Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
WHITE PAPER: THE DATA MOBILITY OPPORTUNITY
White paper: The data mobility opportunity
2 // 20
White paper: The data mobility opportunity
3 // 20
Ethical personal data flowing freely, with full user consent, will form the bedrock of a better world for individuals and organisations.
Mind the gap
As a ready-to-scale data sharing platform, which removes complexity for the user, digi.me
has already spent a great deal of time and development on considering, and in some cases
finding answers, for each of these. Below we explain how we are tackling them.
Data mobility will transform the Personal Data Economy (PDE), creating the next major digital
accelerator of economic growth.
Better data privacy is an essential precursor to data mobility. But it is now time to tur-
bo-charge the ability to share data safely and easily.
This was the spur for personal data business innovation consultancy Ctrl-Shift setting up the
Data Mobility Infrastructure Sandbox.
This collaboration, which includes Barclays, the BBC, BT, Centrica and Facebook, with
digi.me as the data facilitator, is designed to enable the safe and easy sharing of personal
data by individuals and organisations. This becomes the key to unlocking innovation and new
opportunities.
The first phase of the Sandbox work has identified eight critical gaps that require co-ordinated
intervention to fully unlock a safe, competitive and vibrant personal data market.
White paper: The data mobility opportunity
4 // 20
1. Liability Model
Gap identified
Lack of a clear definition of liability causes businesses to pass on risk to users who have a
limited understanding of the risks they are taking on board. Without clear definition of liability,
the scope for creating mitigations is also limited.
White paper: The data mobility opportunity
5 // 20
For the consumer, the critical question is what
happens if something goes wrong. Our solution
is to protect the data to a higher level than
where it originated. While understanding liability
remains complex, as a data facilitator we have
created high-level security and best-in-market
encryption as part of our bespoke core tech-
nology to keep user data secure and protected.
As part of the emerging PDE ecosystem, we
are working together to build best practices in
customer care and marketing to aid user un-
derstanding of data ownership, combined with
clear user experience consent and user controls
within our platform. We welcome the devel-
opment of a clear liability framework for data
mobility which will clarify issues such as the
level-of-harm and likelihood-of-harm, as well as
defining responsible parties.
Digi.me approach
White paper: The data mobility opportunity
6 // 20
2. 3rd Party Validation
Gap identified
Current approach to validating the 3rd parties that individuals share their data with is manual,
not scalable and not consistent across validating parties, typically data exporters and data
facilitators. Standards vary and those being validated have to respond to multiple different ap-
proaches. A more scalable model for validation is required, with the degree of validation appro-
priate to the sensitivity of the data being shared.
White paper: The data mobility opportunity
7 // 20
A 3rd party validation model is essential to
progress. There are multiple work streams
worldwide engaged on this, and we are actively
involved in several initiatives that are working
hard to bring consistency to the thinking in this
technically complex area.
There is significant market recognition of this
challenge within both importers (receivers) and
exporters (handlers) of data. The solutions
emerging range from evidence-based such as
rating systems, to right-to-erasure execution
performance, and machine learning artificial
intelligence using semantic analysis, as the
industry works to find which is most effective.
Fundamentally, digi.me believes that every
business should have an access path to
consented personal data.
Digi.me approach
White paper: The data mobility opportunity
8 // 20
3. Integrated Experience
Gap identified
Having to download multiple services, as is the case with today’s Personal Data Mobility
services, creates a fragmented experience. Downloading and using Personal Data Mobility
services needs to be easy so the cost – in time taken and cognitive or physical effort – is low to
ensure the uptake of Personal Data Mobility reaches its full potential.
White paper: The data mobility opportunity
9 // 20
Better harmony across exporters and importers
is needed here to transform today’s patchwork
user experience into a seamless service. The
market needs a Standard Usability and Technol-
ogy design pattern, supported by better inte-
grated API frameworks.
Key to success is balancing the fluidity needs
of the user with the minimum essential security
friction. When the exporter/importer journey is
integrated with a data facilitator such as digi.
me, it positively influences perceived friction.
As digi.me, we position this integration under
the UI/UX that a brand would present to the
individual in their app. It uses a standard pre-au-
thorisation screen – which lets the individual
easily appreciate how truly in control of their
data they are – laying out what they will get and
what they should expect when logging in.
Digi.me approach
White paper: The data mobility opportunity
10 // 20
4. Revocation
Gap identified
There is a lack of consistency in data exporters’ user interfaces for revoking data sharing and a
lack of standardisation in API coding of revocation, meaning that confidence in Personal Data
Mobility services may be reduced, if users cannot be sure data sharing has ceased.
White paper: The data mobility opportunity
11 // 20
As a data facilitator already servicing Social,
Media, Finance, Fitness and Health personal
data, we have already designed and implement-
ed controls and governance for revocation. We
also see considerable variability in how far it
can be enforced automatically. In the interim, as
standardisation grows, our focus is on bridging
the gap between technical solutions and
business communication paths such as email
and instant message services. We have added
support to deep link directly to the importer’s
consent receipt within the digi.me app, so the
individual can quickly, from the importer app,
control the share.
Service and sources revocation is a critical
feature for the overall PDE ecosystem. We will
continue to drive and implement source revoca-
tions supported by API calls and right to erasure
in our certificates.
Digi.me approach
White paper: The data mobility opportunity
12 // 20
5. Privacy Communication
Gap identified
Current approaches to communicating privacy policies by those sharing and receiving data do
not aid user understanding. Should sensitivity to privacy continue to increase, there is a risk
that uptake of Personal Data Mobility services will be reduced if users aren’t sure of their privacy
rights.
White paper: The data mobility opportunity
13 // 20
As with the market, our research confirms that there is an educational gap between what users
claim they do and understand about privacy, safety and security and what their actions tell us.
Privacy communication settings and standards are still evolving along the product development
lifecycle. As this matures, so will understanding.
There is a move towards privacy being a brand issue, and that translating into protection of the
users which is good for the market, but the subtlety of how these big branding claims become
technically enforceable still needs to be addressed.
We foresee a language and definition of privacy
convergence over time. This will lead to recog-
nisable offers of privacy that users can accept.
Perhaps more importantly it will allow stan-
dardisation of electronic processes that can be
assured to enact the agreed terms.
We are working with international bodies, legis-
lators, regulators and standards bodies to help
enable a shared set of protocols and standards
to emerge.
Partly this will come down to familiarity and
multiple use. If a user already has digi.me, it
is easy to reuse; the same if they already have
Facebook authenticated. This is a market ini-
tiation issue more than anything else – the
use cases have to be higher value initially to
overcome inertia in sufficient numbers.
Digi.me approach
White paper: The data mobility opportunity
14 // 20
6. Authentication
Gap identified
Password-based logins neither deliver a smooth authentication experience nor guarantee the
individual is who they say they are and the data they are sharing is theirs. The Personal Data
Mobility market’s growth will be limited without more trustworthy and more user-friendly forms
of individual verification, authentication and access control than password-based approaches
provide.
White paper: The data mobility opportunity
15 // 20
This is a much bigger digital market issue than
data mobility and is equally applicable to every
digital service. This is also related to other gaps,
especially gap 3 (integrated user experience)
and gap 5 (privacy communication). A reason-
able user experience solution must be defined
without compromising on individuals’ security
and safety. The market is achieving this through
the ongoing review of how the presentation of
pre-authorisation and pre-consent is achieved,
and the messaging around it. To comply with
GDPR, data facilitators must support import and
export authentication processes in whatever
form they evolve in the market. It is why the
liability gap previously identified is important.
From a user perspective, success will be judged
on simplicity, common workflows and especially
the use of the appropriate amount of authenti-
cation friction for the value of each process.
Digi.me approach
White paper: The data mobility opportunity
16 // 20
7. Know How
Gap identified
Individuals’ understanding of the risks and opportunities of data sharing is limited and needs to
improve if people are to safely and valuably participate in Personal Data Mobility.
White paper: The data mobility opportunity
17 // 20
We must all work together as a data economy
industry to show what best practice looks like
and evangelise a common view of the safe ways
to accept the data sharing opportunity. It will
involve showing clear signage akin to that of a
road network which clearly shows the right path,
alongside occasional warnings when something
important needs checking.
We must deliver proof of concepts and scalable
applications across all industries where personal
data value opportunities arise, with clear and
tangible use cases such as, for example, ad-
dressing mental health, household budgeting
and diet, that local authorities and individuals
can refer to.
Digi.me approach
White paper: The data mobility opportunity
18 // 20
8. Additional Sector Data
Gap identified
Realising the full value of Personal Data Mobility needs broad cross-sector participation. In
particular, technology companies, health providers, supermarkets, retailers, travel providers
and government services need to share data as well as banks, media companies, social media
businesses, energy providers and telecoms businesses.
White paper: The data mobility opportunity
19 // 20
Realising the potential of the PDE depends on data mobility and sharing. It will, in turn, be about a
shared success, between all participants connected across the industry. As importers, exporters
or facilitators, everyone will benefit most by maximising ways to safely and ethically stimulate or
leverage data flow. Digi.me can aid this aim by adding:
PostBox Services
Digi.me’s PostBox services can be utilised
to receive and share data from unsupport-
ed services, helping prove the source and
becoming a valuable mobility use case first
manually and then via PostBox APIs.
Improved Interfaces
Our upcoming new layouts will lend themselves to promoting data exporters and importers on a
per subject/category/market basis. This could be extended to gather interest levels for as-yet-un-
available data sources, and to educate individuals on how to lobby additional potential new sources
for access.
Digi.me approach
Do amazing things with your data with full privacy, security and consent
United Kingdom
Digi.me LtdThe Old Coach House, Grange Court, Grange Road, Tongham, Farnham, Surrey, GU10 1DW UK
United States
Digi.me Inc1200 G Street NW #800, Washington, DC 20005. USA
Fabrizio de Liberali Pascal WheelerDigi.me - Chief Product Officer
e-mail: [email protected]
Digi.me - Chief Experience Officer
Pioneering data mobilityUsing data in the right way is an important start towards creating data mobility in the
right way – with individuals at the heart of their data, able to benefit from it and in
control of who sees it.
Digi.me never sees, touches or holds user data. We are proud to be pioneering a new
generation of tech companies working to build an effective PDE, with consented use of
personal data at its heart, fueling data-driven innovation and a more personalised future
that will ultimately benefit us all.
To discuss the concepts in this paper and how we can help your business make data
mobility a reality, please contact: