Tag Archives: privacy

Birgit Sippel makes first public statement on ePrivacy – and why it shouldn’t stifle innovation

The European Parliament’s new Special Rapporteur for the proposed ePrivacy Regulation, German MEP Birgit Sippel, has made her first public statement setting out her beliefs – and she didn’t mince her words.

Speaking at the IAPP Europe Data Protection Congress, she told a sold-out event that online and offline privacy should be afforded the same status:

“Would you allow a stranger to go into your bedroom or look through your drawers without your permission?” she asked. “No, you probably wouldn’t.”

Sippel also called for over the top (OTT) providers, including services such as messaging and dating apps, to be covered by the ePrivacy Regulation, arguing: “Some of us may send an SMS text, while others may use a service like WhatsApp. One is covered by the current ePrivacy Directive, while the other is not. Consumers need the same protections for both.”

She also called for an abolition of surveillance-driven advertising – and the need for implemented legislation to make good on universally-agreed freedoms such the right to personal privacy.

One key theme from her speech was that businesses have the answers to innovating with privacy – and that compliance with privacy regulation need not stifle new ideas.

She said that businesses are innovative and should be able to create ways of obtaining meaningful consent without causing consumer fatigue.

Here at digi.me, where we have built a bespoke Consent Access platform so our users – and those who want consented access to their data – can do just that, we couldn’t agree more.

New legislation will always bring challenges, but in rising to meet those we create superior products that exceed consumer expectations while being compliant.

And that’s certainly a win-win situation for everyone. So here’s to innovation!

Digi.me delighted to have signed MyData Internet of Me principles

We are delighted to have signed up to the Declaration of MyData principles, and urge anyone else with an interest in how personal data is held and managed to sign too.

The principles, which are a first version and will evolve with a second version expected after feedback in six months, are designed to “make sure individuals are in a position to know and control their personal data, but also to gain personal knowledge from them and to claim their share of their benefits.”

As the introductory text notes: “Today, the balance of power is massively tilted towards organisations, who alone have the power to collect, trade and make decisions based on personal data, whereas individuals can only hope, if they work hard, to gain some control over what happens with their data.

“The shifts and principles that we lay out in this Declaration aim at restoring balance and moving towards a human-centric vision of personal data. We believe they are the conditions for a just, sustainable and prosperous digital society whose foundations are:

  • Trust and confidence, that rest on balanced and fair relationships between people, as well as between people and organisations;
  • Self-determination, that is achieved, not only by legal protection, but also by proactive actions to share the power of data with individuals;
  • Maximising the collective benefits of personal data, by fairly sharing them between organisations, individuals and society.”

The six key principles are human-centric control of personal data, the individual as the point of integration, individual empowerment, data portability and re-use, transparency and accountability and interoperability.

MyData hopes that organisations and companies working in the personal data ecosystem will take and use these principles, to further their own projects, as well as build their own trust frameworks and terms of service.

They accord strongly with our own Internet of Me vision, with the individual at the centre of and in control of, their connected life. And we are also very happy to be a sponsor of the MyData conference next week in Tallinn and Helsinki.

Watch out for more updates on that!

 

Digi.me merges with Personal to create global personal data control powerhouse

Digi.me and Personal are combining forces through a merger, bringing together the leading European and US companies in the emerging personal data ecosystem to provide a single integrated solution for consumers and businesses.

Both companies have pioneered innovative technologies to empower individuals to gain control over the growing amount of data and analytics about themselves that fuels the digital world. They directly address the challenge of enhancing privacy while increasing the ability of people to benefit from sharing and analysing data, including by apps on a mobile phone without the data ever having to leave the phone.

The combined business will be called digi.me, with its global HQ near London in the UK and the US operation based in Washington, DC. Personal’s enterprise solutions, known as TeamData, will be spun off as a separate information security and productivity company for businesses. The combined global workforce of over 60 people will continue to work for digi.me.

“We are excited to bring together the best of digi.me and Personal to accelerate the growth of our combined products and network of partners,” said Julian Ranger, Founder and Chairman of digi.me. “We have each built complementary infrastructure and products necessary for individuals to easily aggregate and share data whilst maintaining its security and privacy. It’s a win-win for individuals and for companies who embrace this model of transparency and trust.”

“Everything is powered by data today, but without clear benefit for the individual,” said Shane Green, Co-founder and CEO of Personal, who will serve as CEO of digi.me (US). “In a world of rapidly expanding artificial intelligence, analytics and personalised experiences, it is critical that we as individuals have the tools and rules to ensure our interests are also served by our data.”

Digi.me and Personal have raised over $45 million between them, attracting leading investors such as the Omidyar Network, SwissRe, Planetary Holdings, TCS Capital Management, Allen & Company, Revolution Ventures, Ted Leonsis and Esther Dyson.

Digi.me allows individuals to easily aggregate a broad and deep range of their social media data from Facebook, Instagram, Twitter, Pinterest, Flickr and other popular sources along with financial data from hundreds of sources in a secure library.

Companies and developers can then use digi.me’s APIs to request access to integrated data sets to provide better data-driven experiences, services, and rewards, and to provide other benefits like rich personal analytics. Health, wearable and music data will also be available soon after the merger. Current partners of digi.me include Swiss Re, Western Digital, Lenovo, Amgen, Dattaca Labs and FNAC.

Personal is focused on secure, collaborative creation and management of reusable data constantly needed by people at home and work to complete thousands of information-related tasks. It supports a multitude of data types from passwords, credit cards and IDs to detailed data for office and home use such as insurance, health and personal data of employees and family members. A free version of Personal’s TeamData app will be available for individual use following the merger and will be integrated into digi.me later this year.

The combined version of digi.me and Personal will allow seamless management of thousands of different types of both feed and manually-created data, supported by the industry’s leading structured data ontology and data normalisation technology. It will also allow secure sharing and far richer data-driven experiences between individuals and third party apps, and allow companies to reduce business and regulatory risks by requesting access directly from users.

“People assume there is a fundamental trade-off between sharing data and privacy, with Americans historically favouring sharing and Europeans favouring privacy” said Rory Donnelly, CEO of digi.me. “That no longer has to be the case when the individual controls much of the critical data about them and their lives. We are delivering the exact permission-based technology solution regulators and CEOs have been seeking.”

“There simply isn’t any way we can create this exciting, data-driven future without individual agency over data,” said CV Madhukar, Investment Partner at Omidyar Network. “Companies can use data to improve our lives, but their interests must be balanced with that of the individual: users must always have choice over who they reward with their trust and data.”

Find more information about digi.me, including the app, at https://www.digi.me, Teamdata is at https://teamdata.com/

MEF Global Consumer Trust study 2017: all hail the rise of the savvy user

ISPs selling personal data: we need to frame the debate around consent

The US Senate’s vote to roll back rules preventing ISPs from collecting and selling personal data has generated an enormous amount of controversy.

On the one hand, de-regulating the stifled and stagnating US economy is a necessary move to restart growth and boost innovation.

And of course everyone understands businesses want and need data – it’s their fuel, their magic juice – and something they rely on heavily to try and stay ahead of their competitors.

But those arguments, valid as they are to a degree, overlook the big elephant in the room: consent. Specifically, the rights of individuals to have a say in what happens to some pretty sensitive personal data collected about them through their full browsing history.

Consent is the missing ingredient in this current debate – and its omission means all sides lose out.

Individuals, of course, lose out in this equation because their personal data is being sold on behind their backs without their consent, or indeed without any benefit to them.

But businesses are losing too because they would get better quality, more useful data if they went direct to the source – the individual themselves – and offered something desirable as an exchange.

Additionally, their ability to thrive depends on them being able to deliver the right offer to the right person at the right time. This, in turn, requires better engagement overall, and engagement means conversation. What better way to have a conversation then by starting the relationship asking for data rather than taking or buying it?

Of course, here at digi.me, where we have built our vision on the Internet of Me principles and ideals of the individual at the centre of their connected world, in control of what happens to their data, it’s no big surprise which side we are leaning towards.

But it’s clear there are an ongoing debate and awareness-raising to be had about ethics and best practice around the issue of personal data.

While the House has now also voted in favour of this bill, it’s not completely clear whether the White House will sign it without amendments.

But President Trump has said time and time again that he is the people’s voice – and now is a perfect time for this new Administration to hear this voice.

There are increasingly ways, such as digi.me, for both privacy and data-sharing to be compatible, and these should be explored –  although consent is always the better choice, resulting as it does in a more meaningful dialogue.

The bottom line here is that the ISPs are acting perfectly legally, and feeding businesses who are desperate for data and know – at the moment – of no other way to get it.

This change will come, both in awareness and through legislation such as the EU GDPR, which gives many more rights back to individuals around their personal data, and which we firmly believe will prove to be a boon to businesses and innovation when it comes into law next year.

But until then the focus should not be on condemnation or scorn, but showing a better way through the use of data consented at the source.

Then, and only then, can we move forward into a world where our data is ours alone and we share it only through choice.

10 key things you need to know about the EU GDPR and personal data

The General Data Protection Regulation (GDPR) becomes law across Europe in May 2018, replacing a patchwork of data protection laws across the various member states and essentially making privacy the new norm.

Wide-ranging in its scope, a key theme is returning a lot more power over personal data to individuals, who will have new and increased rights over what personal data is collected, what it can be used for and what happens when they want to remove consent.

The GDPR also includes a ‘right to be forgotten’ as well as the right to know when your personal data has been hacked and replaces rules dating back to 1995 when the internet was in its infancy.

Completely in tune with digi.me’s vision to unlock the power of personal data by returning control and ownership to those who create it in the first place, the new law will apply to all businesses not just based in the EU, but also those dealing with EU citizens.

Here’s a quick guide to the main features:

  1. Privacy by design means that when you download an app or sign up for a service, you should not be asked for data that is not directly needed or relevant for the purposes of interacting with that app or service. Services should no longer be asking for capabilities they don’t actually need, which will immediately restrict data leakage.
  2. Explicit permission means just that – when you give permission to an app or website to have or use your details in a specific way, they can’t use it for any other purpose or, crucially, sell it on to third parties.
  3. Data portability gives you the right to ask for any data that a company has about you, which should be returned in a machine-readable form so that you can reuse it, for example to give it to another service provider.
  4. Giving someone your data doesn’t mean they will always have access to it – under the GDPR you have a right to be forgotten and will be able to ask companies or platforms to delete your data if you no longer want them to have it. The two caveats to this are a) that this won’t apply to some information that there is a legal requirement to keep, for example medical records and b) that it is also a personal right to forget, distinct from the 3rd party Right to be Forgotten, where individuals can request that outdated or undesirable information about them be removed from search engines. (read more about the difference here)
  5. Clear and affirmative consent will be needed before private data is processed and this will require an “active step” such as ticking a box. The Parliament is clear that “silence, pre-ticked boxes or inactivity will thus not constitute consent. In future, it should also be as easy for a person to withdraw consent as to give it.”
  6. Right to be informed in plain and clear language – MEPs have insisted that the new rules will put an end to “small print” privacy policies and that information should be given in clear and plain language before any data is collected.
  7. Clear limits on the use of profiling – new limits where automated processing of personal data is used to “analyse or predict a person’s performance at work, economic situation, location, health, preferences, reliability or behaviour”, including creditworthiness. Under the new regulation, profiling would generally only be allowed with the consent of the person concerned, where permitted by law or when needed to pursue a contract and should comprise a human element, including an expectation of the decision to be reached. MEPs also insisted that profiling should not lead to discrimination or be based solely on sensitive data, such as ethnic origin, political opinions, religion or sexual orientation.
  8. One law for the whole continent – one of the biggest attractions is that Europe will now be covered by one law, applied in the same way everywhere, instead of a patchwork of national ones. Eliminating the need to consult local lawyers in each country a business has dealings or premises will see direct cost savings as well as legal certainty. Savings from dealing with one pan-European law rather than 28 are estimated at €2.3bn per year.
  9. Regulatory one-stop shop – businesses will only have to deal with one regulatory body rather than 28, making it simpler and cheaper for companies to do business in the EU.
  10. The new rules promote techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymisation (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorised can read it) to protect personal data.

Overall, the new data protection rules give businesses opportunities to remove the lack of trust that can affect people’s engagement through innovative uses of personal data, while giving individuals clear, effective information about what their data is being used for will help build trust in analytics and innovation for the benefit of all.

The new rules will be backed up by harsh sanctions including fines of up to 4pc of a company’s global turnover if they don’t comply.

UK’s data protection body issues GDPR guidance on consent

The Information Commissioner in the UK has drafted guidelines for what businesses and organisations handling personal data will need to do to comply with the new GDPR out for consultation.

In the draft guidance, the ICO notes that: “The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how you use their data.

“When consent is used properly, it helps you build trust and enhance your reputation.”

The draft guidance’s key points include:

• Doing consent well should put individuals in control, build customer trust and engagement, and enhance your reputation.

• Consent means offering individuals genuine choice and control.

• Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of consent by default.

• Explicit consent requires a very clear and specific statement of consent.

• Keep your consent requests separate from other terms and conditions.

• Be specific and granular. Vague or blanket consent is not enough.

• Be clear and concise.

• Name any third parties who will rely on the consent.

• Make it easy for people to withdraw consent and tell them how.

• Keep evidence of consent – who, when, how, and what you told people.

• Keep consent under review, and refresh it if anything changes.

• Avoid making consent a precondition of a service.

Overall, the draft guidance sets out how the ICO interprets the GDPR, key changes from existing data protection regulation, and its general recommended approach to compliance and good practice.

But it is also clear that the guidance will need to evolve both to take account of future guidelines issued by relevant European authorities, and according to experience once the law is in place from May of next year.

Ad-blocking up 30pc in 2016 as privacy becomes a hot button topic

A new worldwide report into ad-blocking has found that 615 million devices globally are blocking ads on the web.

To put that in context, that figure represents over one in ten people online, and is also up 30 per cent in 12 months.

The state of the blocked web survey, by Adblock, presents a combined picture of desktop and mobile adblock usage for the first time, and found that ad-blocking on mobile is exploding, particularly in Asia.

Key stats to be aware of:

  • 615 million devices now use adblock
  • 11% of the global internet population is blocking ads on the web
  • Adblock usage grew 30% globally in 2016
  • Mobile adblock usage grew by 108 million to reach 380 million devices
  • Desktop adblock usage grew by 34 million to reach 236 million devices
  • 74% of American adblock users say they leave sites with adblock walls
  • Adblock usage is now mainstream across all ages

Certainly privacy is one of the key drivers fuelling this phenomenon, as people tire of intrusive ads tracking them around the web, although the ads’ impact on page loading speed as well as bloated pages eating through data allowances are also significant factors.

So what does the ad-blocking surge mean for the privacy landscape?

Well, the numbers involved are obviously significant, which means we have a rapidly-growing online population that will modify online behaviour to avoid things that worry or irritate. And they’re doing it at scale, and across all devices, with the mobile ad-blocking increase predicted to hit North America and Europe next.

Also control is key – while this is not a revolt against digital advertising per se, rather the methods it employs, the internet population is increasingly showing it won’t be forced to watch or download things it doesn’t want to, because there is now another way.

With awareness around personal data issues also growing exponentially, this is heartening news – because the old ways are being disrupted in this industry, too, and technology such as digi.me is innovating in a way which again will benefit the consumer with minimal hassle to implement.

So all hail the ad-blocking army – user control and willingness to use a tech solution that shows a better way is good news for everyone driving the Personal Data Economy forward to a person-centred Internet of Me.

How sharing more personal data can lead to greater privacy online

The very concept of online privacy is often described as a myth, and while it’s not hard to see why, it’s more wrong now than it has ever been.

Yes, our personal data is scattered about the web, traded, sold on and held in multiple places that we can neither access nor delete – but the dominance of that situation will soon be the past, with the glorious forces of the Internet of Me riding in to replace it.

The IoM will enable all of us, no matter who we are, to take back control of our data and shape what happens to it and who is allowed to see it.

We don’t benefit from our data being traded at the moment, but the Internet of Me will flip that so that we are the primary beneficiaries, sharing that data on our own terms only when we are happy with what is offered in return.

And businesses win too, finally getting access to data that is 100 per cent accurate and rich in both depth and time – just what innovation needs. And society needs innovation, especially in areas such as health where a mass of accurate data can be hard to obtain.

Of course, online privacy has always been fluid when set against the norms of the offline world.

But the last decade has also seen personal perceptions of privacy change and evolve dramatically with the explosion in online services and social networks on which many of us regularly post huge amounts of personal information.

So how does all of this combine to create a more private world? The simple answer is technology, more specifically digi.me and other application advances that mean processing can be brought to the data, instead of data always having to be handed over.

At the very heart of the digi.me vision is the abilty for each individual having their data in a 100 per cent secure and private library under their control that we, the company, can never see, touch nor hold.

But the arrival soon of our Consented Access platform means you will be able to share your data with a company without it ever leaving your handset, as they can give permission for an app to simply run an algorithm over your data, which returns only the results and means the data never leaves your device.

More sharing, AND greater privacy for your data, is a pretty spectacular combination. And in addition to being more private, this body of data you collect through digi.me- which will shortly include financials and health – creates a body of information that is immensely more powerful than the sum of the parts scattered before this aggregation.

Incoming legislation called the GDPR will also shape this brave new world, creating much more user-centric stringent regulations on the collection of use of personal data, as well as substantial fines for non-compliance.

So privacy online becomes more about choice, with us as the guardians of our own privacy, choosing who else has access and on what terms.

There is no quick overall privacy fix, but one of the aims of digi.me will always be to return ever more privacy to its users and thus be the enablers of an increasingly private world.

Digi.me featured on Entrepreneur

Personal data and the lack of consumer trust and control over what is held by others is becoming one of the defining issues of our times.

And our founder and chairman Julian Ranger is now firmly established as an expert in how this can all be handled so much better than at present.

He is quoted extensively in this new Entrepreneur.com article looking at 4 Ways the Fight Over Data is Getting Way More Personal, which covers the fact Facebook effectively has a global monopoly as well as how new European regulation will change the face of personal data.

It also looks at how both technological advancements and public opinion are both challenging the status quo, with a focus on digi.me and its vision to bring back control to the user, putting them at the centre of their connected world in the Internet of Me.

It’s well worth reading in full, and is summed up by this very apt statement: “It will be exciting to see how entrepreneurs step into this space. In the same way that the Internet connected us in a way that few people could have imagined, returning data to its owners could change the Internet into a vastly different place yet again.”

Hurrah to that!