I am ready to claim my data with a Subject Access Request into my HAT
It took a while to get here. To get to the point where I have my own HAT private micro-server data account the way I wrote about it on Wired UK. Finally, I am in a position to request my data that has been trapped in many different Internet services. Don’t get me wrong. I’m not denying them their use of my data. They can still keep it. I just want it too. Because it’s my private data account and I want to be able to use and reuse that data whenever I want. The way they do. After all, we co-produced it didn’t we? Their tech, my digital labour. If I control my data, I can be much more valuable to services and I could ‘spend’ it like the way I reward and punish markets with my money.
Lets back track. I’ve never been as powerful as you, Mr Google, Spotify, LinkedIn, Apple. You have all got powerful servers and AI and bots to use data powerfully to create new ways of personalising experiences, and to give better recommendations. I have never been able to give data real-time, on-demand. I am just a person with a mouse and a screen and some fingers to tap. With such an asymmetry in tech power, I am of course reduced to being harvested, being the product rather than the client. On the Internet, fighting for privacy is fighting for scraps.
But then things changed recently. A whole community of researchers, developers, academics all got together and created this thing called the HAT. It’s my own private micro-server data account with a unique one-database per person within containerised micro-services. And they created some pretty nifty data services like allowing me to pull my data in with what they call “Data Plugs” and allowing me to push data out with “Data Debits”. These data services are all controlled by me with button presses and toggles so I am legally and technically the “data controller” on the HAT. What fun. And now there are developers out there whom I can ask to code a data plug so that I can get more data into my HAT and when one person does it, every HAT owner benefits from it. Best of all, I can get HATs from different HAT providers who can offer me private data accounts and host my “micro-server” but with no access to my data, but who do it because they actually want a relationship with me and not with the holders of my data. (And they probably know how to ask me nicely too). And each one of these new apps coming onboard will have the data stored in my HAT if I want it, and I can use the data, combine it with different types of data, create new data by subscribing to private AI/analytics, use it to track my digital life, and exchange it for the services I want! Let’s build a new Internet of services using private data accounts!
Now Mr Spotify, LinkedIn, Google, Apple. Let’s have a conversation. Under the law I have the right to a subject access request. That means I have the right to know what you have of me. The problem is that quite often, subject access request is just you giving me some scraps of paper or PDF or files. I have a HAT private micro-server data account now. I’d like my data in the form of APIs please (click here for a nice video to explain what they are). That means my data that can be given to me real time, on demand and dynamically updated. Why would you give it to me in the form of an API? Well, four reasons.
First, you clearly give it to others whenever I consent for example I can login to an app with Facebook or Google so you pass my data to that app through an API; or for Spotify you integrate my data with my Alexa and my Sonos. So…. if you give this data to others (of course, with my consent), why not to me? To my very own private micro-server data account?
Second, if you don’t give it to me now, I will ask for it again from 25 May 2018 which is when GDPR come into effect and under that regulation there is that thing called data portability. I happen to think that copying my data over to my private data account through APIs constitute data portability.
Third, the HAT community hopes to built the open sourced HAT into a new standard for the Internet for private data accounts. That means the way we push and pull data in and out through button presses and toggles is actually a ‘code’. And every HAT owner is therefore a developer/coder in a way. So before you deny me my data, are you sure you want to deny every developer/coder out there who are building services to link to your service? Wouldn’t it be easier just to give me my data?
Fourth, I actually can’t get to my own data. It seems that current legislation only allow you to give my data to another company, but not to me. See HATDeX announcement on banking data Plugs and Spotify data plug. So to get at my own data, I have to give to someone else? That doesn’t sound right.
Thanks to an incredible community who have worked hard to build this into a platform and an economic system that everyone can use, evangelising it everywhere, I am finally ready to take the next step. Patrick, a lawyer who heads up the Claim your data initiative have also sent some letters on to get organisations to come together in this new world for more equitable data sharing. I want to start increasing data deposits into my private data account to spend. After all, data is the new oil isn’t it?
So, I’m firing my first HAT access request (it may cost £10 and I encourage anyone who has a HAT to do it (or get one here) with a HAT access request letter template I created) on the 21 Feb to Spotify (because I really like to keep track of when I listen to songs), then moving to my bank at Natwest because open banking now allows API access to bank account data, and I want a piece of that action, before Facebook or Amazon get in on it. Read Leila’s article on why decentralisation matters.
Read all about private data accounts in my Wired article.
If you are thinking of doing the same, join my Telegram group! And do share this widely!
Update April 2018: Check out WHAT HAPPENED NEXT