Personal Control of Data

Butler Lampson
(with advice and ideas from danah boyd, Mark Brown, Fred Cate, Kate Crawford, Marc Davis, Cynthia Dwork, Simon King, David Tennenhouse)


Citation: Iíve given versions of this talk at the Microsoft Research Asia 21st Century Computing Conference in 2014

Links: Abstract, Acrobat, PowerPoint.

Email: This paper is at



People around the world are concerned that more and more of their personal data is on the Internet, where itís easy to find, copy, and link up with other data. Data about peopleís presence and actions in the physical world (from cameras, microphones, and other sensors) soon will be just as important as data that is born digital. What people most often want is a sense of control over their data (even if they donít exercise this control very often). Control means that you can tell who has your data, limit what they can do with it, and change your mind about the limits. Many people feel that this control is a fundamental human right (thinking of personal data as an extension of the self), or an essential part of your property rights to your data.

Regulators are starting to respond to these concerns. Because societies around the world have different cultural norms and governments have different priorities, there will not be a single worldwide regulatory regime. However, it does seem possible to have a single set of basic technical mechanisms that support regulation, based on the idea of requiring data holders to respect the current policy of data subjects about how their data is used.