Last week the CW Engineering Trust SIG invited three experts to talk to our community about a revolutionary technology that could transform the way in which people and businesses manage personal data. The potential of the technology is there, but such innovation doesn’t come without business and deployment challenges – making it a perfect topic for an evening’s debate.
Arthur Meadows started the proceedings by defining personal data stores for users. Most recently of Fetch.AI, Arthur has experience in targeted advertising, personal predictive analytics and at Midentity, a personal identity start-up that he founded seventeen years ago. At its simplest, personal data stores are an inventory of data about an individual designed so that they can selectively share some or all of it with third parties. This data is not taken and consumed by the third parties, nor is it corrupted; rather it is perfectly replicated and maintained.
The challenge that personal data stores are looking to redress started in how the internet was first architected. It was not built to defend individuals against the deluge of internet connected devices, services and data that emerged in the 1990s. Data defences were built on the perimeter of the internet rather than close to the individual. One of the original creators of the internet, Sir Tim Berners-Lee, has already stated that if he were to rewrite the internet he would place identity at its heart. This is one of the core principles behind his new venture, Solid, which empowers users and organizations to separate their data from the applications that use it.
While the theory behind personal data stores is promising, it is not without its dilemmas. It is possible for users to manage some elements of their online lives, but companies collect far more information on users than credit card details and addresses. In fact, for advertising in particular, it is online behaviour that is the centre of a company’s sales strategy rather than more sensitive information. Personal data stores do not yet provide individuals with full control over who can exploit your Google search or purchase history. This problem is exasperated by the number of service providers that each individual uses. It is easy to lose control.
Similarly, should personal data stores be centralised or decentralised? The advantages to the former are that a single copy provides that version with unambiguous authority, whereas decentralisation can introduce redundancies and difficulties with updating details and resolving conflict. Centralisation is more secure as it decreases the surface area of any attack, but if the only copy of an individual’s most precious information is stolen, destroyed or manipulated it can be devastatingly hard to rectify.
Furthermore, there is the problem of usability. The technology is designed for internet users who are aware of online dangers and willing to put the effort into adopting a new system to address these problems. Will personal data stores become widespread when those who need to adopt them are people who don’t recognise the problem or don’t have the digital literacy to change their behaviours?
Alan Mitchell, Chairman of Mydex CIC took to the stage next. Mydex was founded in 2007 as a community-benefit driven social enterprise that empowers individuals to manage their lives more effectively through convenient, trustworthy access and control of their personal data and how it is used by them and others. It is asset locked so its developments can not be sold, unless to an organisation who strictly follows the same social mission.
Having been in trading for over a decade, Mydex has plenty of experience in what works and what doesn’t work in terms of scaling the adoption of personal data stores. Alan fully believes that the technology is going to be huge – the problem for the industry is how.
But before the “how”, let’s consider the “why”. The benefits to individuals are clear – personal data stores can enable users to measure, administer, analyse, plan, coordinate and implement their personal data in a manner which, at present, is not possible. But the benefit to organisations – in many ways the largest potential roadblock to mass adoption of personal data stores – is less clear.
Mydex introduced two use cases that offer clear productivity benefits to both individuals and organisations. The first is in the field of debt. To provide relevant support to individuals, advisors need to have a complete picture of their finances ranging from obligations to income and assets. This information is spread over multiple organisations and the time required for the individual to request and the organisations to deliver the required paperwork to customers is significant. Personal data stores can establish the individual as the point of data integration with organisations feeding data in using an API link fed by verified attributes. This data can then be shared with select, bona fide agencies for the limited time that is needed for the advisors to provide their services and because it is kept up to date, these advisors can then deliver higher quality support services. The individual can retain the data for reuse.
A second example for how personal data stores can benefit users is supporting people affected by cancer. Mydex have been working with Macmillan, Glasgow City Council and the Greater Glasgow and Clyde NHS to make it much simpler for all organisations involved in a patient’s care – from clinicians and consultants to employers and lawyers and insurers – to access the information they need. Glasgow has about 20,000 cancer patients at any one point in time, and each of these individuals has to share very similar data with over 200 organisations over the course of their treatment. A personal data store, such as that provided by Mydex, can act as the point of integration to streamline data logistics and security of data. It can ease the frustration of accessing services for the patient, and the deployment has demonstrated an 11hr per patient saving in time for health workers.
Alan's conclusions from these experiences are that it is possible to deploy personal data stores at scale and include all citizens in the data economy. They have demonstrated that doing so can reduce operating costs for businesses while increasing fairness and security. The main obstacles standing in the way of deployment are misconceptions of the key technology principles behind personal data stores, vested interests of internet giants whose business models are founded on data ownership and who want to protect the status quo, and a combination of risk aversion and scepticism.
Alan now sees the industry as being on a thirty year journey to data stores becoming an integral part of the world’s national data infrastructure. If both individuals and organisations are empowered then he expects the potential savings on productivity to be larger than current revenues from personalised advertising. Mydex’s strategy is to start small and grow – focus on use cases for which a personal data store makes sense, such as that of cancer patients, create the infrastructure for that purpose, demonstrate value and steadily scale. Their business model – similar to that of Dataswift below - is a charge to the organisations who access personal data stores rather than a charge to the user or offering "fremium" services.
Jonathan from Dataswift fully agreed with Alan on the benefit and applications of personal data stores, but he sees the real fight as being on how to get the vision to work. His company is a web services company which builds technology for firms that put personal data management into the hands of users. Their HAT Personal Data Accounts (PDAs) are similar to others on the market in that they are secure, zero-knowledge, cloud-accessible and user-owned. However, their distribution depends on demand from the firm rather than the user because the relevance of information inside a PDA is dependent on the needs of the firm.
Because of the value to organisations which user data has, Jonathan believes that we have been building online applications wrong for years. He doesn't think this for the more common reasons such as individual privacy rights. Rather, it’s because when data is stored on a corporate server it is expensive to maintain and gets out of data extremely easily because it is non-dynamic and rarely verified. Companies who gather their user data from third parties (such as from Facebook or Twitter) are then locked into any changes which that third party deems necessary to make, and also found their business decisions on a single view of the user, rather than a definitive version of who they are.
Two types of industries suffer most from these data challenges. The first is those with static, siloed, and highly personal information such as healthcare. The second is those with a PR problem such as Facebook or Google. It is clear that consumer information management was not a top concern for the latter as they evolved – in many ways even if they were managed by well-intentioned human beings, their business models have been ruthless.
But now, many companies recognise that an active pursuit of socially responsible digital systems is now possible and necessary. Dataswift are a member of the Ethical Tech Alliance, a group of companies, developers and innovation leaders who are empowering users to take a larger role in managing their personal data. Their personal data store software intends to scale by ensuring that it only requires mild alterations to business operations. Much like Mydex, by enabling application providers to become involved in the process, Jonathan’s team believes that mass deployment will arrive sooner.