MyData 2017: points of convergence, lines of tensions and missing topics
Could you please come to the MyData conference and summarise the three days content in the closing plenary? Not an easy task for an event of this size and scope! Valerie Peugeot together with the team from FING (working as her eyes and ears and note takers) did amazing job in MyData 2016. She delivered the most engaging and insightful conference summary organised around the points of convergence, lines of tensions and missing topics.
Following the success of Valerie’s speech in 2016 we wanted to have something similar on MyData 2017, but who could stand up for this challenging task? Molly Schwartz with the help of researcher team from FING and Aalto university did the closing remarks of 2017 and they did it in superb quality!
Below I tried to catch the 18 points that Molly picked to her conference conclusion. Some of the points include a bit of my own interpretation as well, see the original speech from the video and Molly’s slides!
Semantics
People keep returning to the topic of semantics, both as defining the meanings in data to enable interoperability, but also as philosophically defining the meanings of the shared concepts in the MyData movement — what do we mean by value, privacy, portability, control individual agency etc.
Measuring Value
What is there for the people? What are the use cases? What’s the business model? If the current data economy isn’t working for the people, then what would be the common measurement of what does work? Should we measure things based on happiness, based on fairness, based on risk, based on consequences?
(Slow) Layering
In societal changes there are layers that move with different paces. Some things like fashion, commerce and technology evolve quickly while others like infrastructure, governance and culture shape slowly. The deep impacts come from the slow layers. What kind of consequences the personal data management system has on our lives in the long run? We wanna build an infrastructure that will last. Rather than only focusing on the newest kid on the technology block or the success of the personal data startups since last year, maybe we should think about this in terms of really being a long game.
Modular Solutions
There is big and growing number of projects and initiatives some of them coming from governments, some of them coming from companies. The general attitude towards interoperability among the projects is remarkable. People in different places are tackling different pieces of the MyData model in ways that are aiming to work together.
Digital Identity
Trusted sharing of data requires trusted digital identities. It’s not necessarily just people who have an identity in this digital world, but also companies or your vehicle could have a digital identity, or you as a person could have multiple digital identities. Infrastructure for digital identity is key in the technical realisation of the MyData -vision and there is lot’s of innovation happening g in that area.
General Data Protection Regulation
New regulation is shaping the field, but it is the implementation that matters. Are we actually going to have real data portability? Maybe it’s up to us as a community to preemptively build the models that will work the best for us, rather than waiting for it to come the other way round. Katryna Dow made the excellent point that the DPOs, the new data protection officers, are going to be our new designers, so we should pay close attention to how they end up executing things.
Informed Consent
Consent management is at the core of MyData. Right now, consent functions in a binary way with terms of service: yes or no, we opt in or we opt out. Most of us agree, that this does not really work. Could consent be made contextual, dynamic and fine grained? Perhaps implemented as kind of a dialogue?
Individual Responsibility
MyData is predicated on the idea of individual empowerment. Freedoms and responsibilities should be thought together. How much responsibility we’re giving to individuals and whether or not this is a good thing. Will people feel liberated, or will they feel abandoned?
Accountability
How do you determine on which services and companies to trust with your data? Do we create labels or trust marks to differentiate good and bad actors? What measurements should be used to decide if organisation is trustworthy — who deserves green label and who stays on yellow or red? And in the end who should be deciding the measurements and enforcing those: watchdog organisations, industry self-regulation, government or perhaps crowdsourcing?
Privacy
Some people say that the whole privacy ship has sailed and maybe we should be working toward anonymity. Others make points that anonymised data can oftentimes be de-anonymised. Furthermore Linnet Taylor raised the strong argument that also completely anonymous data can be used in harmful manner against real people — algorithms target anonymous groups all the time. So what are the relationships between privacy, anonymity, MyData, individual control over data, beneficial and malicious use of data etc.?
Data as Liability
Stewart Lacy talked about the idea that data can also be a liability, that big data isn’t always a good thing for the organisations either. Many promote the idea of data minimisation and maybe this is the way that we should go — collect less, but better data and use it more wisely. We could be at this point where we either turn toward digital feudalism or a digital renaissance.
Education and Outreach
We need effective ways of communicating our ideas and reaching larger audiences and also people at younger ages. We should start looking to community based organizations that are already on the front lines of people interacting with technology in different areas of life. This is the way to make sure that the MyData principles get put into practice.
Black Boxes and Intellectual Property
Much of the digital economy is today predicated on the concept of intellectual property and many of the developed services remain black boxes. This question is huge for example when we’re talking about AI, algorithms. How do we deal with that when we’re trying to change the model?
Data Portability
Obviously, data portability is a big promise in the new EU data protection regulation. Still there was missing discussion about who will take the lead in making sure that data portability happens in the right way? What are the standards, how do we distinguish the rights to get the data and the rights to transfer the data?
Property vs. Rights
Many people say that it is dangerous if we start talking about data as property when we’re truly trying to establish that we have rights to our data, because that means that it can be traded away or sold. Others claim that property kind of rights would clarify the situation and make it possible to move onwards get the benefits of the data also for people. These differences in opinion were not addressed yet widely, but the debate on ‘data ownership’ is politically timely now and this community should be addressing the question also.
Beyond GAFA
There are other companies out there that are less visible, but very strong in the current data economy like for example Salesforce and other CRMs or Acxiom and similar data brokers.
These companies have incredibly large IPs and lot’äs of ideas on where the data world should be going.
Inclusivity of the Movement
How inclusive is this movement and how inclusive do we want it to be? Europe is currently leading the personal data regulation development and many countries are observing and perhaps following, but how much is MyData supposed to be a Europe-centric movement? In MyData we are seeing hubs pop up all over the place, including places like Brazil and Japan.
EXTRA NOTE: Sci-fi
When we’re trying to imagine where we’re going we can also use tools like sci-fi that allow us to model how potential alternative futures might look like. Molly Schwartz did an analysis of Hannu Rajaniemi’s book, The Quantum Thief, in the context of MyData for the Sci-fi WorldCon. Check out Molly’s slides: How sci-fi, metaphor, and imagination could influence the design of consent-based privacy?
