Today I will be introducing the subject of personal data and looking at an optimistic vision of how we can do more with personal data with privacy, security and consent by giving back control to the individual.
If we embrace this change, then we can make the UK the leader of a new personal data economy – enhancing the UK as a key digital player worldwide, no. 2 to Silicon Valley (although why not no. 1 in time?!)
Personal data issues
Undeniably, worldwide we have a problem with personal data – with privacy and security issues at every turn.
Here we are in Cambridge, just months after the Facebook/ Cambridge Analytica scandal that was just one more nail in the coffin of personal data privacy.
British Airways yesterday announced another security issue with personal data, the latest in a long list.
We are aware how we have lost our privacy, and it seems that the security of our data is full of holes.
The overwhelming impression is that the big tech companies can’t be trusted – we’re monitored, tracked, sold to whether we like it or not.
But they are not alone – personal data used by the likes of Facebook, Google, et al have just a piece of the overall data about us.
But what about our finance data and our medical data?
Banks sell our data, not only to credit agencies, but also to others.
The Government, in the form of the NHS trusts and hospitals, shares our medical data without our opt-in.
Both of these are questioned by many as well as the Facebook, Google and other issues.
BUT is all sharing all bad?
Aren’t we getting services in return, reducing fraud and developing better health solutions for the benefit of all?
Clearly there is a trade here, as there is in all things – a trade between benefits and risks.
BUT the cry is that the trade has become unbalanced – against the individual.
Our privacy and security need to be given greater weight.
It is for this reason that we have the new EU GDPR – brought into the UK with the new Data Protection Act 2018 earlier this year.
Everyone is now familiar with GDPR from the many emails we got asking us to reconsent to all those marketing emails and messages.
That has, by the way, caused reductions in email lists of between 50-90 per cent. Similarly, reductions have been seen in programmatic advertising.
And that is what we should expect – a tightening of personal data usage.
A restriction of the personal data market.
Let’s bring the personal internet back under control, slow it down from its headlong crash into eroding all personal privacy and security.
Just what we want – right?
Whilst we must restore personal privacy and control, if we do it in such a way as to limit the use of personal data, then we deny ourselves new economic models and we hobble our future.
Take one simple case – how can we develop personalised medicines if we can’t access detailed health data for many individuals?
Trevor Phillips mentioned this morning in the Innovation Tent how GDPR was killing his innovative business – Trevor espouses ethical business, so the fact that the GDPR isn’t good for him must be wrong surely?
The good news is that everyone has been selling GDPR wrong.
It doesn’t have to solve privacy and security by restricting data use.
It can be used to open data use but with the three key elements of Privacy, Security and Consent.
Safety belt for the Internet
Before I explain how, let me give you an analogy.
In the 30s, 40s and 50s, cars got faster and faster, and with that came a big increase in deaths and appalling injuries. Not surprisingly, there was a call for legislation to fix that.
But did legislation say ‘You’ve got to slow down to 20-30 miles per hour?’ No. That would have been crazy.
What happened was that safety devices were legislated for over time – seat belts, crumple zones, crash bars.
These safety devices allowed cars to go even faster, to do more, go off road, expand their usage.
So for the personal internet we have a direct analogy – the personal internet has got faster and faster, more privacy and security issues. Should we slow it down, do less? No, that would be crazy, like it would have been for cars.
We need a seatbelt that allows us to do more.
What is the seat belt for the personal internet then that allow us to do more with personal data, but with privacy, security and consent?
Well it starts with the two key provisions of the GDPR/UK’s Data Privacy act and that is Data Portability and Right of Access.
And critically it involves you and me – putting us back in control of our data.
Personal data tools
The ideal that any business, AI company, etc would like is a data set which has five characteristics – what we might call Rich data. That is:
1) Single Source
2) Wide across data categories
3) Deep in time
5) Normalised (i.e. single language/data form)
How can we get this data set about an individual? I don’t want any company to have EVERYTHING about me, but actually no company can know everything I do, watch, see, buy, interact with – no matter how much they try and track me (if they were legally able to do so).
But there is one entity in the whole system that does know all about me and that is me: I know which social channels I use; which banks I use; where I get medical help; what I listen to, etc. So I can be the single source of truth about myself – I can build the ultimate library of me.
To do so I need a tool to help – much like Outlook lets me get my email messages. That is where my business, digi.me, comes in – and other businesses that are trying to do the same thing.
You download the digi.me app to the device of your choice.
You then choose where YOU want your data – the personal cloud of your choice. For example, Dropbox, Google Drive, One Drive, a NAS drive at home, etc.
It is your data and you should store it, not digi.me, not anyone else.
Then you use YOUR digi.me to connect to your social channels, your bank data, your health data, etc – your digi.me software then gets the data direct from the source and places it in your personal cloud encrypted with your key only you hold – and it does this every day ensuring that you have an up to date 100 per cent private library of all your data.
Do more – yourself
Once you have your data you can do more with it yourself. You can see the data, search for anything and get insights from it. The digi.me app allows you to do this on any device – all 100 per cent privately.
So digi.me is your Librarian – bringing your data together and allowing you to do more with it yourself.
But we are also your Postman.
Digi.me enables an individual to share their data with anyone who asks – using the digi.me Consent Access process.
The individual now has Rich data about themselves. As a business why would you not ask an individual for their data directly – you can now access rich data that you couldn’t otherwise get. You can do more, not less, in a permissioned environment.
As an example, what if I have a thin credit file and I want a loan to buy a car? The answer today is just no because the car loan company has no ability to ask me for extra data.
But with digi.me they can. The loan company can use the digi.me Consent Access certificate to ask me for two years of my finance data say, and if I agree, then my digi.me will extract that data from library and pass it to the loan company.
The loan company can then assess my data directly and see that I have the spare cash flow and give me the loan – a loan I wouldn’t get otherwise.
Any business can now ask for any data about me – data that is far better than any data Google, Facebook or others may have.
In my example the loan company received my data and processed it on their servers – because as we all know having data about me is an asset. BUT is it? Really it is a toxic asset – it costs money to hold my data, costs money to secure it, if it is hacked then the business will suffer badly. The asset is NOT holding data, but being able to ask for it whenever it is needed.
Using digi.me the loan company could have asked me to download their load app. That app ON MY PHONE could have asked for the finance data to process ON MY PHONE and then only send the credit score back to the bank.
No data to secure on their servers, but an accurate result.
I am happier because my data hasn’t left me – just the result. I am MORE likely to share my data as a result.
This PRIVATE SHARING opens up many new possibilities – possibilities to share more data, more sensitive data than before because it can be processed locally to give me value.
Let me give you another example of Private Sharing using a health insurance company. That company wants to help keep their clients healthy as it is good for their clients, and will also reduce claims.
To do this they provide health advice. That health advice will in time require your full health history, your wearable data, your genomic data, maybe your mental state from social data, your food purchases.
But you probably don’t want to share all that data with your health insurer!
With digi.me you don’t need to.
The health insurer provides you with a health app which asks for and processes all your data ON YOUR DEVICE – providing local health recommendations.
The health insurer does not see ANY of your data, yet you get a complete health recommendations service.
This isn’t a concept – you can build on digi.me today – not tomorrow, but today, and of course other businesses will be providing other Personal Data Tools in time.
This isn’t difficult – it is surprisingly easy. There is no limit to the personal data you can access with consent if you provide value to the individual and if you think about Private Sharing.
This is a whole new economy that is going to open up. Trillion dollar businesses have been based on just some personalised data – when we can open up use of all our personal data, remember with privacy, security and consent, then the economic prize is huge. Furthermore, the benefits to individuals, not least in health, will be huge too.
We are leading this in the UK, with businesses like mine and others providing personal data tools. But we need to attract businesses to build their apps on these platforms, and the truth is that businesses will come to do that work in nations where the largest number of people have their data.
As Dan Korski said this morning in the Innovation Tent, we need a data layer to go with the underlying connectivity layer to provide the infrastructure for a leading digital economy.
At digi.me we have done this in Iceland, for example, where the Iceland Government implemented the world’s first patient-facing API to give health data back to their citizens.
We are working across Europe, US and Australia and are seeing the stirrings in Asian countries including India and China too.
So now is the moment for the UK to lead the new personal internet – an ethical internet treating people and their data with respect, and providing massive social and economic benefits as part of that – surely a prize worth going for.
How do we win that prize? Actually it starts with the Government, and health, an area that affects us all. Both the previous health minister, Jeremy Hunt, and the new health minister Matt Hancock, have referred to patient centricity, where the individual owns their data, and have highlighted the concept which is well described in the book “The patient will see you now”.
If we can get a high percentage of the UK population starting to understand that owning their data puts them in control and gives them the capabilities to get better services then we will have an environment that will bring the developers to the UK to develop in the widest pool of data availability. The Government doesn’t have to do anything special (companies like mine are already doing the work to enable individuals to access their health data using existing NHS conduits) or spend any money – they simply have to promote the idea to the public.
Empowerment of the voter, the consumer, the individual has been a fundamental theme at this Big Tent Festival. This empowerment allows the individual to do more with personal data – let’s take advantage of this now in the UK and lead a new ethical world giving great value to all.
I hope the UK doesn’t fail for ambition in this area!