A National Strategy for Personal Data
In its discussion paper on the Economic Value of Data the Treasury makes three observations about today’s data status quo:
- innovative uses of data can generate powerful positive externalities that may not always accrue to the data creator or controller. This can result in data being under-exploited or under-shared
- significant potential value that may be produced by merging complementary datasets rather than keeping them separate
- there is currently a mismatch between those who hold potentially valuable data and those with the skills and inclination to exploit data assets
The paper commits the UK Government to developing a National Strategy for Data. What should such a strategy look like? Here’s what we said to the Treasury.
Not one strategy but two
First things first. While a National Strategy for Data is a great idea, it’s simply not possible to develop one, single coherent ‘national strategy for data’ that treats personal data and non-personal data as if they are one and the same. We need two strategies, one for personal data and one for non-personal data. Of course they should be mutually supporting and aligned. But the rules, mechanisms, processes and infrastructure needed for the two types of data will by necessity be very different.
A National Strategy for Personal Data
So what should a National Strategy for Personal Data look like?
1. Recognise the richness of personal data
‘Personal data’ is a blanket term covering the most nuanced, diverse and complex range of data in the world:
- data that is ‘intrinsic’, relating to the indelible characteristics of the individual concerned e.g. blood type, DNA, age etc;
- data that is observed (e.g. aspects of behaviour garnered from sensors and from the use of devices such as websites, apps, mobile phones or cars);
- data that is conferred (for example, qualifications and entitlements bestowed by other parties); self-asserted;
- data that is inferred — and appropriate means and mechanisms need to be developed to manage this richness and diversity.
- data that is volunteered, with individuals sharing things about themselves including their feelings, preferences, views and opinions, ‘reasons why’, etc.
It is this rich range of different types of data that makes personal data so important, useful … and potentially sensitive.
2. Prioritise inclusive goals
The goal of the National Strategy for Personal Data should be to unleash the full potential personal, social and economic value of personal data in ways that are safe, equitable and sustainable and which encourage ongoing innovation.
When we say ‘personal, social and economic value’, we mean to stress two things. First, unleashing the personal and social value of personal data is as important as unleashing its ‘economic value. Second, ‘economic value’ of data isn’t the same as ‘commercial value’ (i.e. ‘monetisation’). It means unleashing all the economic benefits of data, including using it to deliver order-of-magnitude reductions in the costs of service provision and the innovation of completely new types and classes of personal data service.
To unleash the full personal value of personal data individuals need to be provided with the means to make use of their own data for their own purposes, independently of their relationship with any particular service provider — with every citizen in the country being provided with their own personal data store, free of charge.
3. Build a distributed architecture
The only way to do this is to free it from its current ‘prison’ inside existing data controllers’ large databases. Today’s data architecture is both centralised and fragmented.
- Centralised because the lion’s share of individuals’ data is concentrated into the hands of a small number of large organisations.
- Fragmented because data about each individual is at the same time dispersed across a diverse range of these different organisations, held in separate silos.
We need to move from this centralised/fragmented structure and architecture to a decentralised/ integrated data structure and architecture.
- Decentralised as each individual has their own personal data store where they can collect, store and use their own data, independently of their relationship with any particular service provider.
- Integrated because, using their PDS data, individuals can integrate and aggregate data from multiple sources, thereby building the richest, roundest possible picture of their own lives in a way that fully protects their privacy — because it is their data under their control.
Creating this additional infrastructure has the potential to kill many birds including a fairer distribution of power and wealth, enabling the innovation and growth of new person-centric services, far-reaching cost reductions, built in privacy and data protection, and the restoration of trust in digital services.
4. Support the development of a new personal data logistics infrastructure
The Government should support the creation of a new personal data logistics infrastructure that:
- enables individuals to safely and easily collect, store and manage their own data independently of their relationships with any particular service providers. In other words, individuals data — and their personal data stores — should be ‘untethered’ from existing data controllers.
- Enables individuals to share this data with bona fide service providers as safely and easily as possible so that data coming and moving out of the individual’s personal data store does so automatically (i.e, via APIs), and the rules surrounding the use of these APIs are designed to ensure the protection of individuals’ data (see Safe By Default below).
To this end the Government should conduct a consultation to decide what criteria would determine whether a PDS is bona fide or not.
5. Make data available to the individuals whose data it is
In support of this, the Government should take measures to lift restrictions on the availability of personal data to the persons whose data this is. It should do this by proactively encouraging the implementation of GDPR/Data Protection Act data portability provisions, so interpreted to include providing citizens with secure electronic tokens verifying key attributes about them (see below).
6. Separate storage from use
Today’s data architecture and infrastructure works on the assumption that service providers using data to provide a service also hold this data in perpetuity, becoming a ‘data controller’. While service providers do indeed need to hold some personal data for administrative and efficiency reasons, the Government should embrace the underlying principle of separation of storage from use.
When data storage is separated from data use, service providers wishing to provide a service gain permissioned access to relevant data held in the individual’s personal data store solely for the purpose of providing this service. They need not hold most of this data in perpetuity.
The system design change reduces the opportunity for (and the incentive to pursue) ‘data land-grabs’ while building data protection into how the system works.
Separating data storage from use also creates different functional specialisms: personal data stores can concentrate on providing individuals with the means and mechanisms they need to collect, store and share their data safely and easily. Service providers can concentrate efforts on using data to provide improved services.
Such a separation of functions removes duplication of effort, encourages specialisation and will, over time, become an important driver of efficiency and productivity.
7. Pump-prime the sharing of Verified Attributes
To accelerate the development of new services that use personal data to add value (including identity assurance and age verification services), the Government should mandate key public services to proactively offer to provide citizens with secure electronic tokens that verify attributes about themselves. These attributes to be placed in individuals’ Personal Data Stores, and continually updated thereafter via secure APIs.
The list of these Verified Attributes should be made public after due consultation. In addition, the Government should encourage and facilitate private sector holders of identified Verified Attributes to also proactively share these Verified Attributes with citizens. Organisations providing Verified Attributes should only do so to a bona fide Personal Data Store and should not carry any liability for their provision via secure channels that ensure they are not modified in transit or storage.
8. Ensure data sharing is Safe by Default
Government should undertake consultations to establish low cost, standard rules that guarantee the safety of individuals’ data when sharing this data with service providers. As far as is practicable and possible these standardised, Safe By Default processes should obviate the need for individuals to read, understand and agree to separate, bespoke privacy notices or terms and conditions that are effectively imposed on them by organisations. Core provisions of ‘Safe By Default’ data sharing include: 1) any data shared by an individual with a service provider should only be used for the purposes requested by the individual, 2) this data should not be used for any other purposes and 3) the data should not shared with any other parties.
9. Require zero knowledge operating principles
Personal Data Stores should operate on a zero knowledge basis — unable to see or process data held by individuals in their own data stores (for example, by providing each individual with their own unique cryptographic key to open and control the use of their own PDS).
10. Develop Personal Data Directories
To assist the development of new services, the Government should encourage and facilitate the development of Personal Data Directories that enable individuals and service providers working for these individuals to identify what information is held about about them by which organisations for what purpose. Critically, these personal data directories should also provide information about the data has been generated/collected and maintained and who it has been shared with. It should be easy for individuals to access this data (building on GDPR data portability provisions).
We believe these core principles provide a robust foundation for solid equitable progress. What do you think?