Digital independence: fighting back with Arthur Blanchon, founder of Misakey
Too few companies empower individuals to dispose of their own data. In their defense, the task seems immensely complex for businesses, despite best intentions. With Misakey, Arthur is on a quest to give power back to the people over their digital lives.
Two years after GDPR, how do businesses cope with their obligations to give individuals control over their personal data?
Most businesses experience it with complexity, and see it as a risk factor more than anything.
Organizations lack financial firepower and digital maturity to comply. We observe genuine good will around us, but budgets, education and frameworks are just too weak.
As a result, the current state of personal data processing for portability or deletion is quite poor.
How would you describe the different behaviours of organizations?
The pyramid quickly flattens from best to worst.
Pure-players are better suited to keep-up with the technological requirements to protect and empower their users over the ultra fast-paced Internet environment — see Trainline for example, who should serve as a role-model for anyone wanting to get better at this.
Customer-oriented companies are mostly good students with a strong culture of service. They have been doing their best to be A players of the digital world. Even though it is not enough. Eventually, at the end of a long process, they will execute the user’s request. It is respectable.
And then there are all the bad students — represented by 90% of organizations. The more digitally immature, the worse they are.
Do they mean well or do they just not care ?
Most of them mean well, but they have a hard time getting acquainted with the ever changing rules of the internet.
My insurer is a great example of a company that seems lost when it comes to dealing with the technology basics required to play in the digital world.
The authentication process to collect all my personal information is based on requesting an ID scan before giving me access to everything. The same ID scan I had to send over email to a random foreign travel agency to book a flight for example…
The information I got in return was 3 screenshots, which represents how far they are from being able to manage and secure the sensible user informations they are dealing with.
How can it be so complex for enterprises to adapt ? It seems like the imbalance with pure players is just too strong.
Here’s a perspective that sadly has no echo in the discussions around personal data: the Internet is always about startups, never about normal companies needing to adapt.
Survival is the issue for many small and medium businesses online. They are suffering. They are told to be cyber-secure and to comply, but they don’t have neither the firepower, nor the education or the tools to react
This is a new world created by engineers for the engineers. It becomes harder and harder for non-engineers to absorb any value at the scale of Internet.
Can the GAFAM be of any help, or is their position too impartial?
GAFAM are of tremendous help, at the price of losing independence and business value. Old organisations are like developing countries working for the tech giants in exchange for the hope to thrive over the internet.
For example, Gmail is the most used email provider in Europe. Everytime a Gmail user receives information about a purchase, the content is read and processed by Google. I’ve never been given the choice not to receive purchase information over email.
Interactions aren’t private anymore. What’s the point of asking my data to Carrefour via Gmail if Gmail will absorb it in the process?
It takes 1 year to big techs to gain 10 years of technological advance over the other players.
Can you explain the Misakey approach and how you aim to help?
We aim to provide individuals (company employees and their clients) with state-of-the-art encryption technology that works in any environments.
Misakey makes it easy to keep information confidential from the many intermediaries needed to interact on the internet. From companies sending purchase receipts to clients to individuals sending personal documents to their bank account manager over email, it secures personal data exchange over any-channels.
At the moment Misakey has no customers. It’s a open-source platform made to build products that satisfies both organizations in their daily uses, and the citizen.
Do you feel like the regulator is helping businesses get better at this?
Europe is doing an incredible, high-qualitative job at protecting citizens. It’s quite unexpected to be fair.
However the political choice that’s been made, and the administrative structure that goes with it, is to delegate to startups and businesses the responsibility to find solutions to comply with GDPR.
Organizations are practically free to do what they want/can to comply. CNILs only give perspectives. This leaves a huge void, and businesses feel left out with very little support.
The problem when you give this responsibility to startups, is that they work for those who pay them. Never for the citizen.
What are the next steps?
The slow pace at which things are moving is frightening sometimes, but I would be doing something else with my life if I didn’t find it to be essential. There’s a strong sense of purpose in what we do. It is a catalyst for all the energy that we deploy.
We’re in full engineer mode and ready to fight. Agility and operational speed are key. It’s quite a challenge!
You quoted Trainline as the model to follow. Can you explain why?
To make it short, they respect their users:
- A simple request by email will do in 99% of cases.
- Ask Trainline to send you your personal data somewhere else than Gmail and they will comply. Ask them to encrypt the email, they will comply.
- If using their website, the interface is easy to use. It’s the same for the teams and for the customers. All is done by clicking one simple button delete, recover or transfer to a third party.
- This is achieved by binding any user data stored to the owner.
