Why we need new, nationwide personal data infrastructure

Alan Mitchell
Mydex
Published in
7 min readMar 9, 2021

This is the second in a series of blogs providing edited extracts of key points made by Mydex CIC in its response to the UK Government consultation around a new National Data Strategy.

The first one addressed the question “how to unleash the full potential of data?” Others look at Achieving Change at Scale, Common Misconceptions that Derail Progress, and the sheer size of the social and economic opportunity.

To catch up on progress on our Macmillan My Data Store Pilot click here.

The central plank of Mydex CIC’s consultation response is that the UK needs to build a new layer of data logistics infrastructure that:

  • Includes citizens in the workings of the data economy, empowering them with the ability to collect, store, use and share data about themselves independently of any data controllers they may have data relationships with.
  • To achieve this, the Government needs to ensure that every citizen is provided with their own personal data store, which enables citizens to collect, store, share and use their own data, under their own control, for their own purposes, independently of any organisation that may have collected data about them.
  • These personal data stores should be designed to act as neutral, enabling nodes in a vibrant data sharing network, whereby citizens can obtain copies of their data held by organisations and can forward relevant elements of this data (such as Verified Attributes) to other data users under their control, as and when beneficial and necessary.

Such a citizen empowering data logistics infrastructure is key to enabling a MUMU data economy to grow: one where the right personal data can flow to and from the right parties at the right times, in ways that protects citizens’ privacy and make them active participants in service provision.

Benefits of the new personal data infrastructure

Ensuring every citizen is provided with their own personal data store would kill many birds with one stone. Specifically, it would:

  • Enable order of magnitude reductions in friction, effort, risk and cost for both bona fide service providers and citizens
  • Ensure built-in privacy and data protection for all processes involving the collection and use of personal data
  • Ensure built-in fair pre-distribution of power and rewards relating to the collection and use of personal data, resulting in inclusive economic growth, enabling social inclusion and helping to tackle the digital divide and ‘poverty premium’
  • Act as a platform for innovation, enhancing capabilities, capacity and flexibility

Cutting costs

The most compelling immediate reason to introduce personal data stores is their cost-cutting potential.

By enabling citizens to easily, safely and securely obtain electronic copies of data held about them by organisations (as per the data portability provisions of GDPR/Data Protection Act) a personal data store-based data logistics infrastructure would enable data ecosystems to move from ‘make afresh every time’ to ‘make once use many times’ modes of operation.

Under the current organisation-centric system, if an organisation needs to know something about an individual it has to obtain the necessary information for itself, even though another organisation might have already obtained the same information. Very often, organisations don’t need the actual information itself: they just need confirmation that a particular piece of information is valid, up-to-date and correct (e.g. that an individual is over 18, lives at a particular address, has a valid driving licence, has passed certain exams, is entitlement to certain benefits, etc).

Responsible organisations that have already checked information can easily and cheaply generate secure electronic tokens verifying these bits of information. These are called ‘Verified Attributes’. Enabling this information to be ported to a personal data store and forwarded to other service providers, would eliminate vast amounts of duplicated effort for both service providers and service users, significantly reducing the time, money and effort they invest in collating and confirming the data they need.

The Scottish Government has already successfully conducted tests to confirm the technical viability of such a process in its Verified Attribute prototype. The prototype

“enables public sector organisations to provide individuals with verified attributes, for individuals to store these attributes in their own Attribute Store, and for these individuals to be able to share these attributes with other public sector service providers as and when needed.”

Because of the way these verified attributes work (using secure API links) other parties can rely on the accuracy and provenance of this data without having to undertake their own checking processes or asking citizens to fill out yet another form. (Some people say that such a process cannot work, asking who takes liability if a piece of shared data happens to be wrong. In fact, relying on data provided by other people happens in multiple processes all the time without any liability model. Whether to accept the information is down to the user’s own assessments of related risk.)

By enabling the sharing of Verified Attributes and other data, personal data stores render many previously essential data processing tasks unnecessary (thereby freeing up time and resources) while enabling service providers to access more, better quality data, more quickly. The potential power of this approach is demonstrated by the Scottish Government’s work on ‘smart entitlements’ which examines just how big the opportunity is and how to realise it.

The sharing of verified attributes also cracks the problem of online identity: an ‘identity’ is simply an accepted collection of verified attributes.

Built-in privacy and data protection

It is now universally accepted that citizens should be able to assert more control over how their data is collected and used. Compliance with new data protection regulations remains a major challenge. By creating mechanisms that ensure that personal data is shared and used by the citizens whose data it is, a new personal data store based data logistics infrastructure would ensure privacy and data protection by default.

A failure to build such citizen empowering personal data infrastructure can only result in ‘more of the same’ problems.

Rebalancing the workings of the data economy

It is now widely recognised that status-quo approaches to the collection and use of personal data have resulted in huge competition- and growth-restricting, unfair and socially divisive imbalances of power and reward. There is now ongoing debate as to how to ‘fix big tech’ with the UK’s Competition and Market Authority recommending the creation of a new Digital Markets Unit to curb the power of big tech data monopolies.

While regulatory intervention is part of the answer, regulation alone can not do the job. We also need to embed new, fairer ways of working into day-to-day data management practices. Providing every citizen with a personal data store achieves this, ensuring fair pre-distribution of power over personal data and resulting rewards.

The Financial Times recently observed much effort is now going into ‘fixing big tech’. But:

“The real game-changer would be if Europe could pioneer the creation of a radically different and more decentralised data economy.”

A personal data store-based data logistics infrastructure would achieve this decentralisation.

The Future of Citizen Data Systems report by the Government Office for Science, notes research that using such an approach may be closest to economically optimal, citing an economic modelling study that:

“investigated how different models of data control could affect how far data is shared when consumers prioritise both their privacy and gains from use of their data. A scenario where consumers control their use of data was closest to optimal, with maximised benefits from data sharing and privacy. Consumers kept some data private, but shared other data with many more organisations and companies, compared to a scenario where firms controlled data.”

One important aspect of this rebalancing is tackling the poverty premium. Currently, data exclusion is a major cause of social exclusion. Those with the greatest needs for access to services are also those who have to spend the greatest amounts of time, effort and money filling in application forms, trying to find data and prove credentials. By enabling individuals to build up banks of pre-verified facts about themselves — facts that they can reuse when applying for services — the new data infrastructure would go a long way to enabling social inclusion.

A platform for innovation

Organisations use data for many different purposes e.g. for the purposes of measurement, analysis, decision-making, operations planning, coordination and implementation, and administration to manage their operations better. Enabling individuals to do the same with their own data would open up a tidal wave of innovation.

Individuals should be able to collect, store and use their own data for the same purposes (of measurement, analysis, decision-making, operations planning, coordination and implementation, and administration) in order to manage their lives better. This applies across all ‘life departments’ whether it is managing a home and dealing with suppliers, making big financial decisions such as planning for retirement, coping with long-term illnesses such as diabetes or cancer, or advancing their education and careers.

Personal data stores enable service innovation in such areas by enabling citizens to safely and efficiently combine data from many sources, and to add extra information about themselves (e.g. plans, preferences, goals) to build rich new-to-the-world person-centric data assets that weren’t possible before (because previously the data was dispersed across many different organisations).

The Government has already recognised some of this innovation potential with its Open Banking initiative. However, with Open Banking, data is ported from one organisation to another and never back to the individual whose data it is. This is a very restricted form of data portability which requires costly and heavy regulatory oversight and risks creating a complexity catastrophe as it tries to scale. It also actually reduces individuals’ control over their data. As individuals’ data gets spread across an increasing number of different organisations, it gets more and more difficult for individuals to keep tabs on their data.

In contrast, personal data stores allow a person’s data to be aggregated around that person, making it possible for service providers to gain permissioned access enhanced, enriched data sets to provide enhanced, enriched, personalised services. Given that this information is critical to service provision across every major sector of the economy including financial services, health, public administration, transport, education/skills development, housing and leisure, this has the potential to become a significant driver of innovation and economic growth.

Once every citizen has been provided with their own personal data store, the Government will have created personal data infrastructure with near infinite flexibility: the ability to handle any data for any purpose. With the infrastructure in place for example, when the Government introduces a new policy requiring access to data (as happened with the Covid pandemic) it can use the infrastructure to enable the right information to get to and from the right people at the right times.

Given that companies like Mydex CIC have already built the infrastructure that is needed to achieve all the above, there is now no good reason why the UK Government cannot implement provision of this new infrastructure at speed.

--

--