Open in app

Sign in

Write

Sign in

A different model for personal data

David E Alexander
Mydex
Published in
7 min readDec 11, 2017

It’s now clear that personal data will be a pivotal resource of the 21st century economy — driving the design and delivery of an increasing range of services in both the public and private sectors. But the full potential of personal data won’t be realised until we see beyond models and approaches that grew up in the past and which are not appropriate for the future.

In particular, two underlying assumptions about data are blocking progress: the organisation-centric assumption that collecting and using data is something that only organisations, and not individuals, do; and the monetisation assumption that the only business appropriate to data is to maximise the money that can be made from it.

Both of these assumptions come from large organisations in the private sector and have very little to offer to everyone else.

Under the private sector model:

  • the organisation is in charge. It is the organisation collecting and storing the data (with the individual perhaps being required to do some inputting).
  • (because of this) the organisation has to do all the work and take all the responsibility. It is up to the organisation to collect the data efficiently, to store it safely, to check it with external bodies such as credit reference agencies, to use it effectively, to do the analytics and so on.
  • the model assumes a purely one-to-one relationship between the organisation and the individual. No other party is involved; the relationship is self-contained.
  • the underlying motive is profit. The organisation’s purposes are at the forefront e.g. the organisation is collecting the data to provide a service, to gain an insight, to make some extra money.

This model is entirely inappropriate for the provision of public and social services, volunteering and charities. These include health and social care, employability support, processing and managing access to state and local benefits, providing money, pensions and broader citizen advice, supporting those who are homeless, people with a disability and with many other needs. Many are also providing education, training, cultural activities, community support and any number of other activities provided remotely, centrally or locally across any number of channels.

In all of these cases, we need a different model. What does this alternative model look like?

Person Centred Data Ecosystem

1. What ‘success’ looks like.

In the private sector the language, terminology and thinking around personal data focuses on words like like ‘monetisation’, ‘exploitation’, ‘retention’, ‘acquisition’ and ‘conversion rate’, ‘cross sell’ and ‘up sell’. Outcomes are measured in terms of profits, market dominance and increased shareholder return. But in public and social services have different priorities that bring bigger, broader outcomes come to the fore. ‘Monetisation’ slips from view (though cost reduction still remains important). And human outcomes come to the fore: outcomes relating to employment, health, community cohesion, accessibility, equality and inclusion, a basic roof over your head and access to the services that individuals and families need. Social and public sector stakeholders are diverse too. It’s not just about ‘customers’ but citizens, patients, volunteers, employees, students, communities.

2. Relationship complexity

Many of the most important services in social and public services reach beyond a narrow one-to-one relationships between an organisation and a customer. Very often, different arms of the public sector need to work together in a collaborative non-competing manner, along with third sector and charities. We call these groups of organisations Clusters. Together, they are serving cohorts of citizens and communities. Time scales of service delivery vary from the short and medium terms to ongoing service over long periods of time.

From a data collection and management point of view, these Clusters present challenges that are quite different, and far more complex, than narrow private sector company/customer relationships. To deliver genuinely person-centric joined-up services, clusters need to share large amounts of often highly sensitive personal data. This is a massive operational, regulatory and communication challenge for all concerned.

3. Division of data labour

In the private sector, most organisations want to control all aspects of data collection and use because they see it as a source of competitive advantage. This approach brings with it significant operational, regulatory and other costs and risks. For the social and private sectors, the situation is very different. The collection and use of data is simply a means to the end of better service provision and the costs and risks of data collection and use are a largely unwelcome additional burden with few upsides (such as the opportunity to ‘monetise’ this data).

Many service providers would therefore welcome the opportunity to outsource tasks such as data storage, managing consents and permissions, and data sharing to a third party — if, that is, this third party could be trusted to align with the values and purposes of the service provider and doing so saves money rather than creating additional cost and/or unintended consequences.

4. New regulations are driving change

Today’s private sector-based model of personal data is now under significant pressure from new regulations including GDPR, e-Privacy and PSD2. Obligations like data portability, transparency about the uses of personal data, and much more stringent approaches to consent’ represent a step-change in the data relationship between individuals and organisations. Importantly, new provisions for data portability enshrined mean individuals can ask for copies of the data held about them by organisations and can share it with other parties. This heralds the end of an era when organisations had effective monopoly control over individuals’ data. It points to a new world where data is aggregated around individuals for the provision of richer and more innovative services — in other words, the Cluster model.

5. What ‘good’ service looks like

In the private sector, organisations want to be in the driving seat: their marketing is ‘done to’ and ‘at’ their customers. In contrast, most social and public services are ideally or best done with the citizen, co-produced with active citizen engagement and involvement. This can (and should) extend to the collection and use of personal data and the insights this data can generate. Marketing targeting and citizen-centric services are different kettles of fish. They cannot and should not work in the same way. For citizen-centric services a different model is needed.

Of course, there are some areas where the needs and priorities of public and private sectors overlap. Both sectors want efficient data processing, information to flow safely and securely with reduced costs and risk. They both need to trust the data and information they depend on, including being confident they are dealing with the right person, which places the question of Identity verification centre stage. All of this has to happen in ways that comply with data protection regulation.

Mydex CIC’s personal data services have been designed to meet the needs of social and public sector service providers.

  • As a Community Interest Company, Mydex’s prime purpose is not monetisation of data, but empowering individuals with their own data, for their own benefit. The core belief at the heart of Mydex’s social mission is that, in addition to organisations benefiting from the collection and use of personal data, individuals should get the benefit of their own data via services that work for them Mydex’s platform is designed so that it cannot even ‘see’ the data individuals hold in their personal data stores. This ‘zero knowledge’ design is the ultimate in privacy protection.
  • Mydex transforms the data landscape by making individuals the point of integration of their data, thus transcending today’s rigid data silos where each separate organisation collects its own (small) amount of data and can only therefore ‘see’ a small slice of this individual’s life. By making individuals the point of integration of their own data, Mydex makes the delivery of joined-up, integrated, person-centric services possible at low cost and high security in ways that simply have not been available before.
  • By giving each individual their own personal data store and giving them control of their own data, Mydex enables Clusters to ensure the right data is shared with the right parties at the the right time, in ways which protect individuals’ privacy with compliance to data protection regulations ‘built in’.
  • Mydex is pioneering a new personal data architecture and infrastructure where, instead of each organisation taking on all the tasks of data collection and processing (generating massive duplication of cost and effort in the process), organisations can share costs by accessing a common, specialist platform offering a variety of different data services including data storage, identity, and permissions management. These ‘back office’ data services still allow each service provider to design the user experiences that are appropriate for them, delivered via their own branded interfaces.
  • By eliminating large amounts of duplicated effort and by streamlining processes such as consents and permissions, Mydex offers these better outcomes at a much lower cost than alternative approaches.
  • In doing so, Mydex is not posing any competitive or strategic threat to service providers. Mydex makes its money by enabling safe, secure, trusted data interactions, not by trying to monetise the data itself. Mydex doesn’t ‘use’ the data stored on its platform: its sole purpose is to help individuals and their trusted service providers use this data in efficient, effective trustworthy ways.
  • As well as building trustworthiness in to its operations (via its CIC status, its ‘zero knowledge’ operations, and its citizen-protecting data sharing agreements), Mydex delivers best practice data security with ISO27001 and FairData independent certifications.
  • Mydex services are easy to use. The platform is up and running and ready to ‘plug in’
  • Mydex services are easy to buy, via the UK Government’s G-Cloud procurement platform.

We need a new model like this if tomorrow’s data economy is to flourish to the benefit of all. However, working to a different model — one that is new and unfamiliar — is always difficult. Current organisation-centric, value extracting monetisation-focused models are now so well entrenched, and their assumptions so familiar, that is sometimes seems that such a different model is impossible.

But it is possible. In fact, it is already available for testing and exploration. Now. The Mydex platform is live, up and running and ready for services to simply ‘plug in’. The journey to a better future has begun.

Privacy
Personal Data
Social Innovation
Identity
Data Portability

--

--

David E Alexander
Mydex

Written by David E Alexander

186 Followers
Editor for

Mission focused - Realisation of an Independent Personal Data Infrastructure and citizen centred design

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams