4. Personal data is becoming a
new economic “asset class”,
a valuable resource for the
21st century that will touch
all aspects of society.
World Economic Forum
6. The core idea is that
individuals should be in
control of the data about
them.
The MyData approach aims
at strengthening digital
human rights while opening
new opportunities for
businesses to develop
innovative personal data
based services built on
mutual trust.
7. Weak
Data Protection
Lots of data
usage
Less usage of
personal data
Strong
Data Protection
Comply with the GDPR
People decideOrganisations decide
Old paper times
REGULATION
8. MYDATA SHIFTS:
WHAT NEEDS TO CHANGE1
https://mydata.org/declaration
1.1. FROM FORMAL TO
ACTIONABLE RIGHTS
1.2. FROM DATA
PROTECTION TO DATA
EMPOWERMENT
1.3. FROM CLOSED TO
OPEN ECOSYSTEMS
9. MYDATA PRINCIPLES:
WHAT WE WANT TO ACHIEVE3
https://mydata.org/declaration
3.1 HUMAN-CENTRIC
CONTROL OF
PERSONAL DATA
3.2 INDIVIDUAL AS
THE POINT OF
INTEGRATION
3.3 INDIVIDUAL
EMPOWERMENT
3.4 PORTABILITY:
ACCESS AND RE-USE
3.5 TRANSPARENCY
AND
ACCOUNTABILITY
3.6
INTEROPERABILITY
10. MyData for Managing Personal Data
An infrastructure-level approach (vs. single solution
or platform)
a. data interoperability and portability with
international standards
Consent-based control
a. not necessary to store all personal data in
centralized repositories in order to control the
data flow
11. Requirements for MyData Infrastructure
● Machine readable interfaces for personal data
access (MyData API)
● Data format standardisation
● Standardised agreements and dynamic consent
framework
● Interoperability model for consent management
accounts and operators
● Services and applications that utilize portable
personal data
12. Personal
Analytics
(done in PDS)
Service
Discovery
(marketplaces
for apps)
Consent &
Policy
Management
Identity
Management
(self sovereign
identity)
User
Experience
(UI, tools and
assistants)
Relationship
Management
(individuals &
organizations)
Governance
& Regulation
(network of
trusted
operators)
Data Standards
(semantic
harmonisation)
Personal Data
Storage
(API of me &
personal cloud)
Authentication
and
Authorisation
Interoperability
System
Security
13.
14. 14
Over several years, we have built a
community of thousands and the
foundation for a strong movement.
It was formalised into the first
international nonprofit based
in Finland in 2018.
MyData Global
17. In a nutshell
1. The battle over personal data is the defining issue
of tomorrow’s digital economy.
2. MyData shifts the current paradigm of personal
data (mis)use and empowers people.
3. Our goal is to make human-centric personal data
globally known to implement this shift.
4. Together we can build a fair, sustainable and
prosperous digital society for all.
Object: Dual-Dichotomy: MyData = data protection + data usage
http://okffi.github.io/mydata/fi_2018.html#tietosuoja-ja-tiedon-hy%C3%B6dynt%C3%A4minen
Kuva 0.2: MyData mahdollistaisi henkilötiedon jouhevan käytön niin, että hyödyt maksimoidaan ja yksityisyydensuojan heikkeneminen minimoidaan.
object: MyData Shifts
3.1 HUMAN-CENTRIC CONTROL OF PERSONAL DATA
Individuals should be empowered actors in the management of their personal lives both online and offline. They should be provided with the practical means to understand and effectively control who has access to data about them and how it is used and shared.
We want privacy, data security and data minimisation to become standard practice in the design of applications. We want organisations to enable individuals to understand privacy policies and how to activate them. We want individuals to be empowered to give, deny or revoke their consent to share data based on a clear understanding of why, how and for how long their data will be used. Ultimately, we want the terms and conditions for using personal data to become negotiable in a fair way between individuals and organisations.
3.2 INDIVIDUAL AS THE POINT OF INTEGRATION
The value of personal data grows exponentially with their diversity; however, so does the threat to privacy. This contradiction can be solved if individuals become the “hubs” where, or through which cross-referencing of personal data happens.
By making it possible for individuals to have a 360-degree view of their data and act as their “point of integration”, we want to enable a new generation of tools and services that provide deep personalisation and create new data-based knowledge, without compromising privacy nor adding to the amount of personal data in circulation.
3.3 INDIVIDUAL EMPOWERMENT
In a data-driven society, as in any society, individuals should not just be seen as customers or users of pre-defined services and applications. They should be considered free and autonomous agents, capable of setting and pursuing their own goals. They should have agency and initiative.
We want individuals to be able to securely manage their personal data in their own preferred way. We intend to help individuals have the tools, skills and assistance to transform their personal data into useful information, knowledge and autonomous decision-making. We believe that these are the preconditions for fair and beneficial data-based relationships.
3.4 PORTABILITY: ACCESS AND RE-USE
The portability of personal data, that allows individuals to obtain and reuse their personal data for their own purposes and across different services, is the key to make the shift from data in closed silos to data which become reusable resources. Data portability should not be merely a legal right, but combined with practical means.
We want to empower individuals to effectively port their personal data, both by downloading it to their personal devices, and by transmitting it to other services. We intend to help Data Sources make these data available securely and easily, in a structured, commonly-used and machine-readable format. This applies to all personal data regardless of the legal basis (contract, consent, legitimate interest, etc.) of data collection, with possible exceptions for enriched data.
3.5 TRANSPARENCY AND ACCOUNTABILITY
Organisations that use a person’s data should say what they do with them and why, and should do what they say. They should take responsibility for intended, as well as unintended, consequences of holding and using personal data, including, but not limited to, security incidents, and allow individuals to call them out on this responsibility.
We want to make sure that privacy terms and policies reflect reality, in ways that allow people to make informed choices beforehand and can be verified during and after operations. We want to allow individuals to understand how and why decisions based on their data are made. We want to create easy to use and safe channels for individuals to see and control what happens to their data, to alert them of possible issues, and to challenge algorithm-based decisions.
3.6 INTEROPERABILITY
The purpose of interoperability is to decrease friction in the data flow from data sources to data using services, while eliminating the possibilities of data lock-in. It should be achieved by continuously driving towards common business practices and technical standards.
In order to maximise the positive effects of open ecosystems, we will continuously work towards interoperability of data, open APIs, protocols, applications and infrastructure, so that all personal data are portable and reusable, without losing user control. We will build upon commonly accepted standards, ontologies, libraries and schemas, or help develop new ones if necessary.
An infrastructure-level approach for ensuring data interoperability and portability – open infrastructures make it possible for individuals to change service providers without proprietary data lock-ins
Sector independent – there is currently significant progress being made in individual sectors, such as health and finance, but a cooperative approach could work across all sectors
Consent-based data management and control – it is not necessary for the individual to store all his/her data in centralized repositories in order to control the data flow
Object: Technical Building BlocksExample initiatives:
Personal Data Management and Creation Interface
E.g. Meeco, Healthkit
Personal data management, relationship management, decision support, self-report, data visualization, privacy control etc.
Algorithm and Application Sandbox, Analytics Engine
E.g. Synergetics, Genecloud, Cozy Cloud, OpenPDS
Algorithm and application sandbox, analytics engine. Run analysis and applications locally instead of sending data out. Aggregating and analysing encrypted data
Semantic Models, Schemas “Profiles”
E.g. Hub-of-all-things
Industry sector standards; API harmonisation; New personal data semantics; Multi purpose data profiles (i.e. health, mobility, intent profile, contact, status)
Data Storage, Database model, Data APIs
E.g. Mydex
Local, cloud, distributed storage. Data as a Service. Various security approaches.
Authorization, Audit Trail, Consent models
UMA, XDI2, TAS3, Minimum Viable Consent Rereipt
Consent management as a service, authorizing and later auditing the data transactions. Standard user policy management and sticky policies (policies travel with the data). Permissions and Obligations
Service Registry, Service Discovery
E.g. Appstore, Google Play, IFTTT
Base of the “app store”, discovery of compatible services and data sources
Identity Management
E.g. Tupas, eIDAS, OpenIDConnect, Glome Soft AccountTrust networks, IdPs, strong authentication, regional regulations, identity non-disclosure as default, unique Identifiers, pseudonymization mechanisms.
Trust Assurance
End2end trust assurance (trust being the container for trust + security + privacy); No backdoors; Aggregating and analysing encrypted data; Privacy by Design; Must utilize best of breed cyber security tools and protocols; Tools that enable individual control and privacy management.
Governance model
Best practices, rules and regulations (legal and technical); Clarity of rules and division of legal responsibilities; Federated and/or hierarchical trust networks and schemes; separation of concerns;
Relationship management
Human-centric or symmetric counterpart to organization-centric CRM thinking; Vendor Relationship Management (VRM); Customer Managed Relationships (CMR).
object: MyData Global Hubs
Download the file from here:https://docs.google.com/presentation/d/17fJ0HmDt1X7i_MXyn0Nxpxx4KrYepLwbj4pRSPziOko/export/png