Data about me becomes also data owned by meThursday, December 1st, 2011 by Corrado Moiso
The current approach to personal data handling is mainly organization-centric: data about individuals are collected, managed, processed, and aggregated in the IT systems of service providers, enterprises, and public administrations. People have a limited involvement in the management of their data, and, in order to protect them, their personal data has to be treated according to privacy policies agreed among the involved parties (e.g., enabling the processing required for delivering the services required by the persons or for performing legitimate operations).
As I discussed in my previous posts the adoption of a user-centric approach to personal data management could improve the current situation, by providing to individuals greater possibilities in controlling and exploiting their personal data. This could be achieved by delivering to users “Personal Data Services” through which they can collect, store, organize, share, process, and, possibly, trading, all their personal data. The idea is to enable individuals to create and manage their “digital footprint”, i.e., the digital record of everything a person makes and does online and in the world.
The collection of the records of my activities can be achieved quite easily. For instance, it is possible to gather all the data concerning the interactions with other persons, with the environment, and with the digital services I performed by means of my personal device, such as a smartphone. It could be more difficult to collect the information that an organization has generated about me in order to provide me a service. These are examples of data with “multiple owners”. In order to realize a user-centric approach to personal data management it is essential that individuals can collect also these types of information in their “personal data stores”, i.e., individuals must have the “right to own and control a copy of the data about them”. The private ownership of complete copies of personal data is sufficient to create a liquid, dynamic new asset class, as recommended by the World Economic Forum. Organizations managing personal data should be encouraged to enable individuals to access (and copy) data about them.
In order to address this issue of paramount importance for the adoption of a new model in the personal data treatment, UK government has recently launched voluntary programme named “midata” . “midata” is a voluntary partnership between the UK Government, businesses, consumer groups, regulators and trade bodies to create an agreed, common approach to empowering individuals with their personal data.
Organizations can help realize the goals of midata by providing customers with the ability to access and re-use their ‘customer data’ – including data about customer transactions, interactions and usage behaviors that organizations collect. Personal should be released back to consumers according to some clear and shared key principles, among which:
“1. Data that is released to customers will be in reusable, machine-readable form in an open standard format.
2. Consumers should be able to access, retrieve and store their data securely.
3. Consumers should be able to analyze, manipulate, integrate and share their data as they see fit – including participating in collaborative or group purchasing.
7. Organizations should not place any restrictions on or otherwise hinder the retention or reuse of data. …”
The involved organizations will give consumers increasing access to their personal data in a portable, electronic format. Individuals will then be able to use this data to” manage their lives more efficiently”. In particular users could also store these data in their “personal data stores” (one of the companies that joined the initiative is Mydex, a provider which offers to individuals services to store and manage their personal data).
With this initiative, it seems that UK government endorses the vision to “empower individuals with so much control over the use of their own data” promoted by different initiatives, such as World Economic Forum or the Personal Data Ecosystem consortium. According to UK government “the overall aim of midata is to benefit the economy, by stimulating innovation and growth, as well as companies and consumers”. midata “will help achieve economic growth by improving information sharing between organisations and their customers, sharpening incentives for businesses to compete keenly on price, service and quality, building trust and facilitating the creation a new market for personal information services that empower individuals to use their own data for their own purposes.”
It is important to highlight that “midata programme marks a non-regulatory approach to consumer empowerment and is in keeping with the Government’s broader focus on transparency and openness”.
Organizations that have currently committed to working to achieve the midata vision are: Avoco Secure, billmonitor, British Gas, Callcredit, EDF Energy, E.ON, Garlik, Google, Lloyds Banking Group, MasterCard, Moneysupermarket.com, Mydex, npower, RBS, Scottish Power, Scottish Southern Energy, The UK Cards Association, Three, Visa. It could be interesting to investigate why, at the moment, telecommunication operators are not involved in initiative, even if they manage a lot of data about persons, while energy companies agreed to contribute.
Several consumer groups and regulators (among which OFCOM, the independent regulator and competition authority for the UK communications industries), are involved in the initiative to represent consumers’ interests and concerns.
The launch of this initiative, complementing others already announced on opening public data, confirms the objective of UK Government to get the leadership in transforming the current views and models on data treatment in new opportunities for economic development.