Category Archives: Data Privacy

Great news – you can now add financial data to your digi.me

Data Privacy, ,

We’ve very excited that you can now add details of your finances to your digi.me library.

Having your financial accounts in one place within digi.me allows you to take control of your money and gain greater insight into your spending, and is just the start of enhanced social streams that will soon inclue data from every area of your life.

Once you’ve added your bank accounts details, you can keep track of balances and payments, as well as what’s coming in and what’s going out, while spending categories let you see where your money goes for better budgeting.

You can also search across all your accounts for a particular transaction or by vendor.

Adding financial data is done via Yodlee, a service that allows consumers to securely consolidate and manage their financial information on the web. More information about what exactly that means, and why it’s completely secure, can be found here.

Getting started couldn’t be simpler. You will need to visit our product page to download the latest version of the app, because we have given it a complete upgrade so it can accommodate different streams of data as well as social.

digi.me-finance2

Then you will be prompted to create a library with Dropbox – being based in the cloud means that, for the first time, your central digi.me library can be accessed on all your devices. Once you’ve done that, follow the prompts to add as many accounts as you want.

digi.me-finance3

This is a major new feature and it is still early days, so all feedback is welcome. This can be given simply by shaking mobile devices or clicking the bug icon on desktop.

You will notice that your finance details are laid out a little differently from a normal statement list, because as part of the data normalisation our app does, we display a timeline tapestry of your life. This tiled display is customisable, and you can create favourite saved searches and organise your data how it makes best sense to you.

We have many more sources of data and new features in the works, but the next one up is Google Drive as an alternative home for your library. If you would like to be part of the beta for that, you can sign up at www.digi.me/beta

Five personal data lessons we need to learn from the Equifax hack

Data Privacy, , , ,

The Equifax data breach, which has leaked critical personal information including Social Security numbers and birth dates on an estimated 143m Americans, as well as Britons and Canadians, is one of the largest ever, both in scale and the importance of the data stolen. So what lessons can we – and must we – learn from this demonstration of individual powerlessness in the face of data theft?

  1. Honeypots of data are hugely attractive to hackers. We know this, it’s common sense – and yet still we are persisting with the centralising of personal data rather than returning it to the individual. Putting each of us in control of our own personal data, so we can choose when and with whom it is shared, is all that makes sense.
  2. When our data is sold from behind our backs, we don’t know who has it. The nature of Equifax’s credit-scoring business, which takes data from a number of sources to help other companies assess creditworthiness, makes it hard to assess whose data was stolen – and for individuals, whether they were involved in the breach. Again, so much better to have individuals as the hub of all their data, sharing it with insurance companies, for eg, when needed, or letting algorithyms run over the data on the phone and just return the result, in what we at digi.me call private sharing.
  3. When our data has been breached by a third party, we’re reliant on them to tell us. Equifax has set up a website for people to check if their personal details were part of the breach, but there have been widespread reports of the site returning different results for the same data. It also requires a Social Security number, making it useless for anyone outside the US. Not to mention the fact that the breach took weeks to come to light, potentially giving the hackers time to use the information they had stolen before its owners even knew it was gone. We are not in control of our own data, which is created by us. That model – where our data is used for profit by others – needs to change.
  4. Those involved are at significant risk of fraud for years to come. This is not an email breach, where the people involved can simply change their passwords and (largely) put a stop to the damage. The information stolen, which also included addresses, drivers licence details and credit card numbers, means those affected are at significant risk of identity theft – and will be for years to come. We must use breaches such as these as drivers for change – otherwise nothing will change.
  5. Finally, and possibly most scary of all, we don’t know what this means. We don’t know if this hack will translate into increased levels of theft and fraud, or whether other information held by similar credit-scoring companies is any more secure. Or, indeed, whether Equifax will be punished for this breach.

What we do know is that trusting others with our personal information has seen it leaked over and over again. The fundamental method of personal data management must move back to the individual from central stores. And until it does, massive breaches of this scale, and the subsequent hassle and problems caused to those the data actually belongs to, will continue. Regulation has a part to play, but so too does consumer behaviour – and we need to be clear that this is not ok, on any level.

Come and join the digi.me personal data hackathon

Data Privacy, ,

Calling all developers, designers and entrepreneurs (or indeed anyone with curiosity and flare!).

Are you interested in building personalised online experiences without losing control over or the privacy of your personal data?

Then our Data Hack Iceland hackathon is for you!

Being held on October 7 and 8 in Reykjavík, Iceland, the #letsgetpersonal event will feature personalised data, health and social data challenges.

Two identified so far are the digi.me challenge: build a cool innovative app using digi.me’s Consent Access platform with a focus on health and finance as Dattaca Labs and digi.me make private sharing real.

There is also a Code for a Cause challenge, looking at how we can better use open or user contributed data to give deeper insights into or tackle social problems including unemployment and environmental issues, with others to follow.

Ideas will be judged on their fundability, execution, UI/UX, originality and scalability, and the prizes include the Icelandic Data Hack Trophy for the best solution, as well as a VIP tickets package worth $2000.

Find more details of how to register, prizes, the schedule and rules visit https://www.digi.me/datahackiceland. A limited number of sponsorships are available.

 

Digi.me delighted to have signed MyData Internet of Me principles

Data Privacy, , ,

We are delighted to have signed up to the Declaration of MyData principles, and urge anyone else with an interest in how personal data is held and managed to sign too.

The principles, which are a first version and will evolve with a second version expected after feedback in six months, are designed to “make sure individuals are in a position to know and control their personal data, but also to gain personal knowledge from them and to claim their share of their benefits.”

As the introductory text notes: “Today, the balance of power is massively tilted towards organisations, who alone have the power to collect, trade and make decisions based on personal data, whereas individuals can only hope, if they work hard, to gain some control over what happens with their data.

“The shifts and principles that we lay out in this Declaration aim at restoring balance and moving towards a human-centric vision of personal data. We believe they are the conditions for a just, sustainable and prosperous digital society whose foundations are:

  • Trust and confidence, that rest on balanced and fair relationships between people, as well as between people and organisations;
  • Self-determination, that is achieved, not only by legal protection, but also by proactive actions to share the power of data with individuals;
  • Maximising the collective benefits of personal data, by fairly sharing them between organisations, individuals and society.”

The six key principles are human-centric control of personal data, the individual as the point of integration, individual empowerment, data portability and re-use, transparency and accountability and interoperability.

MyData hopes that organisations and companies working in the personal data ecosystem will take and use these principles, to further their own projects, as well as build their own trust frameworks and terms of service.

They accord strongly with our own Internet of Me vision, with the individual at the centre of and in control of, their connected life. And we are also very happy to be a sponsor of the MyData conference next week in Tallinn and Helsinki.

Watch out for more updates on that!

 

Digi.me merges with Personal to create global personal data control powerhouse

Data Privacy, , , , , , ,

Digi.me and Personal are combining forces through a merger, bringing together the leading European and US companies in the emerging personal data ecosystem to provide a single integrated solution for consumers and businesses.

Both companies have pioneered innovative technologies to empower individuals to gain control over the growing amount of data and analytics about themselves that fuels the digital world. They directly address the challenge of enhancing privacy while increasing the ability of people to benefit from sharing and analysing data, including by apps on a mobile phone without the data ever having to leave the phone.

The combined business will be called digi.me, with its global HQ near London in the UK and the US operation based in Washington, DC. Personal’s enterprise solutions, known as TeamData, will be spun off as a separate information security and productivity company for businesses. The combined global workforce of over 60 people will continue to work for digi.me.

“We are excited to bring together the best of digi.me and Personal to accelerate the growth of our combined products and network of partners,” said Julian Ranger, Founder and Chairman of digi.me. “We have each built complementary infrastructure and products necessary for individuals to easily aggregate and share data whilst maintaining its security and privacy. It’s a win-win for individuals and for companies who embrace this model of transparency and trust.”

“Everything is powered by data today, but without clear benefit for the individual,” said Shane Green, Co-founder and CEO of Personal, who will serve as CEO of digi.me (US). “In a world of rapidly expanding artificial intelligence, analytics and personalised experiences, it is critical that we as individuals have the tools and rules to ensure our interests are also served by our data.”

Digi.me and Personal have raised over $45 million between them, attracting leading investors such as the Omidyar Network, SwissRe, Planetary Holdings, TCS Capital Management, Allen & Company, Revolution Ventures, Ted Leonsis and Esther Dyson.

Digi.me allows individuals to easily aggregate a broad and deep range of their social media data from Facebook, Instagram, Twitter, Pinterest, Flickr and other popular sources along with financial data from hundreds of sources in a secure library.

Companies and developers can then use digi.me’s APIs to request access to integrated data sets to provide better data-driven experiences, services, and rewards, and to provide other benefits like rich personal analytics. Health, wearable and music data will also be available soon after the merger. Current partners of digi.me include Swiss Re, Western Digital, Lenovo, Amgen, Dattaca Labs and FNAC.

Personal is focused on secure, collaborative creation and management of reusable data constantly needed by people at home and work to complete thousands of information-related tasks. It supports a multitude of data types from passwords, credit cards and IDs to detailed data for office and home use such as insurance, health and personal data of employees and family members. A free version of Personal’s TeamData app will be available for individual use following the merger and will be integrated into digi.me later this year.

The combined version of digi.me and Personal will allow seamless management of thousands of different types of both feed and manually-created data, supported by the industry’s leading structured data ontology and data normalisation technology. It will also allow secure sharing and far richer data-driven experiences between individuals and third party apps, and allow companies to reduce business and regulatory risks by requesting access directly from users.

“People assume there is a fundamental trade-off between sharing data and privacy, with Americans historically favouring sharing and Europeans favouring privacy” said Rory Donnelly, CEO of digi.me. “That no longer has to be the case when the individual controls much of the critical data about them and their lives. We are delivering the exact permission-based technology solution regulators and CEOs have been seeking.”

“There simply isn’t any way we can create this exciting, data-driven future without individual agency over data,” said CV Madhukar, Investment Partner at Omidyar Network. “Companies can use data to improve our lives, but their interests must be balanced with that of the individual: users must always have choice over who they reward with their trust and data.”

Find more information about digi.me, including the app, at https://www.digi.me, Teamdata is at https://teamdata.com/

Government strengthens UK personal data protection law

Data Privacy, ,

Individuals will have more control over their personal data in new measures being announced today.

The new Data Protection Bill, which brings the UK into line with the upcoming GDPR, will give the public new rights, including the right to be forgotten, and the right to withdraw consent for personal data use.

Under the plans, parents and guardians will be able to give consent for their child’s data to be used and ‘explicit’ consent, rather than simple box ticking, will be necessary for processing sensitive personal data.

The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or 4 per cent of global turnover, in cases of the most serious data breaches.

Matt Hancock, Minister of State for Digital, said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

The Data Protection Bill will also make it easier and free for individuals to require an organisation to disclose the personal data it holds on them, as well as making it easier for customers to move data between service providers.

Elizabeth Denham, Information Commissioner, said: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

Julian David, CEO of techUK, said: “The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full opportunities of data is building a culture of trust and confidence.”

Digi.me’s Julian Ranger featured in article on the future of digital identity

Data Privacy, , ,

Julian Ranger, digi.me’s founder and Executive Chairman, has been featured in a recent edition of Luxembourg for Finance’s Leo Magazine, following a speaking slot at the Fintech Luxembourg event in March

In the text below, taken from the article, he outlines how he sees the emerging identity landscape developing and evolving in the future:

“We have always been multi-dimensional,” says digital identity entrepreneur Julian Ranger, whose vision is to rethink the data value exchange.

“The question is, are our financial services able to support that multi-dimensionality and work for me across all of those dimensions?”

How secure is data in your own hands?

Ranger is Chairman and Founder of digi.me, an app which lets you gather all your data together privately. It then enables you to share it with businesses, in return for value which might be a service, for convenience or a reward. This is called the Internet of Me, where you are at the centre of your digital life, owning and controlling your data.

“If you consider identity not to be just identification of data, but all the things that I do, then it’s a holistic through-life process, and you should be using digital identity by engaging directly with me and looking at me across all aspects of my life.

“Then you as a bank and then financial institution can help me in all my life decisions. It’s really about how you can get closer to me, know me better in a way that helps me, and gets a deeper level of engagement.”

Historically, financial institutions have been trying to obtain information about us and our activity through our records and what we might be able to buy and acquire from others.

Ranger predicts the future will be how much you engage directly with me and therefore know more about me.

“The change that is coming is that individuals will own their data so that you will see with PSD2, the second Payment Services Directive,which breaks down the bank’s monopoly on their user’s data, the ability for a person to move from one entity to another.

“But actually it can move from one entity back to the individual and then the individual can choose to share it, and you can go directly to the individual, to get what we would call “richer data”, because it’s not just financial data you can now ask for, you will ask for health data, purchase data, intent, where people have been and get a much better idea.”

NHS Deepmind and the need for transparency in personal data use

Data Privacy, , , , ,

The NHS Deepmind deal has been heavily criticised by the Information Commissioner’s Office (ICO) for serious privacy erosion that fell foul of the Data Protection Act

The deal, which shared NHS patient data of 1.6m people with Google’s AI company Deepmind, had “several shortcomings” including that patients were not adequately informed that their data would be used as part of the tests on an app designed to diagnose serious kidney injury.

Elizabeth Denham, Information Commissioner, said in a statement: “There’s no doubt the huge potential that creative use of data could have on patient care and clinical improvements, but the price of innovation does not need to be the erosion of fundamental privacy rights.

“Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening.

“We’ve asked the Trust to commit to making changes that will address those shortcomings, and their co-operation is welcome. The Data Protection Act is not a barrier to innovation, but it does need to be considered wherever people’s data is being used.”

Deepmind has admitted that: “We were almost exclusively focused on building tools that nurses and doctors wanted, and thought of our work as technology for clinicians rather than something that needed to be accountable to and shaped by patients, the public and the NHS as a whole. We got that wrong, and we need to do better.”

There are two fundamental lessons here – and they will be applicable going forward as they are today.

The first is that privacy and innovation can live hand-in-hand. Access to better quality data is a huge boon for innovation across all sectors, but it has to be permissioned and not just handed over. That’s a fundamental human right of the people involved, as well as best practice for ensuring fully accurate data that has the most value. Greater transparency benefits us all.

The second is that users need to be in control of their data, not third parties. This is how situations like this are avoided – by giving individuals control over the data that is about, or created by, them.

In the digi.me world, it then becomes their choice, and theirs alone, what happens to that data. And that’s exactly as it should be.

MEF Global Consumer Trust study 2017: all hail the rise of the savvy user

Data Privacy, , , ,

A new influential report on consumer trust has found heightened awareness of privacy issues is leading to encouraging changes in behaviour.

The annual Global Consumer Trust study from Mobile Ecosystem Forum found that privacy is the biggest trust-related concern for 16pc of those interviewed.

Growing awareness of privacy, security and identity issues is also prompting distinct changes in behaviour, with 75pc of respondents saying they always or sometimes reading privacy policies and terms of conditions before signing up to mobile apps or services.

In what the report dubs the emergence of the Savvy Consumer, 86pc will go on to take some kind of action if their trust is challenged.

Almost half will stop using a service (a year-on-year increase to 44pc from 38pc) and nearly one in three (30pc) will warn friends and family.

At the same time, the Savvy Consumer also rewards businesses they trust with almost half (47pc) recommending them to friends and family, and 44pc leaving a positive review.

The report, based on a 10-country study carried out by On Device Research on behalf of MEF, also shows that consumers recognise the value of services created by offering more control and choice over how their personal data is managed.

When asked what consumers would value in exchange for their sharing, personal data privacy-protection and access to their data (31pc) was judged to be more important than financial rewards (29pc) and discounts (22pc).

One in three (33pc) understands that the benefit of transferring data between providers – portability – might save them time, and one in four (25pc) would appreciate faster identity verification.

Rimma Perelmuter, MEF’s CEO commented: “MEF’s annual consumer trust study is a barometer of evolving consumer attitudes and carries significant lessons for the mobile ecosystem. This year’s study shows a paradigm shift with the emergence of the ‘Savvy Consumer’ and identifies clear business benefits for all stakeholders to create data-driven services built on trust, transparency and control.

“Heightened consumer sensitivity combined with increased awareness of the value of their personal data means that the industry needs to shift its mindset and default to a position of putting the consumer first. The opportunity is to design products and services or create new business models that are based on a fair and trusted value exchange in order to meet changing consumer demands.”

When asked what makes an app or service trustworthy, more people (33pc) pointed to a ‘clear, simple privacy statement’ than any other response.

More than half (53pc) said it was extremely important to know that an app or service is using their personal data and 61pc said it was important that a company deletes personal data held when asked.

MEF’s Global Consumer Trust study is supported by ForgeRock, Orange, and digi.me. On Device Research surveyed 6,500 consumers in 10 markets: Belgium, China, France, Germany, Poland, Romania, South, Africa, Spain, UK and USA in Q2 2017.

We need to decentralise personal data stores. And we need to do it now

Data Privacy

Another month, another huge cyber attack taking out huge numbers of businesses and organisations across the world.

The spread of this new ransomware attack is slower than last month’s Wannacry one, which paralysed large sections of the UK’s National Health Service.

But it is still causing problems for major companies, including many in the Ukraine which has been hit particularly hard this time around.

The data is being held to ransom, reportedly for the reasonably small amount of $300, but it’s unclear at the time of writing what the overall motive is.

But what is clear – glaringly so – is that these kinds of attacks will keep wiping out sections of society and large servers while huge troves of very valuable data are held centrally.

In the same way that banks are attractive to thieves for the wealth of month they contain under one roof, servers rammed with personal data are like honeypots for criminals looking to get hold of information they can use and abuse.

The obvious answer is to decentralise that data: no mass of information in one place would surely equal a vastly reduced hacking risk. Not to mention a reduction in the costs of storing and (at least attempting to) secure it in the first place.

And of course the individual would be the main beneficiary – owning, controlling and securing their own data through platforms like digi.me, under the Internet of Me vision.

It’s coming, it makes sense – and soon the rest of the world will catch up with those of us who already believe.