Need clear specifications of POD access and usage controls #180
Description
Do we want to provide users choices for what data to share, and how the data can be used, in much granular level?
Several of current Solid apps have "all or none" approach for access requests, the app prompted me to grant the app permission to "Edit data", or the app wouldn't run. This is essentially the same as Today's smart-phone apps installation process, it would prompt users to acknowledge permissions to access "your contact", "your storage", "your camera", etc., if you don't agree, you cannot install this app. There is no other choice for users if they "need" this app, this is just to inform users what data will be shared.
Take a hypothetical app for movie recommendation, it requires read-access to a list of movies you watched and your friends list. So the app would recommend movies based on what you have watched, and also what your friends watched (so you and your friends will have common topic).
This example presents several questions:
- Can a user get the app running, without granting permission to access friends list?
I don't want to share my friends list, just give me recommendation based on my past movie history. - When granting permission to access friends list, it is not clear how my data is going to be used?
I may not want the app to share all my movie list with all my friends, but by granting permission of accessing friends list, it allowed the app to do just that, the implication I may not realize.
So, if we address privacy concerns, we would have to give users choice on what to data to share or partial share; on this subject, users might not remember what data they have, a clear view of what data they have, and even allow users clear it out: https://myactivity.google.com/myactivity would be very helpful. As for how the data is going to be used, we should have a standardised specifications, this sometimes is more of the concerns than the shared data itself.