Design Principles for the Personal Data Economy

Last month we were asked to give a talk in Korea on the design principles for a new personal data economy. We’ve turned this talk into a White Paper, published here.

It’s important because, in our view, most current debate about personal data is based on a philosophical category error that inevitably leads to a dead end.

If you want to solve a problem you need to know what’s causing it. If you’ve got a heart problem, no matter how many pills you take for gastric wind you won’t solve it. When it comes to personal data, most discussion assumes that our problems are caused by how organisations handle the data they collect and use. They are not. They are caused by the design of the system these organisations are operating within.

‘System design’? That sounds rather abstract and airy-fairy. Not for practical people. But it’s not abstract or airy-fairy at all. Birds are living systems designed to fly in the air. Fish are designed to swim in water. If you ask a fish to fly you won’t get very far because that’s not what its system is designed to do.

Today’s personal data system is designed to help organisations collect and use data to further their particular purposes. It is not designed to help citizens get the benefits of their data, to use data to address social ills, or even to help economy-wide innovation and growth (which may involve the creation of new and different organisations).

In fact, with the way our current system works citizens have little or no control over their own data and are not benefiting as they should from it. Service providers often lack access to the data they need and face high costs in accessing and using it. And the system as a whole experiences high costs along with low levels of trust and restricted innovation.

But these problems are not created by the behaviours of individual organisations in isolation. They are created by the way the system itself works. Its design: the fact that it is organised solely around organisations collecting and using data for their own particular purposes. We simply won’t solve the problems we now face by asking organisations to behave differently; by asking fish to fly. We can only solve them by introducing a different system design.

Fitness for purpose

We need a system for personal data that unleashes its full personal, social and economic potential; that goes beyond only helping organisations achieve their purposes. To achieve this we need to design a new system that’s fit for a broader range of purposes; that’s designed to fly rather than swim.

These design principles are not random, plucked from the air because we think they might be nice. It’s no accident that all fish are sleek and that birds have wings. These designs fit what they need to do. So what fit-for-purpose design principles do we need to adopt?

For a start, we need to build on the fact that unlike other commodities, when data gets used it doesn’t get used up. It can be used again and again, for many different purposes. We expand on this theme here. This being the case, it makes no sense to restrict access to data to just one organisation with one set of purposes. We need to break out of the confines of organisation-centricity, to enable data sharing.

However, if you try to create a system where all organisations try to share data with all other organisations, you quickly create a complexity catastrophe. To solve this problem you need fit-for-purpose design. If data about each individual is deposited in the individual’s personal data store, then these personal data stores can act as hubs for the safe, efficient sharing of personal data.

This is effectively a new layer of data infrastructure that transforms the design of the system. It turns multiple separate, independent, exclusive and excluding silos of data collection and use (today’s organisations) into a networked data sharing ecosystem with three core functional layers:

• Service providers collecting and generating personal data (acting as ‘data factories’ if you like)
• A new exchange layer made up of personal data stores where data is stored and distributed under the individual’s control (data warehouses holding what the factories have produced)
• The same and other service providers accessing and using this data to produce specific services.

This means that our system’s current operating principle — that ‘the organisations that use data always store the data in question in their own systems’ — increasingly makes way for a different operational principle: the increasing separation of data storage and use, where personal data stores store individuals’ data and specialist users access this data when they need it. (Like to going to a shop when you need bread rather than baking it yourself.)

A key element of this new system design is that it is now largely citizen- or person-centric. Personal data stores a) give each individual control over the collection, sharing and use of their own data, and b) act as the natural point where all information about them is aggregated — information that was previously dispersed across hundreds of different, separate organisations collecting data about them.

This new structure not only empowers citizens with their own data (thereby shifting balances of power and reward within the data economy), it also creates new person-centric data assets that are impossible to create under the old structure and which are natural sources of future innovation and growth.

The economics of all this is another question which we will return to shortly. Right now, our focus is the design principles themselves which fall into four main areas of system architecture, infrastructure, governance and economic/business model. The following tables summarise their key points. The White Paper itself explains their logic in further detail.

Architecture

Today’s data economy is organised exclusively around organisations, disperses citizens’ data across many different organisations, excludes citizens from its workings (with organisations collecting and using data about them), operates via separate data silos that act like moated castles of data control, and integrate the collection and use of data behind these castle walls.

The new data economy will enable citizens to collect and use their own data (as well as organisations), make individuals the point at which data about themselves is integrated, and place this new data asset directly under the citizen’s control. It will connect today’s data silos via a new ‘exchange layer’ of personal data stores that enable citizen-controlled data sharing and increasingly separates the storage of data from use.

Table 1: Architecture of the new personal data ecosystem

Infrastructure

Today’s organisation-centric approach to personal data use creates multiple separate data silos where data is concentrated in a small number of centralised databases. Citizens’ control over their data is restricted to (often only formal) rights to consent to data collection and use. By the very way it operates it is privacy invading: organisations get to know a lot about the individuals they hold data on.

The new infrastructure is distributed, with multiple nodes (personal data stores) where individuals can exert real, direct control over their data. Because each personal data store is individually encrypted, with only the individual holding the key, it operates on a zero knowledge (rather than privacy invading) basis. It has a technology agnostic, cloud- based approach where PDS providers ensure key functions such as interoperability.

Table 2: Infrastructure of the new personal data ecosystem

Governance

The critical governance challenge is that trustworthiness cannot be reduced to an organisation’s policy or promise: a policy that may change at any time or a promise that may be broken at any time. Commitments to ensure data security, privacy etc need to be permanent and legally enforceable, embedded in the constitutions of the institutions providing the data infrastructure. (This relates to the ‘built to last’ principle — see below).

In today’s data ecosystem, many organisations seek to gather and use personal data for the purposes of competitive advantage. To achieve this, they restrict who has access to the data.. For infrastructure designed to empower and include citizens and to enable data sharing of wider, improved data use, while competition between different service providers can be as intense as ever, the data infrastructure needs to be neutral: it must be designed to enable all legitimate users, without favour.

Table 3: Infrastructure governance in the new personal data ecosystem

Economic logic and business models

To sustain themselves in a way that maintains and fulfils their function, personal data store providers need to be able to cover their costs. This ensures their independence from external parties who may wish to use control over the purse strings to exercise control over purposes. Because the purpose of this infrastructure is to enable others’ actions rather than to make and sell a specific ‘product’, its prime economic logic and benefit is ‘cost out’ rather than ‘added margin’. All its financial and economic incentives need to be designed to ensure this sustainability, neutrality and mission alignment.

A key part of this is continuity and longevity: a personal data store is for life, so the institutions providing personal data stores should be designed for decades (centuries, even). Whatever particular corporate form they take, legal safeguards relating to continuity and longevity of purpose need to be built into how they operate.

Table 4: Economic and business models underlying the new personal data ecosystem