What if the way we deal with personal data in the next generation internet was human-centric and not organisation-centric? What would actually happen if individuals had all the means in order to control use of their data by companies and share data with organisations of their choice? What if individuals could identify interesting correlations between data currently held about them by different organisations? What if B2C would turn into Me2B?
Handing back control over personal data to the individuals is not a new idea. Data protection legislation for decades has made consent by the individual one of the central grounds for processing of personal data. Still, rights on access to data held by organisations remained difficult to apply in practice. A right to port one's data to any third party will only become effective with the General Data Protection Regulation in May 2018.
On the technical side attempts also have been made over the past decade or so. Maybe the moment is now to turn this into a reality: Start-ups around Europe are developing solutions for an emerging personal information services market, estimated at € 18.6bn for the UK only. They are called Mydex, Cozy, Qiy, Meeco, Synergetics, digi.me, the Hub-of-all-things or MiData Cooperative. Many more exist. They begin to attract investor money. Some promise no less than re-inventing the internet. Major telcos are joining in. They all have IT architectures and applications near to mass market introduction which allow managing access and control over personal data.
Why could this vision bring a triple win?
First, individuals participate in the promise of data-driven innovation while safeguarding their privacy. Who can become truly active in what they want to share with whom? They can have access to all their data and take the data to anyone they feel. Second, companies could personalise offers on the basis of rich and accurate information about their current or future customers. Spam advertisement and ad blocking could become a thing of the past when consumers agree to share some of their data and companies in turn pledge to respect their privacy. Finally, a whole new class of life management apps may emerge as developers could offer individuals to correlate data about them currently held by different organisations, possibly identifying interesting patterns.
Where do we stand?
Support by governments in particular in the UK or Finland are instrumental in kick-starting developments. A conference sponsored by the Finnish government gathered no less than 500 people this summer around the Finnish MyData concept. French digital think tank Fondation Internet Nouvelle Génération (Fing) is currently in the second phase of large-scale testing of that vision in France. More countries are getting on board.
The EC catalysed cross-border cooperation with a workshop at the end of 2015. Organisations like French Fing, the UK Digital Catapult, the Finnish MyData project or German Stiftung Datenschutz are carrying this further with regular European stakeholder workshops.
A brand. Many terms are being used: MyData, SelfData, personal data spaces, personal information management services (PIMS). With all the differences in approach and concept: We need an encompassing brand.
Piloting, piloting, piloting: We need more real-life experiments in order to find out what really would happen if individuals could take back control over their data.
And finally, more work on some of the technology aspects. Consent needs to be easy to give and to collect, also based on more standardised and machine-readable use conditions. Consent receipts could bring legal certainty to data users.