hugo: Data explicitly and willingly uploaded by a user should always be under the ultimate control of the user. Users should be able to decide whom to grant (direct) access to their data and under which permissions such access should occur.
Cryptography (e.g. a PKI) is necessary to enable this control.
Data received, generated, collected and/or constructed from users' online activity while using the service (e.g. metadata or social graph data) should be made accessible to these users and put under their control. If this control can't be given, than this type of data should be anonymous and not stored for long periods.