Social networking data taxonomy

On his blog Schneier proposed a taxonomy of social networking data.  I’ve copied the taxonomy below.

1. Service data. Service data is the data you need to give to a social networking site in order to use it. It might include your legal name, your age, and your credit card number.

2. Disclosed data. This is what you post on your own pages: blog entries, photographs, messages, comments, and so on.

3. Entrusted data. This is what you post on other people’s pages. It’s basically the same stuff as disclosed data, but the difference is that you don’t have control over the data — someone else does.

4. Incidental data. Incidental data is data the other people post about you. Again, it’s basically same same stuff as disclosed data, but the difference is that 1) you don’t have control over it, and 2) you didn’t create it in the first place.

5. Behavioral data. This is data that the site collects about your habits by recording what you do and who you do it with.

Schneier’s taxonomy is interesting as it focuses on data transfer and ownership. In the United States data ownership is a continuously debated issue. When I give my medical records to my doctor does my doctor now own those records such that he can give them to anyone he chooses as long as he complies with HIPPA? When I give my data to Facebook who now owns that data? When I allow a third party Facebook application to access my data who now has control of that data?

In his taxonomy Schneier seems to be implying that we should group social networking data based on the context under which it was collected and who controls it. I like this idea. I think this taxonomy well models how people perceive the flow of ownership of data. If I put data in my space then I should control it. If I give you data then you control it. If you ask me for data through a form then you control it.