User-Centric Data Model: Key Principles
What does ownership, and control of personal data mean to individual consumers, brands, and developers in practice?
We are entering an age where individuals have full ownership and control over their personal data. Ownership of personal data is opening new opportunities for individuals: the ability to own and control how personal data is used, liberating, and empowering.
The user-centric data model has emerged recently and is gaining more attention not only among the private citizens who believe that every individual should own their personal data.
Large companies too are looking for new opportunities to interact with their customers; while legislators around the world are moving swiftly to adopt new data privacy regulations — such as the GDPR in Europe and the CCPA in California — that aim to balance the interests of the data aggregators, individuals, and the society as a whole.
The Starting Point of the User-Centric Data: The Individual
The core principle of the user-centric data model is that the individual owns her personal data and has the ultimate power to make the decision on how her data is used in interactions with third parties.
There are eight main principles that form the foundation of the user-held, user-centric data model.
Let’s take a closer look!
1. Ownership of Personal Data
The core principle of the user-centric, user-held data model is that the individual should have full ownership and control over her personal data.
In practice, to own one’s personal data, the individual must have tools to actually collect personal data into one single place and exercise control over that data.
A personal data cloud is a place where individuals collect and hold their personal data. This “Personal Data Cloud” could be better understood as a “Dropbox”-like folder accompanied with built-in software that helps organize one’s collected data into a human and machine-readable format.
Sources of Personal Data
Where does that data come from? Individuals can:
(a) manually add their personal data (e.g., upload copies of your birth certificate, driver’s license, etc.), and
(b) gather data from third-party service providers (such as Google, Facebook, or a personal bank). (You would be surprised how much personal data you can collect by exercising your “right to know” under the GDPR and CCPA!). At the moment, such exercise of personal data rights is quite lengthy and time-consuming; however, in the near future, collecting data from third parties will become more fluid and automatic.
What Personal Data Do You Own?
Simply put, once the individual collects her data from different sources into her personal data cloud, that individual becomes the rightful owner of that data. This data which the individual holds in her personal data cloud is the most precise and accurate set of data points about the individual.
The unique feature of a user-centric, user-held data model is that only the individual has access to her personal data cloud and controls how that data is used in relation to third parties.
Click here to read more about Prifina’s approach towards legal ownership of personal data.
2. Consent and Control
Individuals have full control who can access their personal data and under what conditions. Personal data cloud and accompanying data insights apps enable individuals to have a clear understanding of the wealth of their data and how it is used.
In a user-centric data model, personal data is always accessed and used with the individuals prior and express consent.
Interaction With Brands Via Personal Data Profiles
Nowadays, brands and various online service providers struggle to understand their customers’ and providers’ most relevant and attractive offers. In a user-centric data model, individuals “bring” their personal data profiles to brands who can tailor their products that best meet their customers’ demands and expectations.
The crucial element in a user-centric data model relates to the use of data about the customer: all interactions between a brand and its customer are centered around user-held data; which means that brands are able to draw insights about their customers only if, and to the extent that, the individual customer consents.
To put it differently, in majority cases, the legal basis for processing personal data about customers is individual customers’ prior and explicit consent. (Certainly, there are many different nuances as to how an individual’s data is “activated” and how data is managed by the individual in her personal data cloud; and we will address some parts of subsequent sections below.)
More specifically, individuals can make informed choices about the ways their personal data is used: for example, the individual can choose to: keep her personal data secret and interact with third permit third-party applications anonymously or give permission to access only certain anonymized segments of her personal data in her personal data cloud. The individual could also allow third-party apps to track her or use data for other purposes.
Click here to learn more about Prifina’s proposed personal data licensing framework.
3. Purpose Limitation.
Personal data management tools help individuals ascertain that third parties can access and collect only such personal data that is necessary for specified and purposes. Individuals also restrict access and use to the data held in their personal data cloud (e.g., using digital watermarking technologies).
A user-centric data model is built on the principle that the individual has absolute freedom to decide how her personal data is used and for what purposes. The major distinctive feature is that the individual can exercise granular control over their data (e.g., grant permission to access personal shopping history, but keep personal finance data anonymous). Furthermore, the individual can always adjust permissions without as she feels fit.
Such a user-centric, user-held data model helps avoid information and power asymmetries in the market where individuals had no level playing field in controlling for what purposes companies collect and process their personal data (“Take-it-or-leave-it” scenarios when agreeing to privacy policies). However, tables have turned in the user-centric data model because it is the individual herself who determines for what purpose the data is used by third parties.
4. Data Minimization.
Personal data always stays with the individual in her personal data cloud. Brands and third-party service providers interact with individuals either through “profile cards” or by building apps that run on top of user-held data. As a result, third parties can only access the minimum necessary information they need in order to be able to provide services to the individual.
The fact that data is held by the user gives a great feeling of control and empowerment to individuals.
For brands and service providers, a user-centric data model helps curtail compliance costs that are associated with data privacy regulations. The possibility to interact directly with individual customers based on user-volunteered data helps brands save millions of dollars which they would spend on purchasing data from data brokers. Instead, companies are able to spend that money to build bespoke products and services that customers love.
A user-centric data, user-held data model has major implications for the whole data ecosystem. Until recently, data has been essentially a B2B business. However, a user-centric data model opens new opportunities for democratizing data and building an environment where individuals are able to get direct value from their own data.
At Prifina, we believe that a user-centric, user-held data model is taking us to the environment where companies are competing among each to provide higher and more bespoke value to their customers; and where data generates long-term value.
5. Lawfulness, Fairness, and Transparency.
An individual’s consent is the most important legal ground to access data. By being able to grant prior express consent to access and use of data, individuals feel empowered and “in control”. Personal data management tools help individuals get insights on how their data is used by whom.
A user-centric, user-held data model aims to ascertain that data is used lawfully. One of the ways to achieve that is by giving individuals visibility over their data, and the tools to own and control it. With such personal data management tools, individuals can determine how they want to use their personal data. Accordingly, the main legal ground for the use of data is user consent.
By being able to give permissions to access to third parties to access their data, individuals are exercising their legal powers as the true owners of the data they hold in their personal data cloud. It is the individual herself who can determine what uses of her personal data is acceptable and fair. Since every individual has her own unique preferences and expectations, it is also fair to give ultimate freedom for the individuals to figure out how to manage their personal data.
6. Security of Personal Data.
Since every individual has her data stored in a personal data cloud, from the macro perspective, the value of a single personal cloud is much lower than of a centralized database of multiple users’ data.
Distribution of data in personal data clouds and processing data locally in these clouds is a way to distribute the central risk associated with data breaches especially compared to large databases. However, data still needs stringent safeguards, including private-public key encryption and different levels of verifications.
Data held with the user also allows more dynamic updating of information and verification of the data itself. Comparable to two-factor authentication, the user can be asked to confirm data as true or access, i.e. if they did indeed wish to share said data via a simple request. This can help combat fraudulent use of data and keep the user in control.
7. Data Interoperability.
The user-centric data model pushes the data ecosystem towards mutually agreed data interoperability standards.
Currently, the major problem is that individuals’ personal data lies in disparate silos and outside the individual’s access, let alone control. Data is often in incompatible formats and un-interoperable with other services and use cases.
At the same time, we are observing major changes happening in the data ecosystem where data titans as well as developer communities around the world are working towards creating open-source solutions that would help adopt data interoperability standards. We also believe that data standardization across different layers can be achieved by a joint effort of multiple stakeholders in the market; this task can not be accomplished by any single company (or government).
Our team is aiming to play an important role in this endeavor by developing open-source tools and SDKs for developers to build user-centric data solutions for any third-party application and use case, based on a framework where data stays with the individual.
8. Portability of Personal Data.
The user-centric, user-held data model makes data portable, but in a slightly counter-intuitive way: rather than bringing data from Brand A to Brand B, various brands are building apps that run on top of user-held data. Data portability would make sense only if all parties in the ecosystem are able to benefit from a user-centric, user-held data model.
Separation of Data and Apps
In Prifina’s model, user-held data is separate from applications. We see how new types of applications — we call them “Local Data Apps” and “Data Widgets” — are going to emerge and will run on top of user-held data. Data widgets and local data apps will enable individuals to get better insights and understanding of the data that is in the personal data cloud, get insights, and open new opportunities with user-held data.
Example: current movie recommendations on Netflix or Amazon Prime are based on recommendations which those platforms generate based on your watch history on that particular platform. What if there was an app that combines your watch history on major platforms you subscribe with YouTube and IMDB, and, based on that data, could offer you a new list of recommendations?
We see data portability as a more complex issue that simply bringing data from App A to App B. Rather, an individual has her data in her personal data cloud, and “carries” it with. Metaphorically speaking, a personal data cloud could be compared to a bucket filled with water, while local data apps are floating toys that float in the bucket.
Unlocking Value by Making data Portable
Data portability can only be realized if all players in the data ecosystem are able to benefit from it. First and foremost, data portability should empower individuals with their data and help them receive more personalized offerings from brands and service providers. For brands and service providers, data portability offers new ways to engage with customers and innovate by building new lines of services on top of user-held data.
We at Prifina believe that demonstrating value from portable, individual-controlled personal data is significant both from the technical as well as from an ecosystem perspective. If the value can be unlocked in interactions between individual consumers and application providers, this would mean that a “portable” data model is not only more balanced from a data privacy point of view, but it actually fares better from an individual value and performance point of view.
Connect With Us and Stay in Touch
Prifina helps individuals get bespoke value from their personal data and provides tools for developers to build applications on top of user-held data.