my data after I have a chance to review the sound clips myself to ensure that the clips do not contain something sensitive in nature. For those comfortable with sharing clips regardless you can let them donate freely, but those who want control add the personal review step before donation and it would show individuals exactly what they are donating. For example a false activation may capture sensitive information even with 2 second clips and with personal review I could not send that for validation to the community. Yes, I am willing to review my own information.

  2. Device specific Opt-in controls - Instead of the entire account and all all devices donating data, allowing a user to select which devices they deem ok for donations and which they may want a more restricted profile of donations or no donation at all. For example I wouldn’t want my assistant in my office to participate, but one out in a common space I would not have a problem donating data since I don’t have the same kinds of conversations there.

These are a couple ideas to start a discussion on nuanced privacy controls yet. I’m just joining the MyCroft community so if I missed where this type of conversation should be directed please point me in that direction.


#2

#1 requires a bit of work to facilitate that sort of selection. You’d have to tag the person’s account id to their data, and mark unsorted, then wait on them to come around and go through sorting it. After sorting you then have to delete all the bad stuff, and move the accepted stuff over. What happens if after this is done, you change your mind about something and want to delete another one? What happens if it’s never reviewed? What happens if a person passes on and their estate wants to remove their data? Having listened to a fair bit of my own utterances and those of others (visit the tagger on home.mycroft.ai), I’m not too worried about the current state of things comparatively. Of course if someone wants to build that infrastructure out that would be helpful.

#2 can be done with multiple accounts, though it’s a slight bit of additional effort.


#3

Hey Wolfgang,

Some great ideas. As baconator said there is work and some challenges in implementing them but great to put the ideas out there and get the conversation started.

Not sure if you tried the beta, but the new Home.mycroft.ai provides much better device specific controls. This was much more than a UI change, it required us to modify the way that device settings were being handled. So this would pave some foundation work for #2.

#1 would require some significant changes but it does make sense as a way to add further control for users on what is shared and what’s not.

I wonder if another option would be to submit recordings after maybe a week. So as a User I could go in and review all samples if I wanted to, or if I knew there had been a false activation that I didn’t want included, I could actively go and remove it knowing it had never been included in the Open Dataset. However if I didn’t care that week I could just leave it knowing the data would be included following the delay. I would see this as another option on a spectrum of “default - opt-out” <> “opt-in review required” <> “opt-in review optional” <> “opt-in with no review”.

Again this is a big piece of work so don’t want to create expectations that this will happen tomorrow, but always keen to hear new ideas and ways we can improve!