apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society by Viivi Lähteenoja, MyData Global
•Descargar como PPTX, PDF•
6 recomendaciones•7,792 vistas
MyData for a fair, sustainable, and prosperous society Viivi Lähteenoja, Deputy General Manager at MyData Global
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (19)
Similar a apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society by Viivi Lähteenoja, MyData Global
Similar a apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society by Viivi Lähteenoja, MyData Global (20)
Más de apidays
Más de apidays (20)
Último
Último (20)
apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society by Viivi Lähteenoja, MyData Global
- 1. MyData for a fair, sustainable, and prosperous society These slides: https://mydata-global.org/apidays-paris-2019
- 2. Bonjour! Viivi Lähteenoja Deputy General Manager, MyData Global viivi@mydata.org, @viivilahteenoja, @mydataorg 2
- 3. PERSONAL DATA IS EVERYWHERE Learning Mobility Energy Public Services Self Measurement Health Insurance and Finance Retail Apps Communic. and Media Internet of Things
- 4. Personal data is becoming a new economic “asset class”, a valuable resource for the 21st century that will touch all aspects of society. World Economic Forum
- 5. MyData Alternative vision Guiding principles Global organisation Meetings & conferences
- 6. The core idea is that individuals should be in control of the data about them. The MyData approach aims at strengthening digital human rights while opening new opportunities for businesses to develop innovative personal data based services built on mutual trust.
- 7. Weak Data Protection Lots of data usage Less usage of personal data Strong Data Protection Comply with the GDPR People decideOrganisations decide Old paper times REGULATION
- 8. MYDATA SHIFTS: WHAT NEEDS TO CHANGE1 https://mydata.org/declaration 1.1. FROM FORMAL TO ACTIONABLE RIGHTS 1.2. FROM DATA PROTECTION TO DATA EMPOWERMENT 1.3. FROM CLOSED TO OPEN ECOSYSTEMS
- 9. MYDATA PRINCIPLES: WHAT WE WANT TO ACHIEVE3 https://mydata.org/declaration 3.1 HUMAN-CENTRIC CONTROL OF PERSONAL DATA 3.2 INDIVIDUAL AS THE POINT OF INTEGRATION 3.3 INDIVIDUAL EMPOWERMENT 3.4 PORTABILITY: ACCESS AND RE-USE 3.5 TRANSPARENCY AND ACCOUNTABILITY 3.6 INTEROPERABILITY
- 10. MyData for Managing Personal Data An infrastructure-level approach (vs. single solution or platform) a. data interoperability and portability with international standards Consent-based control a. not necessary to store all personal data in centralized repositories in order to control the data flow
- 11. Requirements for MyData Infrastructure ● Machine readable interfaces for personal data access (MyData API) ● Data format standardisation ● Standardised agreements and dynamic consent framework ● Interoperability model for consent management accounts and operators ● Services and applications that utilize portable personal data
- 12. Personal Analytics (done in PDS) Service Discovery (marketplaces for apps) Consent & Policy Management Identity Management (self sovereign identity) User Experience (UI, tools and assistants) Relationship Management (individuals & organizations) Governance & Regulation (network of trusted operators) Data Standards (semantic harmonisation) Personal Data Storage (API of me & personal cloud) Authentication and Authorisation Interoperability System Security
- 14. 14 Over several years, we have built a community of thousands and the foundation for a strong movement. It was formalised into the first international nonprofit based in Finland in 2018. MyData Global
- 17. In a nutshell 1. The battle over personal data is the defining issue of tomorrow’s digital economy. 2. MyData shifts the current paradigm of personal data (mis)use and empowers people. 3. Our goal is to make human-centric personal data globally known to implement this shift. 4. Together we can build a fair, sustainable and prosperous digital society for all.
Notas del editor
- object: MyData Wheel (logo)
- object: MyData Vision
- Object: Dual-Dichotomy: MyData = data protection + data usage http://okffi.github.io/mydata/fi_2018.html#tietosuoja-ja-tiedon-hy%C3%B6dynt%C3%A4minen Kuva 0.2: MyData mahdollistaisi henkilötiedon jouhevan käytön niin, että hyödyt maksimoidaan ja yksityisyydensuojan heikkeneminen minimoidaan.
- object: MyData Shifts
- 3.1 HUMAN-CENTRIC CONTROL OF PERSONAL DATA Individuals should be empowered actors in the management of their personal lives both online and offline. They should be provided with the practical means to understand and effectively control who has access to data about them and how it is used and shared. We want privacy, data security and data minimisation to become standard practice in the design of applications. We want organisations to enable individuals to understand privacy policies and how to activate them. We want individuals to be empowered to give, deny or revoke their consent to share data based on a clear understanding of why, how and for how long their data will be used. Ultimately, we want the terms and conditions for using personal data to become negotiable in a fair way between individuals and organisations. 3.2 INDIVIDUAL AS THE POINT OF INTEGRATION The value of personal data grows exponentially with their diversity; however, so does the threat to privacy. This contradiction can be solved if individuals become the “hubs” where, or through which cross-referencing of personal data happens. By making it possible for individuals to have a 360-degree view of their data and act as their “point of integration”, we want to enable a new generation of tools and services that provide deep personalisation and create new data-based knowledge, without compromising privacy nor adding to the amount of personal data in circulation. 3.3 INDIVIDUAL EMPOWERMENT In a data-driven society, as in any society, individuals should not just be seen as customers or users of pre-defined services and applications. They should be considered free and autonomous agents, capable of setting and pursuing their own goals. They should have agency and initiative. We want individuals to be able to securely manage their personal data in their own preferred way. We intend to help individuals have the tools, skills and assistance to transform their personal data into useful information, knowledge and autonomous decision-making. We believe that these are the preconditions for fair and beneficial data-based relationships. 3.4 PORTABILITY: ACCESS AND RE-USE The portability of personal data, that allows individuals to obtain and reuse their personal data for their own purposes and across different services, is the key to make the shift from data in closed silos to data which become reusable resources. Data portability should not be merely a legal right, but combined with practical means. We want to empower individuals to effectively port their personal data, both by downloading it to their personal devices, and by transmitting it to other services. We intend to help Data Sources make these data available securely and easily, in a structured, commonly-used and machine-readable format. This applies to all personal data regardless of the legal basis (contract, consent, legitimate interest, etc.) of data collection, with possible exceptions for enriched data. 3.5 TRANSPARENCY AND ACCOUNTABILITY Organisations that use a person’s data should say what they do with them and why, and should do what they say. They should take responsibility for intended, as well as unintended, consequences of holding and using personal data, including, but not limited to, security incidents, and allow individuals to call them out on this responsibility. We want to make sure that privacy terms and policies reflect reality, in ways that allow people to make informed choices beforehand and can be verified during and after operations. We want to allow individuals to understand how and why decisions based on their data are made. We want to create easy to use and safe channels for individuals to see and control what happens to their data, to alert them of possible issues, and to challenge algorithm-based decisions. 3.6 INTEROPERABILITY The purpose of interoperability is to decrease friction in the data flow from data sources to data using services, while eliminating the possibilities of data lock-in. It should be achieved by continuously driving towards common business practices and technical standards. In order to maximise the positive effects of open ecosystems, we will continuously work towards interoperability of data, open APIs, protocols, applications and infrastructure, so that all personal data are portable and reusable, without losing user control. We will build upon commonly accepted standards, ontologies, libraries and schemas, or help develop new ones if necessary.
- An infrastructure-level approach for ensuring data interoperability and portability – open infrastructures make it possible for individuals to change service providers without proprietary data lock-ins Sector independent – there is currently significant progress being made in individual sectors, such as health and finance, but a cooperative approach could work across all sectors Consent-based data management and control – it is not necessary for the individual to store all his/her data in centralized repositories in order to control the data flow
- Object: Technical Building Blocks Example initiatives: Personal Data Management and Creation Interface E.g. Meeco, Healthkit Personal data management, relationship management, decision support, self-report, data visualization, privacy control etc. Algorithm and Application Sandbox, Analytics Engine E.g. Synergetics, Genecloud, Cozy Cloud, OpenPDS Algorithm and application sandbox, analytics engine. Run analysis and applications locally instead of sending data out. Aggregating and analysing encrypted data Semantic Models, Schemas “Profiles” E.g. Hub-of-all-things Industry sector standards; API harmonisation; New personal data semantics; Multi purpose data profiles (i.e. health, mobility, intent profile, contact, status) Data Storage, Database model, Data APIs E.g. Mydex Local, cloud, distributed storage. Data as a Service. Various security approaches. Authorization, Audit Trail, Consent models UMA, XDI2, TAS3, Minimum Viable Consent Rereipt Consent management as a service, authorizing and later auditing the data transactions. Standard user policy management and sticky policies (policies travel with the data). Permissions and Obligations Service Registry, Service Discovery E.g. Appstore, Google Play, IFTTT Base of the “app store”, discovery of compatible services and data sources Identity Management E.g. Tupas, eIDAS, OpenIDConnect, Glome Soft Account Trust networks, IdPs, strong authentication, regional regulations, identity non-disclosure as default, unique Identifiers, pseudonymization mechanisms. Trust Assurance End2end trust assurance (trust being the container for trust + security + privacy); No backdoors; Aggregating and analysing encrypted data; Privacy by Design; Must utilize best of breed cyber security tools and protocols; Tools that enable individual control and privacy management. Governance model Best practices, rules and regulations (legal and technical); Clarity of rules and division of legal responsibilities; Federated and/or hierarchical trust networks and schemes; separation of concerns; Relationship management Human-centric or symmetric counterpart to organization-centric CRM thinking; Vendor Relationship Management (VRM); Customer Managed Relationships (CMR).
- object: MyData Global Hubs Download the file from here: https://docs.google.com/presentation/d/17fJ0HmDt1X7i_MXyn0Nxpxx4KrYepLwbj4pRSPziOko/export/png