Cross-posted from www.jlinc.com
This post sets out a vision for what could become a sustainable set of human-centric processes around the sourcing, management and use of personal data. Our context for doing so is that the current model for personal data management on The Internet is badly broken and has architectural limitations that are largely un-resolvable. That being the case, we believe that building capabilityon the side of the individual opens up the possibility of a more balanced, sustainable approach that moves beyond these architectural challenges.
This can best be explained via an example (using dummy organisations to illustrate).
- Our heroine, Alice has a car, and a record of that car in a personal data management service that she uses
- Takuma Motors, who manufactured her vehicle, have a record of Alice and her car
- Takuma of Edinburgh, the local car dealer who sold Alice her car and who maintain/ service it, have a record of Alice and her car
- The DVLO (Driver and Vehicle Licensing Office) have a record of Alice and her car
- Avivo Line (Alice’s car insurance provider) have a record of Alice and her car
- The RAA (Royal Automobile Association) who are Alice’s contracted roadside recovery provider have a record of her and her car
- Open Vehicle Finance, who provide Alice with financial services for the vehicle, have a record of her and her car
- White Box Telematics provide Alice with telematics services for her vehicle; they have a record of Alice and her car
So that’s eight separate records of Alice and her vehicle…. (there are actually several more but you get the point…). Eight records of the same thing does not feel like an efficient or environmentally-friendly architecture; and without a change in thinking this problem will only worsen as more ‘things’ get connected and move online or into apps. This architecture is the best we have available at present but has the following significant problems at lower levels of detail:
- Each separate place (website or app) that Alice has to go to see/ use/ maintain her data adds to the time it takes her (research shows that many of us are now managing hundreds of online accounts; all within the constraints of the same number of hours in a day…)
- Each separate place she has to go has their own, different privacy and data management policies – none of which Alice reads; the net result is that she does not trust any of them with optional data that she could otherwise contribute. This has a knock-on effect in that it drives tracking and surveillance based approaches to gathering data, which may be the best option available to organisations tactically, but these approaches further reduce trust over time in data sharing.
- Therefore, she does not engage with those external records as often as she might otherwise do
- In turn, she does not get the value she might from better understanding and using the data around her vehicle
- And her suppliers don’t get the engagement they want/ need
- The data deteriorates over time through lack of updates
- Alice’s suppliers then use out of date data in their various processes; each of which then is less optimal than it would be with well-maintained/ enriched data
That is pretty much how things work with present silo-ed, client-server architectures; i.e. the basics get done; but the overall customer experience and thus engagement is typically poor. We can now do much better than that.
So how might that be improved upon in practice? We propose a model that we call ‘co-managing my data’. By that we mean that multiple parties gather together and agree to share and jointly manage one or more data records in which they have mutual interest (Apple Health is a good early example of this). The critical enabler for this new model is that the individual (Alice) has her own modern data management tools on her side and is the point of integration for the co-managed data. One could consider that pre-Internet, most people would have a filing cabinet or similar in which they kept their own records of their various supplier relationships. A Personal Data Management Service (of which there will be many forms) could be thought of as a 21st century upgrade for that filing cabinet. DataYogi is one example of such a service; we’ll use that to illustrate how co-managing my data can work in practice. There are many more such services emerging.
The visual below shows what looks like a web form, but is actually a control panel/ dashboard – the difference being that in this co-managed model, different data attributes are managed by different connected organisations. The critical points of note in this visual are:
- The standard information sharing icon; this means that all data sharing is governed by a standard information sharing agreement. These are easily explained agreements in non-technical language with machine readable versions which both parties sign. A full audit trail is maintained of each data transaction under each agreement– not unlike current bank account transactions do for exchanges of money.
- The blue on/ off slider illustrates that Alice is always in control of who gets to read/ write / edit data in her data management system
- In this model there is a persistent connection between the two data repositories; i.e. when whichever party has write/ edit capabilities on an attribute makes a change, then it instantly shows up in the other linked places.
In this co-managed model, each data attribute on the individual side is typically a hive of activity. The key underneath the visual gives an indication of just some of the meta-data gathered and made available for use:
- Who/ what (organisation/ system/ sensor) brought this data into the system and when
- Who/ what (organisation/ system/ sensor) last updated it, and when (and which source takes precedence when there is more than one)
- What degrees of data verification are in play
- Who is the data attribute being onward shared with, on what basis, for what purpose
- What calculations, workflows/processes/ algorithms are utilising the data attribute
Whilst radically different from the current modus operandi; the co-managed model offers advantages for the various stakeholders.
For the individual (Alice):
- She gains the ability to access and use her data much more efficiently and effectively, saving her significant amounts of time and hassle
- She has one or more strategic control points for her data; so she can ensure she benefits from her data without being exposed to the many negatives in the current model
- For the organisation (the data controller in GDPR parlance)
- Through increased transparency and provision of genuine data control and data portability to the individual they visibly and demonstrably go above and beyond the minimum standards for privacy regulation compliance
- More trustworthy data relationships will lead to improved data flows from customers, with a knock-oneffect on all processes that utilise that richer, volunteered data
- For regulators and other personal data related stakeholders
- It is beneficial to be able to point to personal data eco-systems that go well above and beyond that where‘ data protection’ is the primary requirement, and genuine data control and empowerment is possible
For the overall eco-system
- Transparency and necessary open-ness of technologies, and many-sided user-choice makes for healthy eco-systems
- Data sharing and use scenarios in which alignment of incentives across the stakeholders will rise to the top (versus the current model in which huge swathes of data sharing are operating in a model where ethics and incentives are a huge barrier)
- This emerging eco-system offers the possibility for ‘demand’ side data to be rendered useful, aggregated with permission, and then optimised, in the same way that supply side data is highly evolved and optimised at present
The most obvious question at this stage is around how, where and when such a co-managed data eco-system might emerge. As ever this is difficult to predict with any certainty, but it is fair to say that the ‘when’ for that is much closer than ever due to a number of related factors:
- Critically, the technology that enables this is now well tested and scalable
- The cost of running personal data services is now sufficiently low as to not trigger an instant adoption imperative, and there is now a wide and growing choice of service provider (including a self-hosting)
- Current approaches to data sharing based on surveillance are increasingly being seen as at best unethical, and at worst illegal.
- Customer management metrics (e.g. cost of customer acquisition, development and retention) have not improved through the Internet age, despite huge increases in data availability. It is very clear that there is a huge amount of waste in the current surveillance/direct marketing model; both for organisations and their marketing spend, and for individuals see-ing an endless stream of mostly irrelevant messages.
- The costs of modern customer data platforms and integration hubs (an enabler for these co-management approaches) continue to fall, and accessibility/ usability is much improved
- Costs of designing, deploying and managing data protection compliance are massive and will continue to grow under the current model
- The Covid 19 pandemic has massively shaken up thinking around and knowledge of personal data management in the wider population – capabilities such as QR codes, test and vaccine credentials and digital wallets are now broadly understood.
- Progressive regulations, such as the upcoming EU Data Governance Act are laying the regulatory foundations for advanced data sharing practices (of which data co-management is one)
As to how this eco-system will emerge… It is likely that the greatest area of alignment that could drive adoption will be around customer-supplier relationships around significant data generating assets, products and services. That is to say, the sweet spots for data co-management between customer and supplier are likely to be in customer-service scenarios within the context of existing relationships and in relation to products/ services that have data components (or better still multiple data components). For example, cars and their ever-extending telematics capabilities; pensions or investments with constantly updating valuations, other financial products such as mortgages, properties with their many and varied components, all with warranties, bills, contracts and service issues, travel/ trips with multiple components, and computing devices with their multiple, often opaque data feeds.
From Spring 2022 DataYogi will offer a base level service through which individuals can invite organisations into co-managed data relationships, and vice versa – organisations can invite their customer bases to engage in this way. If your organisation is interested in being an early participant in this eco-system then please get in touch at email@example.com.
 The precise technical nature of the personal data management capabilities built on the side of the individual will be many and varied and the subject of a separate paper. Genuine control, lack of lock-in and full transparency are a given; most likely and obvious components are decentralised identity, ultra-modern approaches to data management, and software agents/ automation. Standards in all of these areas are beginning to emerge, and will solidify through this decade.