Data Hack Iceland update: third-party apps being built on!

Our Data Hack Iceland 2017 event last month was a huge success, and we thought it was about time we gave you an update about some of the great ideas that sprung to life there.

Four of the apps – VaxAbroad, Sensei, Fin-Tin-Der and meets Arion Banki – are now coming to life as part of the first suite of third-party apps being built on the platform – a very exciting time for both us and their creators!

VaxAbroad, which was the non-profit category winner at the hackathon, makes it easy to inform people what vaccinations are needed for different countries. Check out some screenshots here.

Sensei is an AI bot that runs natively on your phone and is able to chat you, providing useful information based on your social media, health and financial data. For example, Sensei can tell you if you are spending too much on lattes at Starbucks this month. See more here.

Fin-Tin-Der is the future of dating apps, basing matches on people’s finances and spending habits. So it looks at things such as what are the top five merchants you spend money with? And would you date someone who shared favourite brands such as IKEA, Iceland Air, Amazon, Crunch Fitness and KFC? meets Arion Banki is an app that captures and imports your transaction data from Icelandic banks into your app.

Work is also progressing on grand prize winner Tinderest, an app that understands your preferences, social behaviour, financial information and health data, with a view to including it on a new travel app – more on that when we can share it!

Tinderest uses matching algorithms and AI to automatically suggests things to do in a new destination based on the behaviour of other people with similar profiles, needs and tastes – check it out here.

So all in all, a very exciting suite of apps to start our third-party journey with – we’ll keep you updated, as always, when we have new developments to share!


Birgit Sippel makes first public statement on ePrivacy – and why it shouldn’t stifle innovation

The European Parliament’s new Special Rapporteur for the proposed ePrivacy Regulation, German MEP Birgit Sippel, has made her first public statement setting out her beliefs – and she didn’t mince her words.

Speaking at the IAPP Europe Data Protection Congress, she told a sold-out event that online and offline privacy should be afforded the same status:

“Would you allow a stranger to go into your bedroom or look through your drawers without your permission?” she asked. “No, you probably wouldn’t.”

Sippel also called for over the top (OTT) providers, including services such as messaging and dating apps, to be covered by the ePrivacy Regulation, arguing: “Some of us may send an SMS text, while others may use a service like WhatsApp. One is covered by the current ePrivacy Directive, while the other is not. Consumers need the same protections for both.”

She also called for an abolition of surveillance-driven advertising – and the need for implemented legislation to make good on universally-agreed freedoms such the right to personal privacy.

One key theme from her speech was that businesses have the answers to innovating with privacy – and that compliance with privacy regulation need not stifle new ideas.

She said that businesses are innovative and should be able to create ways of obtaining meaningful consent without causing consumer fatigue.

Here at, where we have built a bespoke Consent Access platform so our users – and those who want consented access to their data – can do just that, we couldn’t agree more.

New legislation will always bring challenges, but in rising to meet those we create superior products that exceed consumer expectations while being compliant.

And that’s certainly a win-win situation for everyone. So here’s to innovation! partners with e-health specialists Egde Consulting in Norway is delighted to announce a partnership with Norway-based e-health specialists Egde Consulting.

Partnering with Egde gives an entry into the Nordic market with excellent expertise, ambition and contacts in the e-health space and other business areas.

Together we are working to create the environment for new innovation around the personal data economy and the Internet of Me, putting the user at the heart of their medical data.

Key aims are helping to increase the digitisation of Norway’s health services as well as pushing for greater patient centricity.

Egde Consulting’s Andy Harrison said: “Egde works with innovative private and public sector organisations.

We recognised the need to create simple solutions for integrating data while providing best practice in privacy and security and see as a key solution to these challenges.”

As part of this partnership,’s Founder and Executive Chairman Julian Ranger will be speaking at the e-health in Norway (EhiN) conference this week.

EhiN, now in its fourth year, aims to raise both e-health in Norway and global awareness of Norway as an e-health nation and will feature 100 speakers and 50 exhibitors over two days.

Egde Consulting specialises in the standardisation of health technology and is an expert center for advisory services, development and testing of e-health solutions. Its Test and Certification Center is integrated with an innovative “living lab” where real users are involved in testing new technology.

Egde works closely with central authorities, research institutions, municipalities and health authorities to help develop effective health services that focus on the user.

Egde Consulting’s eHealth and welfare technology services ensure a safe and efficient flow of information from users to primary and specialist healthcare. This means:

  • That a vendor’s solution meets functional and non-functional as well as regulatory requirements, and can come to the international market faster.

  • That the government gets effective processes and good health services, as well as being involved in the testing of new technology and service innovation.

  • That users receive both customised healthcare and increased self-esteem, which both have a positive impact on quality of life. chosen for Digital Innovators Power List

We are delighted to tell you that has been named as one of the 50 most innovative digital companies in the 2017 ‘Digital Innovators’ Power List’

Launched today by international law firm Bird & Bird LLP and London-based news brand, City A.M., the Digital Innovators Power List identifies the freshest and most inspiring digital companies that are impacting the market as a “life changer” or “market transformer”.

Companies were selected for the shortlist based on those with the most captivating stories of innovation that are also creating a buzz in the media. They also had to be at growth stage, have secured institutional funding and be based in or around London.

Julian Ranger,’s Founder and Executive chairman, said: “ is very pleased to be recognised as a Digital Innovator – we certainly believe that our solution of returning ownership and control of the data to the individual will stimulate a huge wave of innovation using personal data enabling businesses to offer ever more personalised services, privately.”

The shortlist was agreed by City A.M., Bird & Bird and supporting partners tech PR agency Hotwire PR, UK technology trade association techUK, the UK’s premier business organisation CBI and online investment platform Crowdcube.

With the help of a judging panel of digital experts, the top 50 will be whittled down between now and September 2018 until an overall winner is identified for the “life changer” and “market transformer” categories, winning them professional support to take their business to the next level.

Nicholas Perry, Partner and Head of London, Bird & Bird, said: “London’s position on the global stage has never been more important and it continues to be the home of some of the world’s most pioneering digital companies.

“This year’s Digital Innovators Power List celebrates some of the most visionary digital companies in the city and will explore the many ways in which technology is transforming the world. Alongside City A.M. and our partners, we are thrilled to recognise these growth-stage companies and provide a network of like-minded individuals who can stimulate, create and foster innovation.” will participate in a series of events hosted at Bird & Bird over the course of the year where the judges, featuring representatives from the London digital space, will give their perspectives on the factors driving digital innovation in the City, how their creations are impacting everyday lives or markets and what they are looking for when it comes to choosing the final two digital innovators.

A welcome statement on digital identity and privacy from Omidyar Network

The Omidyar Network – an investor in – has recently put out a thoughtful and considered Point of View (POV) covering digital identity in the modern world.

It states that “Identity is vital to participate fully in our modern digital society and economy. Yet, designed and implemented unchecked, digital identity technologies could have unintended adverse consequences for the world’s most vulnerable populations.”

It goes on to explain that the growing digital economy “will bring massive opportunities as connectivity increases and distance evaporates as a barrier for engagement and trade.

Transactions will increasingly occur without the two transacting parties ever meeting. Access to state benefits and a range of other services have the potential to become easier, faster, and more inclusive.

At the same time, the digital economy will introduce new barriers to access and engagement for those who lack identification or are unable to establish identification for want of digital access.”

To ensure all can access this on an inclusive and secure level playing field, it suggests the shared and thoughtful development of the necessary checks and balances”.

The Omidyar Network says that its hypothesis is that digital identity leads to empowerment only if three “foundational precepts” are considered: Identities must:

1. be available and useful to individuals

2. be non-discriminatory and designed for inclusion, meaningful user-control, and privacy

3. provide for recourse and accountability for harms caused

In terms of key system and technical requirements to make this happen, the POV lists informed and meaningful user consent and control over data, including opting out after permission has been granted, and limited data collection and use only for a specified purpose, as well as the importance of privacy by design, system security and openness.

Under system governance, a critical point is that “privacy must be recognized as a fundamental human right”, of course, fully supports the points of view highlighted and additionally already meets the principles expounded across technical design and system governance.

Julian Ranger, our Founder and Executive Chairman, said: “Omidyar mention that they “recognize the tension between the business model and incentives of a firm and the considerations noted above”, but at we believe that good design can minimise – or in our case eliminate – that tension.

Our “do not see, touch, nor hold” architecture, coupled with a clear and strong individually-controlled consent access process and certificate, ensures we meet all the considerations – and we will continue to ensure that we do so.”

You can read the full POV here.

Analysis: The pros and cons of privacy and data protection laws

The starting point for most privacy and data protection laws is creating a safer environment for all of us and our personal data – but the inevitable overreach often has far-reaching consequences

Most privacy and data protection laws have the noble aims of making us and our personal information safer – but overreach in the detail is a common side effect of attempts to do the right thing.

The consequences of this legal overreach can themselves be far-reaching – not just to personal privacy, but to technological innovation as a whole, if creators and those with grand ideas feel stifled by the competing needs of overlapping legislation.

The worst case scenario? Potential stagnation for technological innovation.

The broad scope of privacy and data protection laws is generally to ensure the free flow of personal data between the member states, while their ultimate purpose is to regulate how such data should be processed in order to maintain a balance between the various interests of the personal data ecosystem.

Of course, constant fluctuations in both technological and socio-economic contexts make achieving these grand aims a challenge. Regulation is always lagging behind new technological and market challenges, even as it struggles to keep up.

As Maria Macocinschi, who is studying for a doctorate in law at the University of Turku in Finland, notes: “The rigidity in revising and adapting the laws to the fast technological and economic developments is creating frustrations not only for consumers but also for companies.”

She also cites the much-praised General Data Protection Regulation (GDPR), which comes into force in May next year, as a well-intentioned law that may have adverse side effects.

She said: “GDPR, for example displays two contradictory trends. While it ensures a simplification of the regulatory environment and harmonisation of the standards, it also poses additional burdens and costs for companies. Therefore, the free flow of information might be quite affected by these overwhelming obligations.”

Regulation is inevitably deeply complicated, balancing as it must the conflicting interests of the various parties involved (public and private institutions, and consumers) as well as translating more traditional human values in a constantly changing digital environment.

Laws around surveillance are a good example of clashing interests and values: while surveillance such as CCTV is employed primarily for the protection of the citizens for security reasons, the same technologies are now being used in ways that seem to undermine the same values once sought to be protected.

Countries like China, for example, are trying to use technology that will predict when a crime is going to take place, before it even happens – the very stuff of sci-fi films.

The potential for horrifying consequences for those caught up in it makes it increasingly important that surveillance, and the emerging dataveillance phenomenon, should be carefully regulated to ensure a balance between the public interest, the economic rights of companies and the individuals’ privacy and data protection.

In terms of increasing the efficiency and effectiveness of current data protection laws, Maria says there are three broad areas that should be considered:

  • We need to look at how traditional legal concepts should be revised, taking into account the current state of information innovations
  • We need to look at how we regulate the emerging actors in this burgeoning ecosystem, as well as the new methods of collecting and processing data.
  • We also need to reframe the importance of the legal requirements for consent in the intensified and opaque dataveillance systems.

So how do we balance the necessary values and rights for the democratic functioning of the society with preserving personal privacy? This, of course, raises questions of how much privacy is desirable, legally and otherwise?

As with so many other things, regulation initially and superficially seems to be the natural answer here – providing guidelines for the protection of individual interest and public good. However, the law by itself cannot achieve this goal.

Furthermore, the extent to which we all, as consumers, promote and open up our own private lives through social media poses its own problems. The internet is a growing force in all our increasingly transparent lives. With the big data crunching capabilities of all the information we have willingly or unknowingly put out there, the ability for public and private actors to know far more about us than we are comfortable with has never been more real. Our identities, behaviours, transactions and other preferences and vulnerabilities are all gathered and exploited for various obscure purposes.

Again, legislation such as the GDPR is trying to address this, by putting more power over personal information back in the hands of consumers – but here too, law-making inevitably runs behind real life, meaning we are always struggling to keep up.

A new right to data portability (Art. 20 GDPR) and a revised right to be forgotten (Art. 17 GDPR) are aiming to build a stronger protection for the data subject and redress consumer sovereignty. However, such powers for individuals are not absolute. The interest in the protection of information privacy will always be balanced against other public interests as necessary in a democratic society (Recital 73 GDPR).  

So how should we try and find this balance moving forwards?  Maria has three key suggestions.

She said: “Balancing conflicting interests is difficult but not impossible. A first step would be educating individuals about what informational privacy is and the real benefits and consequences of sharing personal information. In a democratic society, a person should not isolate herself from the rest of the community, but rather participate and contribute to the decision making.

Therefore, data protection regulations should not be perceived as tools facilitating the invisibility of the individuals to the rest of the world. Rather, they provide the necessary measures to ensure their safe participation in the society. Disclosing personal information is a requisite for identification in a digital environment of disappearing bodies, and for effectively communicating their consumer preferences to the companies.

Secondly, each participant in the personal information ecosystem should acknowledge the importance of privacy intermediaries. For controlling and managing their personal data, individuals need the technical architectures (such as and supportive guidelines (privacy guardians).

The technological development should not be perceived by consumers and legislators as a big threat to privacy and personal data. While technology might pose some risks, it can also provide useful solutions for the protection of individuals and their fundamental rights. Therefore privacy and sharing are not foes, but complementary to each other. “

This blog is a joint venture between and Maria Macocinschi

Differential privacy? No, Apple, it’s all about private sharing

We think private sharing is this year’s differential privacy – and we’ll tell you why

Apple has hit the headlines again with news that it may not be using its vaunted differential privacy tool – which mines user data while protecting that person’s identity – quite as it said it would.

Differential privacy was last year’s big news from Apple, which has always talked a strong game on protecting user data. The idea is that by injecting random noise into personal data before it is uploaded to the cloud, Apple’s dataset as a whole can produce meaningful insights without personally identifying any individual users. They may or may not have made some changes to that, which are not our concern here.

But what did pique our interest here at was the most interesting line from the article, one that talks about a “failure of imagination” in correlating disparate data sets.

A ‘failure of imagination’ is absolutely the one thing we don’t lack here, having built a product that does just that very effectively. And actually, we’re confident that what we call private sharing is a much better way of, well, sharing your data privately.

Why? Crucially, you have control of your datasets, in your own 100pc secure library. If you choose to store that in the cloud, you and only you control access to it – doesn’t see, hold or touch your data, ever.

The biggest deal is in how you share your data – which is only on your terms, with consent that can be revoked at any time, through our unique Consent Access platform.

In short – you’re in the personal data driving seat with

But the ultimate private sharing isn’t really sharing at all – this is when an app – which you have consented to let see certain and defined elements of your data – runs an algorithm over that data, simply returning the result.

In this use case, which could be used for insurance or loan qualifying checks, no data has left your device, but the provider you’re working with has what they need to offer you the best rate as determined by your circumstances.

And because it hasn’t left your device, your data 100 per cent private, while still being shared in ways that benefit both you and companies dealing with you.

Differential privacy is so 2016. Private sharing is the future – and you heard about it from first. partners with ID Exchange to help Australians do more with their personal data has partnered with Sydney start-up ID Exchange to help Australian consumers enjoy more control over their personal data.

ID Exchange and will collaborate as vanguards for personal data sharing, working jointly to simplify user processes around consent. Together, they will execute cutting-edge solutions that provide security as well as consented sharing through a seamless customer experience.

ID Exchange, which is based at leading FinTech incubator Stone & Chalk, is a unified Opt Out/Opt In operator whose centralised approach for aggregated consent naturally couples with’s philosophy on seamless personal data sharing. allows individuals to easily aggregate a broad and deep range of financial and social media data from platforms including the likes of Facebook, Twitter and Instagram and then share it, if they wish, under a bespoke Consent Access program. It supports data from all major Australian banks, and health, wearable and music data will soon be available.

Crucially,’s solution ensures that individuals hold all their own personal data about themselves in their own 100 per cent private library – does not see, touch or hold user data ever.

Jo Cooper, Founder of ID Exchange, said: “Collaborating with plugs Australia into global opportunities to accelerate personal data sharing and provides consumers, corporates and developers a comprehensive platform to safely consolidate and intersect cross market data whilst maintaining jurisdictional regulation compliance for privacy, permissioned access and security.”

Julian Ranger, Founder and Executive Chairman of, said: “Australia is one of the world leaders when it comes to data privacy so it was an easy decision for us to make when deciding to explore this market more closely to widen our global footprint.

We’re delighted having found ID Exchange that we have a partner who shares the same philosophy as us in putting the individual in control of their data. Moreover through Jo’s tremendous drive and experience we’re confident of making significant progress very soon.”

Both Julian and Jo were on the panel of the Australian British Chamber of Commerce seminar event titled The consent economy: the $5 billion trade in you and I, which took place on Tuesday, October 10 at 3.30pm at the Commonwealth Bank Innovation Centre in Sydney.

In the consent economy, operators such as ID Exchange and, which now has a global presence thanks to a recent merger with leading US personal data specialists Personal, which put consumer needs first will take the lead.

The partnership between and ID Exchange opens collaborative opportunities across Australian and the UK economies where issues around personal data are coming to the fore as the new and far-reaching EU General Data Protection Regulation comes into force in May 2018. wins a Citi Tech for Integrity award!

We’re delighted to announce that we have won a Citi Tech for Integrity Challenge award. won the prize from the Dublin leg of the challenge, which encouraged technology innovators from around the world to create cutting-edge solutions to promote integrity, accountability and transparency in the public sector and beyond.

The awards were announced at an event hosted by the International Monetary Fund (IMF) to highlight the crucial role technology can play in tackling corruption around the world, and were given to companies that offered solutions that merited additional recognition.

Our bid showcased as a product that can help deal with challenges as diverse as corporate governance, anti-money laundering and identity validation and passed through two initial rounds before we were selected for the demo day in Dublin.

There, we showcased a demo version showing multiple streams of data being uploaded to the app, with innovations addressing the specific ‘pain points’ being shared in presentation format.

These include using technology to analyse and identify patterns of fraudulent health insurance claims, and leveraging emerging technologies such as blockchain to create digital identities for the large population of people, such as refugees, who do not have legal identity papers.

At the demo day, demonstrated how our product can be used to:

  • enable governments to efficiently and effectively identify refugees who have had to flee their home countries without identification papers. Their account is effectively an audit trail of their online life and therefore a way to identify both them and their circumstances, as well as reducing costs and waiting times for immigration departments.

  • enable insurance companies to reduce insurance fraud, with a knock-on effect of reducing insurance premiums for consumers

  • enable governments and NGOs to identify the correct individual recipient of any offered support, using their account to validate who they are and audit what was received. This method could be used for goods, vouchers or financial support whether beneficiaries are present or not.

Plans and sponsors coming together for Data Hack Iceland 2017! #letsgetpersonal

We’re delighted to say more sponsors, challenges and prizes have been added to our Data Hack Iceland 2017 event, which is taking place on October 7 and 8 in Reykjavik.

And to make it even more inclusive, we are also offering a Virtual Challenge, meaning anyone from anywhere in the world can take part!

Attendees will get the first ever access to a public-facing API, which includes, financial and social data, to open a spectrum of new possibilities and innovative solutions.

The health data will cover prescriptions, vaccinations, medications, allergies, doctor appointments, hospital visits and medications administered during those visits.

Test financial data, from bank and credit card accounts will also be available, as well as social media data such as likes, posts and shares – and we hope all teams will be able to build something functional and exciting over the course of the weekend.

Prizes ranging from flights, tickets and accommodation for an entire team to Slush in Helsinki in November to Start Up Iceland 2018 tickets, smart devices, cash and Onymos licences are on offer for the winners of the various challenges – so get involved!

Find out more and register at Data Hack Iceland 2017