The MyData conference was held in Helsinki between 31st of August to 2nd of September. The conference focused on “advancing human-centric personal data”. MyData means that a user has a control on the data that is collected about her online activities. The conference tried to find methods to help the transformation from organizational data silos to MyData.
Here are the most important things we took home from the conference.
The overarching theme of my data was about returning the control of data back to the individual. Privacy and control are human rights issues and private data can be abused. We want to be able to trust our government, police, banks, medical suppliers, employers, day care providers, social media services, etc., but there are examples and cases where this trust has been abused.
The grand theme was complemented by 4 other major themes, describing why this topic is becoming more relevant than ever before.
People don’t trust the stated reasons and needs that organizations have for collecting data. Leaks by Snowden and those published in Wikileaks raised concerns and awareness in privacy, but people feel that there isn't much they can do - they either use a service and share their data with the organization or are left out. Some people take action to protect their privacy by limiting data they give to 3rd parties by using ad-blockers.
“Ad-blockers is the biggest boycott in the history of humankind and it is against corporations collecting data about them.” - Doc Searls (@dsearls)
At the moment, companies own the users’ data, but in the future, users want to control their own data, the data collected about them and what kind of actions are being stored and shared to 3rd parties. They'd also like more transparency. Being able download the collected data is a frequent wish. Changes in legistelation forces companies to be more transparent about data collection and provide tools for people to gain access to their data in EU.
Eitan Jankelewitz gave an excellent presentation on changes in the legislation environment. The new General Data Protection Regulation (GDPR) aims to introduce privacy 'by design and by default' by making data protection a part of the business processes and services.
GDPR presents a wide range of changes, including harmonization (children age boundary, enforcement), territorial scope, impact, design, processor liabilities, definition of personal data, data rights, consent, information transfers, enforcement and hacking notifications.
The implications of this change are significant, especially in the advertisement industry. It will have an impact on how identities, cookies and IPs are treated and, thus, how advertisement is targeted. In the future, data gathering and storage will require both legitimate interest and consent.
Practical solutions to meet the new requirements may include a content receipt, which is basically an email with information about the given consent and a link for withdrawing consent or controlling it. There were also ideas of distributed 3rd party services for managing consent on a case-by-case basis and facilitating situations, where external parties need to collaborate with the user data.
The fact that corporations need to be much more transparent about data usage and explain that the targeted advertisement is necessary to cover the costo of providing the user with the service is another issue. In other words, advertisement based companies may have to trust the goodwill of their customers.
Timo Seppälä's (Aalto University) fascinating presentation on platforms, their economic fundamentals and user privacy provided another interesting perspective into the role of platforms like Facebook or Android under the new legistlation.
The talk's central thesis was, that e.g. Facebook's central moneytization theme relates to usage of personal data. Another theme is that personal data is not very interesting in and of itself, but when the data is aggregated it becomes an extremely valuable resource a variety of various monetization schemes. Personal data is needed for the advertisement revenues, simply, because large platforms have a wide user base and diverse advertisement campaigns need to find their audience in order to be effective. Thus personal data is critical for any diverse, advertisement-based platform. Viral growth, which is extremely important for many businesses, is driven by the customers' own social networks and this effectively based on customers' personal data.
Personal data is not only an important monetization scheme, but it's integral to giving a platform a competitive edge. Once the personal data is within the platform (e.g. Apple or the Google ecosystem), there is usually no easy way to move the data from one platform to another. If the data is somehow important or critical for user, the challenges of migrating the data from one platform to another may become a major barrier for competition. According to Seppälä, platforms that are open to 3rd parties are the most profitable. At the same time, ecosystems created by third parties enforce the winner-takes-all logic of platform ecosystems - the platform with the most 3rd parties can provide the best service. This creates a setting where 3rd parties may access personal data and the consumer experiences a loss of control.
In the future, the platforms own the data in an even more concrete sense. In the US Apple store, you are no longer buying an application - you are renting it. There has been talk of renting a car for a lifetime, instead of selling it. Who then owns the data generated by 'your' car?
There's a conflict of interest between consumers and the platform owner. In the future, this may require legislation changes that will force companies to open up their ecosystem for competition. According to Joanne Lacey, consumer mistrust is already the single biggest barrier to platform growth. According to global surveys, U.S. and China have biggest issues wih trust. Only 1 in 16 users are happy to share data as such, while 41% are willing to share data only if it is a requirement to use the app. This creates an environment where growth requires winning the users' trust. Lacey says winning the trust works best by reducing FUD (fear, uncertainty, doubt).
Users' mistrust of organizations and GDPR could lead to a paradigm shift from organizational data to MyData. Organizations should not fear the shift, because MyData can be win-win for both people and for the companies. Transparency, control and communication could improve trust between the end-user and the company. It could help companies collect better quality data and with better data, gain a better understanding of their customer, which improves service quality.
At the moment, companies are not able/allowed to share data with other companies, so end users need to do it. The process is usually manual. For example, connecting banking account data with electronic bills set via email is manual work and often laborious. Personal Information Management Systems (PIMS) can help the user to bring pieces of information together and create value. Good PIMS examples are www.cozy.io and www.meeco.me.
Combining data from multiple health sensors could enable new kinds of applications. Healthcare companies are not creating these solutions fast enough, so individuals have taken matters into their own hands and are solving their own problems.
Devices used by diabetics are a great example. There are excellent commercial devices for tracking blood glucose levels and for injecting insulin, but they lack some important features. For example, the glucose monitors allow you to see the levels on the device itself, but you can't access the numbers on your mobile phone or smart watch. This feature is especially crucial for parents of a diabetic child. If they can't conveniently monitor the child's levels, they can't leave the child alone even for a short time. One of the presenters showed how they hacked the device so that they could see the levels on their watch in real-time.
Another great example is the #WeAreNotWaiting -movement, which has created an open source solution for "closing the loop" between blood glucose monitors and insulin devices (OpenAPS.org). This means that the devices are able to automatically inject insulin when the patient needs it without the patient having to worry about it. One of the presenters told a personal story about finally being able to sleep properly at night, as opposed to waking up in the middle of the night at least a couple of times a week.
Legal challenges do exist. Due to FDA regulations in the USA, for example, these open-source solutions can't be sold or given to users. This problem is circumvented by distributing instructions for how to build the necessary devices, so users can build it themselves. With OpenAPS, the users are also required to go through the source code, so they understand exactly what is being done. This understanding is vital, as their life may depend on the device functioning correctly.
Another exemplary field of application are knowledge workers. Digital Me (DiME) is a research project that aims to help knowledge worker to increase their efficiency. The idea is to track all the worker's actions and use the information to help the knowledge worker. Some of the applications mentioned in the talk were:
"We are going to get robots do what robots do best” - Doc Searls (@dsearls)
People are justifiably afraid of losing their jobs to robots. The media frequently publishes news about which jobs will be lost and replaced by robots. We should take advantage of robots and AI - not fear them. AI and robots can't replace humans, but they can help and improve productivity, and let us focus on the things that we are best at.
The amount of data being collected and stored is increasing rapidly. We lack the resources to process all the collected data manually and need to automate the processing of collected data. AIs excel at processing huge data sets. Let's use them.
Teemu Kinnunen, Antti Rauhala, Kimmo Kärkkäinen and Antti Ajanki.