Defining a Personal API

The UK is just starting to enforce EU’s cookie consent law. Visit the FT for the first time in a while and you’ll see:

In effect, this law requires consumers to define a Personal API. Consumers carry a trove of data: browsing data, ad click data, friend network data and social sharing data. Web businesses have realized the value of that data ($12B in 2011). This EU law encourages consumers to become aware of the value of this data and manage it.

The notion of a Personal API isn’t new. In fact, we’ve all defined some parts of our personal API on Facebook. Facebook application install dialogue boxes prompt us to evaluate the cost-benefit of data sharing. Although results vary widely across applications, these kinds of prompts curtail user adoption to the chagrin of developers. After Facebook increased the granularity of permissions on these boxes last year, some developers observed a 20% decline in user installs.

The increase in data collection transparency is inexorable because consumers are paying more attention. Since 2004, Facebook has been convincing users to share ever increasing amounts of data, to dramatic effect. The company has erected the social infrastructure of the Internet. But the majority of Facebook users distrust the service. This fear isn’t unique to Facebook. New entrants, including Path, must also manage user trust.

As a result of this fraying trust, web businesses must refine a new core competency: convincing users to share their user data before experiencing an application. Part of the challenge is marketing a product’s allure. But this is the simpler problem.

Update: the EU changed the bill immediately before it was signed into law to allow implied consent. By visiting the site, a user accepts data use.

Consumer education presents the more significant challenge. Most consumers don’t understand the mechanisms or implications of data sharing.

First there is technology complexity. There are several flavors of cookie: browser sessions, true cookies, HTML5 local storage and mobile application local data store. Cookie consent restrictions are applied unevenly across these storage alternatives. Consumers need to be educated on the technical details of these alternatives.

Second, consumers will have to decide which data and how much data to share at the point they arrive on the website. Like a Facebook application install dialog box, these cookie dialogs force a consumer to think about the cost/benefit: how much data am I trading for how much gain? It’s a significant cognitive load. Websites must articulate the additional value of user cookies on a user’s very first page view of every session.

Third, consumers may need tools to manage their data across the web, the kinds of tools that Facebook, Google and Twitter have already implemented. These tools keep a list of applications accessing user data and allow consumers to revoke access to a given application at any time.

The notion of a personal API is inevitable. Both consumer demand and in some geographies, government regulation, is driving the web towards such a structure. Startups and web businesses' marketing is about to change significantly.

Published 2012-05-27 in trends 


I am partner at Redpoint. I write daily, data-driven blog posts about key questions facing startups. I co-authored the book, Winning with Data. Join more than 20,000 others receiving these blog posts by email.

Read this next: