A critical fork in the data road?
We have been talking with the EU about some research they are doing into the role of ‘smart contracts’ in data portability. We won’t go into the details of that particular discussion here, but it raised some bigger questions that we think are worth sharing. This is an edited version of a document we sent them.
Is the EU discussion about data portability missing a key point?
In its discussion of data portability the EU rightly recognises the economic importance of this issue, stressing that “market imbalances arising from the concentration of data restricts competition, increases market entry barriers and diminishes wider data access and use.”
However, the way it has framed the issue of ‘control’ of personal data renders the biggest breakthrough opportunities for economic transformation — in productivity, service quality and innovation — largely invisible.
Hidden in the details of data portability lies the potential for organisations to deposit ‘verified attributes’ or ‘verified credentials’ in individuals’ personal data stores (sometimes called ‘wallets’). These verified attributes confirm data that has been carefully checked about individuals. Because they are cryptographically secure, they cannot be tampered with.
When verified attributes are deposited in individuals’ personal data stores, it becomes possible for individuals to bring this pre-verified data with them to their dealings with other service providers. These other service providers can rely on this data without having to regenerate it or check it.
This process greatly speeds up completion of data-driven tasks and eliminates friction, effort, risk and cost from every step of personalised service provision across every service dealing with individuals, including public administration, financial services, health, education, retail, transport, media and leisure.
The closest economic parallel to this is the productivity revolution ushered in by Henry Ford’s moving assembly lines for the production of automobiles. Verified attributes are the standardised parts of service provision and personal data stores are the assembly lines. Ford reduced the costs of making a car by over 90%. Similar productivity breakthroughs in service provision are being made possible by the portability of verified attributes.
In addition, the ability to make individuals the point at which information about themselves is gathered is creating powerful new-to-the-world person-centric data assets. Currently, individuals’ data is dispersed across the hundreds of different organisations that collect data about them. Enabling this data to be unified in the individual’s personal data store, under the control of that individual, is creating a data source whose richness surpasses any data asset ever created — while fully protecting individuals’ privacy. The economic potential of these new person-centric data assets is immense.
As long as these two opportunities — of verified attributes and of individuals as the point of integration of their own data — remain overlooked, EU discussions about data portability and ‘control’ over data risk missing the economic opportunities that could be opened up.
Two meanings of ‘control’
In this context, it is crucial that the EU recognises there are two distinct and different meanings to the word ‘control’ as it relates to individuals ‘controlling’ their data.
The first, very limited, meaning relates to individuals exercising more control over the data that organisations collect about them. The second, broader, more expansive meaning of control is individuals being able to collect, store, use and share their own data for their own purposes — to make better decisions and to manage their lives better — independently of any organisation that may be collecting data about them. This subsumes the first, limited meaning of ‘control’ as one small part of a much bigger process.
Only if the second, broader, more expansive meaning of the word ‘control’ is embraced will the full economic potential of data portability be unleashed.
In this context, focusing only on the first, narrow meaning of ‘control’ is very limiting. The real defining characteristic of PIMS (Personal Information Management Services) is not the issue of control (which is just a means to an end). It is individuals’ ability to use their own data for their own purposes, e.g. to manage their lives better.
Two forms of portability
The two meanings of the word ‘control’ imply two different forms of data portability, requiring differing data sharing infrastructure.
A narrow, limited, interpretation of data portability assumes that data about an individual will be transferred from one data holding organisation to another. This is a strategic non-starter for two reasons.
First, it ignores the mathematics of networks which mean that, as such a system scales, it quickly generates a cost and complexity catastrophe. Figure 1 below illustrates this point.
In a one-to-one data sharing network, as each new node joins the network the number of connections needed to connect them multiplies by the number of nodes in the network (whereas, it the sharing is done via a hub like a personal data store, adding a node adds just one new connection).
With a network of just three participants, direct sharing is fine. But with just eight participants, the number of connections that are needed has already jumped to 28. And by the time it gets to 50 participants, the number of connections needed has jumped to 1225 (whereas, with the individual’s personal data store at the centre, the number of connections that are needed has now risen to 50).
This complexity catastrophe unfolds on multiple fronts, including:
- Security, as each organisation exposes its systems to other organisations
- Interoperability, as each organisation has to learn how to deal with other organisations’ different software formats, standards, and so on.
- Governance, as each organisation has to check whether another connecting organisation is bona fide, and really has permission to access the data
- Data protection, as individuals lose sight of who holds their data for what purposes
In short, a strategy for data sharing which simply extrapolates forward from today’s reliance on organisation-centric databases is a certain recipe for a catastrophically costly, toxic snarl-up.
At the same time, if this approach is adopted, individuals never have the opportunity to take control of their data as in the second, broader, more expansive meaning of the term. With organisation-centric data portability individuals are continually excluded from the workings of the data economy, which remain firmly in the hands of data holding organisations.
The second interpretation of data portability is where copies of the data held by organisations, (including verified attributes) are deposited in the individual’s personal data store, so that they can use their data independently of the organisation that originally generated this data. This requires new infrastructure — empowering individuals with their own personal data stores.
This second approach to data portability has been explicitly recognised by the EU — by the Article 29 Working Party Guidelines on the right to data portability (5 April 2017) which stated that:
“Data subjects should be enabled to make use of a personal data store, personal information management system31 or other kinds of trusted third-parties, to hold and store the personal data and grant permission to data controllers to access and process the personal data as required.”
The take-out from this is simple. If the EU overlooks the pivotal importance of new enabling infrastructure for data sharing it risks a) sleepwalking into a data sharing complexity catastrophe and b) missing the true economic potential of data portability.
Distinctions between personal data stores and PIMS
The two interpretations of ‘control’ and the two forms of data portability as outlined above raise further questions about the EU’s understanding of the PIMS concept.
As stated above, in our view, the unique contribution of PIMS is to help individuals to use data to manage their lives better: the focus is on ‘use’. Examples of ‘using’ data may be making and implementing decisions about personal finances; managing a health condition better, or laying out a personal skills, training and career plan. All such services require data to be aggregated from many different service providers.
Personal data stores do not, per se, provide such services. They are personal data logistics enablers, providing the infrastructure that enables the necessary data collection, storage and data sharing for the provision of such services. A PDS enables data to be held by individuals independently of particular service providers and enables the maximum reuse of this data by many different services.
To that degree, we see personal data stores and PIMS as being part of the same movement towards citizen data empowerment but with different roles and functions — one enabling data access, the other helping better use of the data once it has been accessed. PIMS need personal data stores to function more efficiently (and if PDS infrastructure is not used, it will involve PIMS in huge amounts of extra, duplicated effort, the costs and complexity of which could stifle the growth of the sector).
Conclusion
The gist of our input was that the EU needs to build the full economic opportunity into its discussions about data portability. To do so, it needs to grasp the differences between two meanings of control and the two forms of data portability along with the need for new citizen empowering data infrastructure. Let’s see what they come up with.