Category Archives: Data Privacy

Digi.me’s Julian Ranger featured in article on the future of digital identity

Data Privacy, , ,

Julian Ranger, digi.me’s founder and Executive Chairman, has been featured in a recent edition of Luxembourg for Finance’s Leo Magazine, following a speaking slot at the Fintech Luxembourg event in March

In the text below, taken from the article, he outlines how he sees the emerging identity landscape developing and evolving in the future:

“We have always been multi-dimensional,” says digital identity entrepreneur Julian Ranger, whose vision is to rethink the data value exchange.

“The question is, are our financial services able to support that multi-dimensionality and work for me across all of those dimensions?”

How secure is data in your own hands?

Ranger is Chairman and Founder of digi.me, an app which lets you gather all your data together privately. It then enables you to share it with businesses, in return for value which might be a service, for convenience or a reward. This is called the Internet of Me, where you are at the centre of your digital life, owning and controlling your data.

“If you consider identity not to be just identification of data, but all the things that I do, then it’s a holistic through-life process, and you should be using digital identity by engaging directly with me and looking at me across all aspects of my life.

“Then you as a bank and then financial institution can help me in all my life decisions. It’s really about how you can get closer to me, know me better in a way that helps me, and gets a deeper level of engagement.”

Historically, financial institutions have been trying to obtain information about us and our activity through our records and what we might be able to buy and acquire from others.

Ranger predicts the future will be how much you engage directly with me and therefore know more about me.

“The change that is coming is that individuals will own their data so that you will see with PSD2, the second Payment Services Directive,which breaks down the bank’s monopoly on their user’s data, the ability for a person to move from one entity to another.

“But actually it can move from one entity back to the individual and then the individual can choose to share it, and you can go directly to the individual, to get what we would call “richer data”, because it’s not just financial data you can now ask for, you will ask for health data, purchase data, intent, where people have been and get a much better idea.”

NHS Deepmind and the need for transparency in personal data use

Data Privacy, , , , ,

The NHS Deepmind deal has been heavily criticised by the Information Commissioner’s Office (ICO) for serious privacy erosion that fell foul of the Data Protection Act

The deal, which shared NHS patient data of 1.6m people with Google’s AI company Deepmind, had “several shortcomings” including that patients were not adequately informed that their data would be used as part of the tests on an app designed to diagnose serious kidney injury.

Elizabeth Denham, Information Commissioner, said in a statement: “There’s no doubt the huge potential that creative use of data could have on patient care and clinical improvements, but the price of innovation does not need to be the erosion of fundamental privacy rights.

“Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening.

“We’ve asked the Trust to commit to making changes that will address those shortcomings, and their co-operation is welcome. The Data Protection Act is not a barrier to innovation, but it does need to be considered wherever people’s data is being used.”

Deepmind has admitted that: “We were almost exclusively focused on building tools that nurses and doctors wanted, and thought of our work as technology for clinicians rather than something that needed to be accountable to and shaped by patients, the public and the NHS as a whole. We got that wrong, and we need to do better.”

There are two fundamental lessons here – and they will be applicable going forward as they are today.

The first is that privacy and innovation can live hand-in-hand. Access to better quality data is a huge boon for innovation across all sectors, but it has to be permissioned and not just handed over. That’s a fundamental human right of the people involved, as well as best practice for ensuring fully accurate data that has the most value. Greater transparency benefits us all.

The second is that users need to be in control of their data, not third parties. This is how situations like this are avoided – by giving individuals control over the data that is about, or created by, them.

In the digi.me world, it then becomes their choice, and theirs alone, what happens to that data. And that’s exactly as it should be.

MEF Global Consumer Trust study 2017: all hail the rise of the savvy user

Data Privacy, , , ,

A new influential report on consumer trust has found heightened awareness of privacy issues is leading to encouraging changes in behaviour.

The annual Global Consumer Trust study from Mobile Ecosystem Forum found that privacy is the biggest trust-related concern for 16pc of those interviewed.

Growing awareness of privacy, security and identity issues is also prompting distinct changes in behaviour, with 75pc of respondents saying they always or sometimes reading privacy policies and terms of conditions before signing up to mobile apps or services.

In what the report dubs the emergence of the Savvy Consumer, 86pc will go on to take some kind of action if their trust is challenged.

Almost half will stop using a service (a year-on-year increase to 44pc from 38pc) and nearly one in three (30pc) will warn friends and family.

At the same time, the Savvy Consumer also rewards businesses they trust with almost half (47pc) recommending them to friends and family, and 44pc leaving a positive review.

The report, based on a 10-country study carried out by On Device Research on behalf of MEF, also shows that consumers recognise the value of services created by offering more control and choice over how their personal data is managed.

When asked what consumers would value in exchange for their sharing, personal data privacy-protection and access to their data (31pc) was judged to be more important than financial rewards (29pc) and discounts (22pc).

One in three (33pc) understands that the benefit of transferring data between providers – portability – might save them time, and one in four (25pc) would appreciate faster identity verification.

Rimma Perelmuter, MEF’s CEO commented: “MEF’s annual consumer trust study is a barometer of evolving consumer attitudes and carries significant lessons for the mobile ecosystem. This year’s study shows a paradigm shift with the emergence of the ‘Savvy Consumer’ and identifies clear business benefits for all stakeholders to create data-driven services built on trust, transparency and control.

“Heightened consumer sensitivity combined with increased awareness of the value of their personal data means that the industry needs to shift its mindset and default to a position of putting the consumer first. The opportunity is to design products and services or create new business models that are based on a fair and trusted value exchange in order to meet changing consumer demands.”

When asked what makes an app or service trustworthy, more people (33pc) pointed to a ‘clear, simple privacy statement’ than any other response.

More than half (53pc) said it was extremely important to know that an app or service is using their personal data and 61pc said it was important that a company deletes personal data held when asked.

MEF’s Global Consumer Trust study is supported by ForgeRock, Orange, and digi.me. On Device Research surveyed 6,500 consumers in 10 markets: Belgium, China, France, Germany, Poland, Romania, South, Africa, Spain, UK and USA in Q2 2017.

We need to decentralise personal data stores. And we need to do it now

Data Privacy

Another month, another huge cyber attack taking out huge numbers of businesses and organisations across the world.

The spread of this new ransomware attack is slower than last month’s Wannacry one, which paralysed large sections of the UK’s National Health Service.

But it is still causing problems for major companies, including many in the Ukraine which has been hit particularly hard this time around.

The data is being held to ransom, reportedly for the reasonably small amount of $300, but it’s unclear at the time of writing what the overall motive is.

But what is clear – glaringly so – is that these kinds of attacks will keep wiping out sections of society and large servers while huge troves of very valuable data are held centrally.

In the same way that banks are attractive to thieves for the wealth of month they contain under one roof, servers rammed with personal data are like honeypots for criminals looking to get hold of information they can use and abuse.

The obvious answer is to decentralise that data: no mass of information in one place would surely equal a vastly reduced hacking risk. Not to mention a reduction in the costs of storing and (at least attempting to) secure it in the first place.

And of course the individual would be the main beneficiary – owning, controlling and securing their own data through platforms like digi.me, under the Internet of Me vision.

It’s coming, it makes sense – and soon the rest of the world will catch up with those of us who already believe.

Guest post: What is Ransomware and how can I protect my system?

Data Privacy,

You may have seen this cyber threat in recent news with organisations being hit by a new wave of computer hacking that takes data and files for ransom. So what is ransomware? In simple terms this type of cyber hacking comes in the form of a virus designed to hold your files and data to ransom in turn for a sum of money. This type of virus like many others sees potential security vulnerabilities in your system and exploits them. This type of threat may trick you into installing the virus through software downloads or sending malicious links / files via email which when deployed, then proceeds to encrypt various data on a machine or even an entire hard drive. A warning will then popup on screen which will threaten the user to pay up to receive the decryption key otherwise after a specific period, their data will be deleted.

A computer virus that blackmails you

This type of computer virus has been more frequent in the past few years. The most well-known example in recent weeks saw the UK’s National Health Service get hit by the ransomware virus known as WannaCry but this was not an isolated incident, as organisations globally were attacked in a short space of time, which calls for everyone to be extra vigilant especially when downloading from unknown sources. For the most part, these ransomware viruses are hidden behind popular apps, which increase the chance of you clicking through to download. It’s not just PCs that have been affected by this cyber attack, hackers have become sophisticated in their techniques and warnings about mobile app downloads have been highlighted.

So how does ransomware work?

Like many cyber attacks, ransomware often comes from emails or conspicuous software updates. In these emails you’ll find a link or an attachment to open, be warned, as the damage starts in being opened. The ransomware soon gets to work encrypting your files and then locks the computer down, with a fee to retrieve everything.

How can I avoid a ransomware attack?

The message for anyone concerned about cyber attacks is to avoid opening anything suspicious or unexpected. Some emails can look very convincing, some often concealing the real sender, so be extra careful when clicking on links and attachments especially from sources that you do not know.

My system has been attacked is there anything I can do to avoid paying the ransom?

If you’ve been unlucky enough to open an email with the ransomware virus and you’ve proceeded to click a link or download an attachment, there may be some things you can do to retrieve your files before handing over any cash to the perpetrators. Firstly check your backups. This is especially important to companies as large amounts of data can fall quickly at the hands of the hackers with the potential of never being able to retrieve it. If your backup is recent and relevant, this can then be recovered. You may experience some downtime and a minor amount of data loss but this backup could be crucial in restoring as much of your original data as possible before the attack.

Another thing to remember is avoid paying the hackers. When you’re in panic mode and fears about your cyber security are running high, it may seem an easy option to pay them and get back the access to your system. This could potentially open you up to future threats as paying the hackers offers them an olive branch for future blackmailing. In some cases, all paying the hackers has done is let them know that you are willing to pay them to gain access back to your data and then they just increase their demands and just get as much as they can out of you.

So, can I decrypt my encrypted files?

It is strongly advised to see a professional expert in this field because attempting this yourself is a tricky procedure and if anything goes wrong, it could completely lock you out of your data for good.

How can I protect my system and data?

Back up

One of the first and most important things in preventing data loss in any circumstance is backing everything up. This should also be on a separate system and happen on a regular basis. A good location is onto an external hard drive that isn’t connected to the internet.

Be suspicious of emails, unfamiliar websites and mobile apps

This is another important prevention method that is communicated regularly. For ransomware to work, you need to download it, so be wary of any attachment or links in emails that you look suspicious and where you do not know the sender. For mobile, avoid downloading apps that haven’t be verified by an official store and be sure to read any reviews before installing on your phone.

Use decent and usually paid anti-virus software

This handy piece of software is a great prevention method when protecting your computer against a range of threats. Most antivirus programs are able to detect ransomware before downloading them and give you warnings about malicious websites before you start exploring them. Be warned though, a lot of ransomware can go undetected by free anti-virus software, it is worth investing in a decent anti-virus program that could save your business big-time in the long-run.

Install recommended updates on your computer

We all know the drill and that pesky message telling us to install the latest updates, well this is an important and easy way to keep your system updated with the latest security patches. It’s advisable to download them when they are available and for larger companies, this should be an important part of your system management to protect company data.

Now Apple gets it too – the importance of owning your own health data

Data Privacy, , ,

The importance of owning your personal data on your terms is of critical importance to us here at digi.me.

And health data is front and centre of that, which is why we have just launched a living lab in Iceland, allowing citizens there to download an electronic version of their health record. Exciting stuff and a world first – but mainly incredibly useful for all sorts of reasons.

Holding your own data so you can do more with it guides everything we do, so we were delighted that Apple is apparently working along the same lines as us.

According to this report: “CNBC has learned that a secretive team within Apple’s growing health unit has been in talks with developers, hospitals and other industry groups about bringing clinical data, such as detailed lab results and allergy lists, to the iPhone, according to a half-dozen people familiar with the team. And from there, users could choose to share it with third parties, like hospitals and health developers.”

As with digi.me, the applications for work like this are legion, ranging from simply having all your health data at your fingertips whenever you need it, to speeding up information sharing between different medical organisations and cutting out major time and frustrations for referrals.

The health service is ripe for reform, and health data is at the centre of that. So any work done in this arena is a boost to all, with the potential for truly universal benefits.

 

Demonstrating digi.me consent access at the BNP Paribas international hackathon in Paris

Data Privacy

Digi.me was delighted to attend BNP Paribas’s International Hackathon Weekend, which took place in ten cities around the globe simultaneously.

IMG_0192

We were part of Paris event, where challenges included finding solutions to common banking problems, and chose to try and solve the problem of authenticating documentation on demand

IMG_0195

Our solution told the story of Jean, who is trying to buy a new car in a hurry but has yet to sort out any financing.

hack1

No problem! Normally that would take ages, but in our scenario his bank, BNP, is working with digi.me, which streams in all his data sources. Now he is in control of his online life and can share his data with any party he wants

hack2

So Jean requests a quote from his BNP mobile banking app. BNP will need to see some of his personal data, so the app triggers a consent certificate to Jean’s digi.me account, stating what is being shared and why, and whether it is GDPR compliant. The data is then retrieved from Jean’s library, passed to BNP and run through their pricing engine. So far, so good.

hack3

Eligibility is checked and an offer sent in real time – but – small problem – it is conditional on seeing Jean’s ID. To meet this challenge, we provided a functionality for Jean to upload a picture of his passport to his Document Vault, where the data is automatically read, stored and shared with the bank, as well as authenticated.

The loan approval document is sent and Jean receives confirmation on his phone.

No more waiting for days or even minutes. Simply real time

Simple, scalable and secure. It’s proven. Welcome to the world of sharing. Welcome to digi.me

Digi.me allowing Icelandic citizens to download their own health data in world first

Announcements, Data Privacy, , ,

Digi.me’s unique personal data technology has allowed Iceland to become the first country in the world to make a digital copy of their health data available to its citizens.

The digi.me app is powering this innovative and collaborative living lab project, with the aim of giving users greater insight and control over their health and treatment, through having instant access to their own information which is stored in a secure, private library on their devices.

Open to every Icelander, this new initiative follows an Open Notes study with more than 13m participants in the US that showed simply giving access to health data leads to healthier living and reduced healthcare spending, through empowering patients and building stronger relationships with medical professionals.

Data including prescriptions and medications, vaccinations, allergies and medical admissions will be available to citizens who take part in the living lab instantly, and the project has the full support of the country’s Directorate of Health (DoH), which worked with local companies to develop an API to integrate with digi.me

A DoH spokesman said: “We hope that helping our citizens take more control over their health will have positive benefits for both them and our healthcare system as a whole.”

The living lab, which is a test bed prior to roll-out to other countries, is run by digi.me’s partner Dattaca Labs. Iceland was chosen because it is an exceptionally privacy-aware, tech-savvy and forward-looking nation, and the living lab environment will be used to further develop the digi.me app, as well as promote Iceland as an ideal incubator environment for businesses looking to test new products.

Julian Ranger, Founder and Executive Chairman of digi.me, said: “This is a significant moment for us at digi.me, but more importantly for individuals who will now be in control of their data and can gain more benefits from it.

The personal data ecosystem that results also benefits businesses, Government and society as a whole, and Iceland will lead the way in showing these benefits to a watching world wanting a privacy-enabled solution that allows us all to do more with personal data.”

Financial data will soon also be available for those in the living lab to download, thanks to major Icelandic banks also seeing the value of unlocking the power of personal data, with wearables data also coming imminently.

Digi.me has been making headlines for its personal data tool, which under a new release due shortly will allow additional data streams to be added, and shared with businesses for personalised rewards and services under a bespoke Consent Access process. It last year completed a Series A raise, where investors included Swiss Re and Omidyar Network.

Dattaca Labs is working with government and local Icelandic businesses and multi-nationals to create innovative services across a wide range of industries, including healthcare, finance and telecommunications. Its goal is to attract a wide range of companies and entrepreneurs to Iceland to develop innovative solutions in the health tech, fin tech and IoT spaces.

Fixing the personal data privacy paradox by sharing more

Data Privacy

Right now, you’re leaking data about yourself with every move you make online – and businesses, desperate to make themselves relevant, grab this from behind your back.

But what data they get is often out of date or just plain wrong, resulting in them wasting your time with poorly-targeted ads. Irritating for you, and no good to them either.

But you can’t do anything about this because you don’t own the data, even though you created it.

So what are your options? A traditional privacy seesaw suggests you share more and have less privacy, or lock down your data and don’t share it.

This set-up doesn’t work for individuals who can’t maximise use of their personal data and doesn’t help businesses who want to provide tailored services either.

Yet it doesn’t have to be this way – and when we change the perspective and put you, the individual, at the centre of your data – well, then things start to get really interesting…

How interesting? Well, using digi.me means you can share more of your personal data while increasing your privacy.

Our app lets you gather all your data together privately.

We also enable you to share it – with businesses in return for value which may be a service, for convenience or reward.

This is called the Internet of Me – where you are at the centre of your digital life, owning and controlling your data.

And it’s the only thing that makes sense. After all, who else would you trust with all the data about you?

So how does this change the privacy see-saw we talked about? Because you’re in charge of your information and where it goes.

So a bank can now ask you for information to assess your creditworthiness directly, for example. Today they can’t do this; they are reliant on 3rd party aggregators who often don’t have a full or even correct picture.

With digi.me, the bank can ask for your data, you can agree and your digi.me app will pass that data to the bank for the specific and sole purpose of calculating your creditworthiness – a contractual commitment enforced by the digi.me Consent Certificate you agree to. This allows you to share more data than today, but more privately and with you in control.

However, it can be even better than this specific example.

How? Well the bank received your data to calculate your creditworthiness, but in that scenario the bank has to store your data, protect it from being used incorrectly or being hacked – all costing the bank resources and money.

Yet all they really want is to know your creditworthiness score – your data is just a step on the route to that score.

Now that you own the data yourself why not bring the processing to the data, rather than the data to the processing? You can download a bank app and the app can look at your data, analyse it and ONLY send the creditworthiness score to the bank – your data never leaves your device.

So you have shared detailed financial data with the app but it has remained 100 per cent private to you – sharing more with greater privacy.

My favourite new example is an app to keep you healthy built on the digi.me platform for major health businesses.

This gives you health advice whilst processing your health and wearables data locally, not sharing anything with any 3rd party.

No data leaves your device, and yet you win by being healthier and the business wins by reducing healthcare costs and health insurance claims. 100 per cent private and a true win-win for both the individual and the business.

So you now own all your personal data and businesses get the 100 per cent accurate, rich and deep data that they can use to build tailored experiences.

Enabled by digi.me, this is the Internet of Me and it is here today.