Getting Value with User-Held Data
How Using Data from Different Sources Can Improve Your Wellbeing
The adoption of privacy regulations such as GDPR, CCPA, and the California Privacy Rights Act (“CPRA)” has been an important catalyst in creating new opportunities for the use of personal data. These regulations enshrine different personal data rights that individuals can exercise vis-a-vis brands and businesses that collect personal data.
For example, individuals can now ask service providers to offer an explanation regarding what data they collect and a copy of all personal data they have collected. Such data must be provided in a readable and easy to understand format. Individuals can also ask a service provider to rectify certain data or delete all data it has collected about them. In California, the CCPA also requires businesses to respect a consumer’s request to opt-out of the sharing or selling of consumer data to third parties.
For businesses, these new regulations mean increased compliance costs. Businesses have to align internal data collection and management practices with newly imposed regulatory requirements. Businesses also have to spend a significant amount of time and resources on training their employees to handle customer data in responsible and lawful ways.
1. From Regulations to Innovation: The Significance of Data Portability
Adoption of new privacy regulations has opened the gate for innovation in the personal data sector. A number of companies are now offering B2B services that help customer-facing businesses comply with data privacy requirements and handle consumer requests.
This B2B data privacy compliance market is quite large, as indicated by the cost of handling consumer requests. Currently, the average cost of handling one request (e.g., a request to explain what kind of data the business has collected about the consumer) is approximately 1,400 US Dollars. Given this cost, it’s not difficult to understand why brands and online service providers that have hundreds of thousands of customers in the EU or California are concerned about these new privacy and compliance regulations.
It’s important to remember that GDPR and CCPA are instruments of public law. This means that the legislature felt it necessary to intervene and correct imperfections in the data market. To do that, regulators introduced certain binding, data processing requirements for companies and specified certain data rights that individuals can exercise against companies that collect personal data.
One of the most impactful unintended consequences of CCPA and GDPR stems from the right to data portability. In the eyes of the legislature, this right to “port” data has two possible connotations. First, people can request a copy of *all data that a business has collected about them. (*It is unlikely that a business will actually divulge all of the data it has collected about a person.) Second, people can direct one company (company A) to share data it has collected about them with another company (company B).
This right to “carry” data from company A to company B is more important than it may seem. If we look back in time, a similar breakthrough happened in the financial services industry. The European Payments and Services Directive in Europe (“PSD2”) created what is now referred to as Open Banking. PSD2’s main objective was to open the banking industry by (i) forcing financial service providers to use open APIs; (ii) imposing strict financial transparency standards; and (iii) using open source technologies.
As a result of PSD2, third-party developers were finally able to use open APIs and open source technologies to build new applications, which resulted in innovation breakthroughs in the FinTech industry. PSD2 also ignited the race toward generating more consumer value, improving usability, lowering cost, expanding availability of financial services, and creating more niche products for underserved and underrepresented customers. Financial inclusion was directly fueled by a leveling and opening market, in which anyone could compete with specific, consumer value-driving services offered by big banks.
2. Opportunities with User-Held Data
Trends similar to those observed in the FinTech industry are gaining momentum in the personal data sector. A number of companies have emerged with one single goal: help consumers manage their personal data. Currently, the majority of such companies offer tools that help consumers control privacy settings and exercise data rights specified by GDPR and CCPA.
Such “consent management” apps play an important role in raising consumer awareness about the extent to which personal data is exposed to and used by known and unknown actors online. They also help pave the way for building a new data ecosystem by identifying necessary components (e.g., technological standards, interoperability, regulatory and ethical requirements, new business models, etc.).
This is a remarkable shift from a rights-based approach to personal data toward a permissions-based approach. The rights-based approach has its foundation in the existing regulatory framework of GDPR and CCPA. The permissions-based approach to personal data is based on an individual’s actual ability to control who has access to personal data and how personal data is used.
Advanced hardware and software technologies that make it possible to process huge amounts of data on hand-held devices are quickly becoming available to individual consumers. Thanks to GDPR and CCPA, individuals can now save copies of data obtained from service providers (e.g., on Google Drive or a local device). We can expect to see tremendous innovations that generate value from “user-held” data, changing the personal data market in a manner similar to the way FinTech changed after PSD2’s rollout.
We have explained earlier why user-held data — the most accurate set of data held only by the individual consumer in her personal data cloud — should be deemed as an individual’s personal property (just like shares held in a bank account or cryptocurrency held in a crypto wallet). Such data contains the most accurate and up-to-date information about an individual, and is incomparable to the fragments of personal data that third-party service providers (such as Google or Facebook) have.
In the user-held data environment, individuals have full autonomy and power over their data. Such user-held data becomes extremely valuable; people probably won’t be willing to give it away. On the contrary, by being able to possess and control the most accurate and comprehensive set of personal data, individuals can fully actualize the long-term value of their data.
To be able to empower individuals to control how their personal data is used, it is inevitable that the individual has her data in her own personal data cloud.
3. The Value of Insights from Personal Data
Why are individuals so indifferent to how tech companies use their personal data? This issue is very complex. However, we can anticipate three possible answers to this question.
First, individuals simply have no choice. Currently, all terms and conditions are structured in a “take-it-or-leave-it” fashion. Second, it could be argued that the majority of individual consumers are simply not able to understand how online service providers collect and use their data. Third, people simply do not care.
Such information asymmetries regarding the use of personal data could be partially resolved by making the current data ecosystem more transparent. Personal data rights enshrined in GDPR and CCPA aim to do exactly that, but it takes time to develop data literacy programs and educate consumers about subjects as nuanced as data and privacy.
In the user-held data environment — where individuals are able to collect their data into their personal data clouds — individuals can get insights from their data, unlocking many different benefits. For example, it might be beneficial to see your physical activity data pooled from different sources, such as:
- Google Maps (if you are using an Android device, your location is being tracked every 15 seconds, unless you opt-out) and various ride-sharing apps could be used to track your locations during the day;
- iWatch or Fitbit data provides your daily steps and heart rate;
- Oura ring would identify your sleeping patterns.
Having data from various sources could help individuals gain insight into habits related to mobility, spending, social media use, and other behaviors. User-held data models make such insights possible. For example, individuals could learn about patterns in their behavior by exploring data from different sources in one centralized data dashboard. Based on insights they gain from that data, individuals could then make welfare-enhancing changes to their habits and lifestyles.
4. Connecting Devices with Third-Party Data
Current estimates report that every household has approximately six devices/tools that are connected to the internet (e.g., cell phone, smartwatch, laptop, car, TV set, smart sensors, etc). Each of those devices and sensors collects different segments of data. With the advancement of 5G technologies, our reliance on the internet is going to keep growing, and such rapid technological improvements will offer new opportunities for utilizing connected devices and IoT (the Internet of Things).
For example, smart home IoT solutions can help dim the lights or adjust the temperature in a room via interconnected sensors and devices. Smart home IoT solutions can also enable a myriad of other functions and applications, like setting rules for when back doors to the garden should open and close. In this context, the functioning of IoT devices largely depends on interoperability.
What if you could connect IoT devices to other sources of data? What creative tools could you dream up if you were able to connect smart devices and sensors to publicly available internet data? In California, which suffers from wildfires every year, one possible use-case could be connecting home sensors and devices with public data sources measuring air quality and weather conditions. It could then be possible to adjust settings such that doors and windows are automatically closed during periods of poor air quality. Similarly, depending on the rain forecast, it could be possible to tell sprinklers to turn on during dry periods and turn off during rainy ones.
One consistent challenge facing interoperability is that making such combined applications depends on the availability of open APIs used by different commercial vendors. In the smart home IoT space, such open APIs are available only to a limited degree, and some devices (e.g., Nest) are notoriously siloed. Luckily, there are shifts in the market toward efficiency, and we can expect greater interoperability and more opportunities to bring outside data into smart home environments in the near future.
b) Local Data Processing
Another interesting consideration underlying personal data and IoT relates to general security and the ability to process data locally. Programming lights to turn on and off in the evening even when you are on holiday trips is a no-brainer. However, more nuanced security considerations become evident when certain data are being processed in the cloud. What happens when data collected from IoT devices (e.g., the hours when the back door is opened and closed) end up in the hands of bad actors? What if such data allows a wrongdoer to easily determine when someone is at home or when kids get home before adults?
Local data processing is one possible way of solving this security problem. In fact, many of the voice commands and functions on smart IoT devices are relatively simple. This means that much of that data can be processed locally (without sending data to the cloud or requiring sophisticated encryption technologies). The downside is that the devices need to be developed such that they don’t rely on external servers (e.g. so voice recognition doesn’t falter).
The final aspect regarding data collected by smart devices and wearables relates to convenience. Individuals tend not to realize the value and time saved by solving a problem until the problem is solved. This is where user-centric design comes into play.
By using available data solutions, individuals can reap the benefits and enjoy the value of automating trivial things, like watering the garden. These solutions could be provided by default or be made simple and easy to install. There are myriads of examples like this demonstrating how smart devices and digital tools can be used in various ways.
5. Apps that Run on Top of User-Held Data
User-held data models create amazing opportunities for individuals and businesses. The adoption of GDPR and CCPA made it much harder for service providers to acquire data about their customers, which is an essential step in developing a better understanding of the market and customer expectations. Furthermore, strict data processing and sharing requirements further strengthened the position of the four data giants (Google, Amazon, Facebook, and Apple). Therefore, other businesses are looking for new ways to engage with their customers directly.
A User-held data model in which individuals have “master copies” of their personal data in personal data clouds offers a new, alternative path that empowers individuals to determine how their personal data is used. For instance, in order to get more personalized content from a publisher, the individual can give limited access to her social media profile data (namely, the type of content the individual is mostly engaged in). Based on such insights, the publisher can tailor content more effectively and offer special subscriptions that the individual may enjoy. This also fosters the opportunity for innovative service providers to develop services on top of user-held data, such as better article recommendations.
Having full control over personal data means that individuals — not service providers — can determine the extent to which a third-party service provider can access their data and set certain conditions under which third parties are allowed to gain access(e.g., whether to interact anonymously, whether the service provider has permission to track user’s activities, whether such user data can be copied and shared with third parties, etc.).
A New Understanding of Data Portability
In the user-held data environment, data portability gains a new meaning. Rather than being “ported” from one service provider to another, user-held data remains in a personal data cloud. Personal data never leaves; instead, it is used by various applications that run on top of user-held data. This personal data cloud and the “master data” it holds is fully under the user’s control: no other party can access it without the individual’s express permission.
Value is generated when individuals “activate” their personal data by using various tools — “applications” if you like — that help explain data and generate insights into it. This is achieved by using various “data widgets” that categorize user-held data in unique and useful ways.
Furthermore, value is generated by using applications that combine different sources of data. For example, imagine an app that runs “on top of” the user’s personal data cloud and combines movies that the user watched on Netflix, YouTube, and Amazon with IMDB’s library to provide personalized recommendations. The opportunities to build such applications and use-cases are infinite.
It should be emphasized that such user-held data always remains in the user’s personal data cloud; the applications run “on top” of that data. With regard to data portability, the individual “carries” the whole personal data cloud together with apps that are installed in that personal data cloud. Hence, models like a “data marketplace” or the current model, in which data is treated merely as a transactional (and thus worthless) asset, no longer seem to be accurate depictions of how individuals can become empowered with and get value from their personal data.
Similarly to the PSD2 environment, user-held data models create opportunities for developers to explore new types of data sources and get creative in building applications using data sources that have not previously been accessible. With data unlocked from silos, developers can combine different information for the user’s benefit, such as taking heart rate and location data and informing the user that, “you got quite exhausted taking this path last time, why don’t you try this other path”?
PSD2 limited itself to financial information. Now, we have a lot of valuable information that pertains to more than just finances. How much time have people saved using their financial data and applications like mint.com? It’s time to find out what innovations we can build using personal data.
Connect With Us and Stay in Touch
Prifina helps individuals get bespoke value from their personal data and provides tools for developers to build applications on top of user-held data. You can follow Prifina on Twitter, LinkedIn, Facebook, and join our Slack: “Liberty. Equality. Data.”
You can also listen and subscribe to our Podcast series.