The Theory of Personal Data Mobility has become real hard evidence
The thinking that data mobility will create new economic value is 10 to 15 years old. I explored the growth potential in my Book “My Digital Footprint” in 2008 and I was building on existing economic ideas.
Fast forward 10 years and lots more thinking about the potential upsides and why sharing data creates value. An excellent 2018 report for the Department for Digital, Culture, Media and Sport (DCMS) Data Mobility: The data portability growth opportunity for the UK economy is such as report. To save some time; my summary of this report is here.
Ctrl-Shift who wrote the report have gone on and created a Sandbox to showcase examples and bring the theory to life. The Sandbox is a cross-sector collaboration with Barclays, the BBC, BT, Centrica, Facebook and digi.me Independent observers ( check that outcomes are not made up of biased on one solution) to the Sandbox include the Centre for Data Ethics and Innovation (CDEI), Consumers International, the DCMS, the Information Commissioner’s Office (ICO) and the Web Science Institute at the University of Southampton (WSI).
This first phase ( there will be more) of the Sandbox has focused on the infrastructure and standards required for safe data sharing and its key findings are:
- The end-to-end process of data sharing can be made safe for individual
- Personal Data Mobility will enable valuable new services of benefit to individuals
- Critical infrastructure gaps exist, which require co-ordinated intervention to fully unlock the value of safe personal data mobility and a clear way forward has been defined to address these gaps specifically around governance and making data sharing easy and safe to do.
The Ctrl-shift report confirms value can be created and concludes that: “There is a range of businesses, research firms, entrepreneurs, venture capitalists and academics that are the Champions of Data Mobility. They will be at the forefront of new service creation and the opportunity that Personal Data Mobility is creating will enable start-ups and smaller businesses to gain a foothold in this dynamic new market.”
The gaps identified:
1. Liability Model. Lack of a clear definition of liability causes businesses to pass on risk to users who have a limited understanding of the risks they are taking on board. Without clear definition of liability, the scope for creating mitigations is also limited.
2. 3rd Party Validation. Current approach to validating the 3rd parties that individuals share their data with is manual, not scalable and not consistent across validating parties, typically data exporters and data facilitators. Standards vary and those being validated have to respond to multiple different approaches. A more scalable model for validation is required, with the degree of validation appropriate to the sensitivity of the data being shared.
3. Integrated Experience. Having to download multiple services, as is the case with today’s Personal Data Mobility services, creates a fragmented experience. Downloading and using Personal Data Mobility services needs to be easy so the cost – in time taken and cognitive or physical effort – is low to ensure the uptake of Personal Data Mobility reaches its full potential.
4. Revocation. There is a lack of consistency in data exporters’ user interfaces for revoking data sharing and a lack of standardisation in API coding of revocation, meaning that confidence in Personal Data Mobility services may be reduced, if users cannot be sure data sharing has ceased.
5. Privacy Communication. Current approaches to communicating privacy policies by those sharing and receiving data do not aid user understanding. Should sensitivity to privacy continue to increase, there is a risk that uptake of Personal Data Mobility services will be reduced if users aren’t sure of their privacy rights.
6. Authentication. Password-based logins neither deliver a smooth authentication experience nor guarantee the individual is who they say they are and the data they are sharing is theirs. The Personal Data Mobility market’s growth will be limited without more trustworthy and more user-friendly forms of individual verification, authentication and access control than password-based approaches provide.
7. Know How. Individuals’ understanding of the risks and opportunities of data sharing is limited and needs to improve if people are to safely and valuably participate in Personal Data Mobility.
8. Additional Sector Data. Realising the full value of Personal Data Mobility needs broad cross-sector participation. In particular, technology companies, health providers, supermarket businesses, other retailers, travel providers and government services need to share data as well as banks, media companies, social media businesses, energy providers and telecoms businesses.
This new report and findings can be found at https://www.ctrl-shift.co.uk/personal-data-mobility/