All posts by Emma Firth

About Emma Firth

Journalist, writer and social media manager with a passion for all things digital.

Online privacy – when did it start to matter to you?

Most of us can pinpoint a moment when we realised that what we did and said online mattered more than just in the moment.

Maybe it was wondering why ads for things we had looked at kept following us around the web, or why spammers knew our names and email addresses.

More drastically, maybe you were hacked, or had someone snoop in an account you’d forgotten to log out of.

Or maybe it was simply finding traces of old, long-forgotten (and inevitably embarrassing) accounts you’d erased from your memories, if not the web – and the accompanying dawning of the permanence of our digital selves.

For most of us, that dawning awareness simply prompted us to be more alert and careful with no ongoing consequences, but for some job opportunities and more were already ruined.

Whatever prompted your digital privacy awakening, the Electronic Frontier Foundation wants to hear about it for their new project.

In their words: “We’re collecting stories from people about the moment digital privacy first started mattering in their lives. Through this collection, we’re hoping to illustrate the varied, often deeply personal reasons that people care about digital privacy.

“This isn’t a dry policy issue; corporate data practices have lasting ramifications on people’s everyday lives. And the recent vote by Congress to allow companies like Comcast and Time Warner to have unfettered access to our browsing habits puts our privacy even more at risk.”

To add to the conversation, post a blog post, article, tweet, or short video, and then share it on Twitter using the hashtag #privacystory.

The EFF will collate them, collecting these, blogging about them and retweeting them to “help spur a broader public conversation about the value of privacy in our digital world.”

Digital privacy matters now and forever – so get involved and share your story to help others.

 

 

The digital tipping point: striking the right balance between data privacy and transparency

A global study of more than 24,000 consumers across 12 countries found concerns about data privacy and security were top of their agenda.

Nearly 9 out of 10 (89%) of those surveyed by Verint said it is vital they know how secure their personal information is, while 86% want to know if their data will be passed on to third parties for marketing purposes.

Personalised services also continue to be important, with 80% of consumers saying they like it when services are tailored to them and their interests.

Marije Gould, Verint VP, EMEA marketing, said: “It comes down to getting the basics right, using technology and analytics to better understand what’s really on the minds of customers, and then working to help ensure the right resources are in place to address evolving needs and requirements.”

These desirable twin pillars of personalisation and privacy have traditionally created a conflict, with backdoor data collection and retention being at the heart of current attempts to personalise services, instead of getting this information direct from the consumer.

But as awareness about the importance of data privacy grows, along with the GDPR coming into law next year which gives new powers over their personal data to consumers, a sea change is coming.

Here at digi.me, we have always subscribed to the theory of the Internet of Me – that putting the individual at the centre of their connected life, and in control of what happens to their data, is key for both increased privacy and service personalisation.

And general awareness raising around the importance of personal information and having control over it can only be a good thing for all of those making to work the Personal Data Economy a much fairer place for the individual.

 

digi.me pushes hoppa bus appeal over the line

Farnham will get a new community hoppa bus after a donation from digi.me pushed the fundraising target over the finish line.

Steve Forward, general manager at hoppa says: “We were tantalisingly close to reaching our target but were short by £1,000. When we got the call from digi.me to say they wanted to help, I was thrilled. Although every penny donated to our appeal is highly valued, this was the gift that gave us the last push to reach our target, making it particularly memorable.”

Roger Goscomb, CFO & COO of digi.me, said: “When we heard about how important hoppa is to the community and how close they were to being able to buy the new hoppa Farnham Community bus, we wanted to help.

“Being connected is so important: just as our work helps people connect to their data to take control of their digital lives, hoppa connects its customers with their community, giving them control of their real-world lives.”

Demand for hoppa’s services has risen over the past year, adding to the urgency of purchasing the new bus and getting it on the road.

Hoppa offers a vital service to its customers, providing low-cost, convenient transport, which is also accessible to people with disabilities. It provides a door-to-door service to popular destinations such as supermarkets, hospitals and health centres and stations. Many of its customers are older people who no longer drive or people with disabilities with limited transport options.

Hoppa is held in high regard by its customers for its friendly, high quality service and is often described as a lifeline to people who may otherwise lose their independence or become isolated.

Digi.me started out in 2009, offering an innovative tool that enabled users to gather their social media content. Today, its groundbreaking technology allows consumers to gather together their personal data into one place and share it on their terms. The app enables individuals to view all their online data in a secure environment, such as banking, shopping habits and health data, and share it with third parties if they wish for service, convenience or reward.

The new hoppa bus will go into service from Monday 10 April.

ISPs selling personal data: we need to frame the debate around consent

The US Senate’s vote to roll back rules preventing ISPs from collecting and selling personal data has generated an enormous amount of controversy.

On the one hand, de-regulating the stifled and stagnating US economy is a necessary move to restart growth and boost innovation.

And of course everyone understands businesses want and need data – it’s their fuel, their magic juice – and something they rely on heavily to try and stay ahead of their competitors.

But those arguments, valid as they are to a degree, overlook the big elephant in the room: consent. Specifically, the rights of individuals to have a say in what happens to some pretty sensitive personal data collected about them through their full browsing history.

Consent is the missing ingredient in this current debate – and its omission means all sides lose out.

Individuals, of course, lose out in this equation because their personal data is being sold on behind their backs without their consent, or indeed without any benefit to them.

But businesses are losing too because they would get better quality, more useful data if they went direct to the source – the individual themselves – and offered something desirable as an exchange.

Additionally, their ability to thrive depends on them being able to deliver the right offer to the right person at the right time. This, in turn, requires better engagement overall, and engagement means conversation. What better way to have a conversation then by starting the relationship asking for data rather than taking or buying it?

Of course, here at digi.me, where we have built our vision on the Internet of Me principles and ideals of the individual at the centre of their connected world, in control of what happens to their data, it’s no big surprise which side we are leaning towards.

But it’s clear there are an ongoing debate and awareness-raising to be had about ethics and best practice around the issue of personal data.

While the House has now also voted in favour of this bill, it’s not completely clear whether the White House will sign it without amendments.

But President Trump has said time and time again that he is the people’s voice – and now is a perfect time for this new Administration to hear this voice.

There are increasingly ways, such as digi.me, for both privacy and data-sharing to be compatible, and these should be explored –  although consent is always the better choice, resulting as it does in a more meaningful dialogue.

The bottom line here is that the ISPs are acting perfectly legally, and feeding businesses who are desperate for data and know – at the moment – of no other way to get it.

This change will come, both in awareness and through legislation such as the EU GDPR, which gives many more rights back to individuals around their personal data, and which we firmly believe will prove to be a boon to businesses and innovation when it comes into law next year.

But until then the focus should not be on condemnation or scorn, but showing a better way through the use of data consented at the source.

Then, and only then, can we move forward into a world where our data is ours alone and we share it only through choice.

Digi.me gearing up for RightsCon Brussels

We’re delighted to be attending RightsCon Brussels this week, joining a incredible roster of speakers plus new technology showcases all inspiring how we build tomorrow’s internet.

Our founder and Executive Chairman, Julian Ranger, will be giving a Lightening Talk on how we can solve personal data privacy issues through sharing more in the Internet of Me.

This session is part of the Personal Data and Privacy Stream, and other talks in the same session include the next steps at the UN for the right to privacy in the digital age, how we advance human-centric personal data, and why the internet should be decentralised.

Altogether, RightsCon Brussels will bring together 1,300+ attendees from 95 countries with 500+ organisations, tech companies, universities, startups, and governments represented in a three-day event covering current and emerging issues, such as as privacy and data protection, encryption and cybersecurity and the Internet of Things.

It’s going to be interesting, stimulating and exhilarating – and we’re delighted to be a part of it!

 

 

10 key things you need to know about the EU GDPR and personal data

The General Data Protection Regulation (GDPR) becomes law across Europe in May 2018, replacing a patchwork of data protection laws across the various member states and essentially making privacy the new norm.

Wide-ranging in its scope, a key theme is returning a lot more power over personal data to individuals, who will have new and increased rights over what personal data is collected, what it can be used for and what happens when they want to remove consent.

The GDPR also includes a ‘right to be forgotten’ as well as the right to know when your personal data has been hacked and replaces rules dating back to 1995 when the internet was in its infancy.

Completely in tune with digi.me’s vision to unlock the power of personal data by returning control and ownership to those who create it in the first place, the new law will apply to all businesses not just based in the EU, but also those dealing with EU citizens.

Here’s a quick guide to the main features:

  1. Privacy by design means that when you download an app or sign up for a service, you should not be asked for data that is not directly needed or relevant for the purposes of interacting with that app or service. Services should no longer be asking for capabilities they don’t actually need, which will immediately restrict data leakage.
  2. Explicit permission means just that – when you give permission to an app or website to have or use your details in a specific way, they can’t use it for any other purpose or, crucially, sell it on to third parties.
  3. Data portability gives you the right to ask for any data that a company has about you, which should be returned in a machine-readable form so that you can reuse it, for example to give it to another service provider.
  4. Giving someone your data doesn’t mean they will always have access to it – under the GDPR you have a right to be forgotten and will be able to ask companies or platforms to delete your data if you no longer want them to have it. The two caveats to this are a) that this won’t apply to some information that there is a legal requirement to keep, for example medical records and b) that it is also a personal right to forget, distinct from the 3rd party Right to be Forgotten, where individuals can request that outdated or undesirable information about them be removed from search engines. (read more about the difference here)
  5. Clear and affirmative consent will be needed before private data is processed and this will require an “active step” such as ticking a box. The Parliament is clear that “silence, pre-ticked boxes or inactivity will thus not constitute consent. In future, it should also be as easy for a person to withdraw consent as to give it.”
  6. Right to be informed in plain and clear language – MEPs have insisted that the new rules will put an end to “small print” privacy policies and that information should be given in clear and plain language before any data is collected.
  7. Clear limits on the use of profiling – new limits where automated processing of personal data is used to “analyse or predict a person’s performance at work, economic situation, location, health, preferences, reliability or behaviour”, including creditworthiness. Under the new regulation, profiling would generally only be allowed with the consent of the person concerned, where permitted by law or when needed to pursue a contract and should comprise a human element, including an expectation of the decision to be reached. MEPs also insisted that profiling should not lead to discrimination or be based solely on sensitive data, such as ethnic origin, political opinions, religion or sexual orientation.
  8. One law for the whole continent – one of the biggest attractions is that Europe will now be covered by one law, applied in the same way everywhere, instead of a patchwork of national ones. Eliminating the need to consult local lawyers in each country a business has dealings or premises will see direct cost savings as well as legal certainty. Savings from dealing with one pan-European law rather than 28 are estimated at €2.3bn per year.
  9. Regulatory one-stop shop – businesses will only have to deal with one regulatory body rather than 28, making it simpler and cheaper for companies to do business in the EU.
  10. The new rules promote techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymisation (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorised can read it) to protect personal data.

Overall, the new data protection rules give businesses opportunities to remove the lack of trust that can affect people’s engagement through innovative uses of personal data, while giving individuals clear, effective information about what their data is being used for will help build trust in analytics and innovation for the benefit of all.

The new rules will be backed up by harsh sanctions including fines of up to 4pc of a company’s global turnover if they don’t comply.

Driving interoperability adoption with the Kantara Initiative

Here at digi.me, we have three driving principles that inform and influence every step we take.

Two of them, you won’t be surprised to hear, are privacy and security – but the third is slightly less obvious. What is it? It’s interoperability, and it’s absolutely vital in the field of personal data ownership and control.

The ability for open data exchange, and for data from various platforms and businesses to be brought together in a reusable and useful format demands interoperability, which in itself requires common standards and ontologies.

If we are to bring (as we must to regain full control over our personal data) massively disparate sources of data together, and then require them to function together as a whole, at least for processing purposes, interoperability is the only way forward.

And so the work on advancing that becomes hugely important – which was a key reason behind digi.me joining the Kantara Initiative, as they are doing a great deal of pioneering work in this area.

Julian Ranger, Founder and Executive Chairman of digi.me, said: “It is important that we are leading the work to promote cross-businesss and cross-platform interoperability to allow individuals to maximise the use of their personal data whilst having full control.

“To this end, we have joined the Board of Kantara and are active within their Working Groups promoting development and adoption of standards for the Personal Data Ecosystem.”

Find out more about Kantara in this short leaflet summarising their most notable activities.

Sir Tim Berners-Lee: Loss of personal data control is an Internet tragedy

The loss of control over personal data sharing is one of the three biggest threats to the world wide web as it currently exists, according to its founder.

Writing an open letter in The Guardian to mark the 28th anniversary of his creation, when he wrote the initial proposal for what became the web, Sir Tim Berners-Lee said he has become increasingly worried over the past year about three new trends, which he believes  “we must tackle in order for the web to fulfill its true potential as a tool that serves all of humanity.”

And he is keen to see personal data control put back in the hands of those who create it as a major step to solving the first one.

Regarding this first point, loss of personal control of data, he wrote: “The current business model for many websites offers free content in exchange for personal data. Many of us agree to this – albeit often by accepting long and confusing terms and conditions documents – but fundamentally we do not mind some information being collected in exchange for free services.

But, we’re missing a trick. As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data and chose when and with whom to share it.

“What’s more, we often do not have any way of feeding back to companies what data we’d rather not share – especially with third parties – the T&Cs are all or nothing.”

This, of course, chimes 100 per cent with the Internet of Me vision (image above), where individuals at the centre of their connected world are in charge of their data and what is shared and with whom.

This ideal world, as well as being at the heart of our personal data and company mission, will also be front and centre of the next version of our app, which will allow both more streams of data to be collected in a private library, and the capability for sharing slices of data with directly with companies for personalised rewards.

Sir Tim goes on to point out that this widespread data collection by companies has other impacts, notably increasingly giving goverments the ability to watch our every move online, which creates a chilling effect on free speech.

Combined with the two other major issues of the web making it too easy to spread misinformation and the need for greater transparency in online political advertising, he writes: “These are complex problems, and the solutions will not be simple. But a few broad paths to progress are already clear.

“We must work together with web companies to strike a balance that puts a fair level of data control back in the hands of people, including the development of new technology such as personal “data pods” if needed and exploring alternative revenue models such as subscriptions and micropayments.”

Ultimately, he said: “It has taken all of us to build the web we have, and now it is up to all of us to build the web we want – for everyone.”

 

 

 

UK’s data protection body issues GDPR guidance on consent

The Information Commissioner in the UK has drafted guidelines for what businesses and organisations handling personal data will need to do to comply with the new GDPR out for consultation.

In the draft guidance, the ICO notes that: “The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how you use their data.

“When consent is used properly, it helps you build trust and enhance your reputation.”

The draft guidance’s key points include:

• Doing consent well should put individuals in control, build customer trust and engagement, and enhance your reputation.

• Consent means offering individuals genuine choice and control.

• Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of consent by default.

• Explicit consent requires a very clear and specific statement of consent.

• Keep your consent requests separate from other terms and conditions.

• Be specific and granular. Vague or blanket consent is not enough.

• Be clear and concise.

• Name any third parties who will rely on the consent.

• Make it easy for people to withdraw consent and tell them how.

• Keep evidence of consent – who, when, how, and what you told people.

• Keep consent under review, and refresh it if anything changes.

• Avoid making consent a precondition of a service.

Overall, the draft guidance sets out how the ICO interprets the GDPR, key changes from existing data protection regulation, and its general recommended approach to compliance and good practice.

But it is also clear that the guidance will need to evolve both to take account of future guidelines issued by relevant European authorities, and according to experience once the law is in place from May of next year.

Digi.me’s Julian Ranger elected to MEF global board

Julian Ranger, the founder and executive chairman of digi.me, has been elected to the global board of Mobile Ecosystem Forum (MEF).

Digi.me is already a full member of the global trade body, and Julian has been working closely with MEF as part of the Consumer Trust working group to enable businesses to successfully take advantage of the transition to personal ownership of data.

As part of this, he has contributed to a major submission to the EU’s Horizon 2020 funding which would allow MEF to undertake trials and research, as well as introduced MEF to potential strategic partners and promoted its work to key personal data innovators.

He said: “I am delighted and privileged to be elected to Global Board of MEF, where I will be particularly supporting the MEF’s Trust and Personal Data initiatives and helping to develop interoperability requirements.

“As privacy becomes ever more a focus, especially with new laws such as GDPR, there is a strong belief that this presents an opportunity to businesses that embrace change with Trust rather than being a bar on business.”

In his election submission, Julian promised to focus on ensuring that MEF’s Consumer Trust initiative develops as the ‘doers group’ vis-à-vis other industry efforts – delivering value to members whilst addressing industry imperatives around research, interoperability and new use cases.

He also looks forward to supporting the Executive with dedicated introductions and business ideas to identify investment and partners to support these crucial activities.