white paper: the data mobility opportunity approach to data mobility-full - v1.9.pdfwhite paper: the...

WHITE PAPER: THE DATA MOBILITY OPPORTUNITY

White paper: The data mobility opportunity

2 // 20


3 // 20

Ethical personal data flowing freely, with full user consent, will form the bedrock of a better world for individuals and organisations.

Mind the gap

As a ready-to-scale data sharing platform, which removes complexity for the user, digi.me

has already spent a great deal of time and development on considering, and in some cases

finding answers, for each of these. Below we explain how we are tackling them.

Data mobility will transform the Personal Data Economy (PDE), creating the next major digital

accelerator of economic growth.

Better data privacy is an essential precursor to data mobility. But it is now time to tur-

bo-charge the ability to share data safely and easily.

This was the spur for personal data business innovation consultancy Ctrl-Shift setting up the

Data Mobility Infrastructure Sandbox.

This collaboration, which includes Barclays, the BBC, BT, Centrica and Facebook, with

digi.me as the data facilitator, is designed to enable the safe and easy sharing of personal

data by individuals and organisations. This becomes the key to unlocking innovation and new

opportunities.

The first phase of the Sandbox work has identified eight critical gaps that require co-ordinated

intervention to fully unlock a safe, competitive and vibrant personal data market.


4 // 20

1. Liability Model

Gap identified

Lack of a clear definition of liability causes businesses to pass on risk to users who have a

limited understanding of the risks they are taking on board. Without clear definition of liability,

the scope for creating mitigations is also limited.


5 // 20

For the consumer, the critical question is what

happens if something goes wrong. Our solution

is to protect the data to a higher level than

where it originated. While understanding liability

remains complex, as a data facilitator we have

created high-level security and best-in-market

encryption as part of our bespoke core tech-

nology to keep user data secure and protected.

As part of the emerging PDE ecosystem, we

are working together to build best practices in

customer care and marketing to aid user un-

derstanding of data ownership, combined with

clear user experience consent and user controls

within our platform. We welcome the devel-

opment of a clear liability framework for data

mobility which will clarify issues such as the

level-of-harm and likelihood-of-harm, as well as

defining responsible parties.

Digi.me approach


6 // 20

2. 3rd Party Validation

Gap identified

Current approach to validating the 3rd parties that individuals share their data with is manual,

not scalable and not consistent across validating parties, typically data exporters and data

facilitators. Standards vary and those being validated have to respond to multiple different ap-

proaches. A more scalable model for validation is required, with the degree of validation appro-

priate to the sensitivity of the data being shared.


7 // 20

A 3rd party validation model is essential to

progress. There are multiple work streams

worldwide engaged on this, and we are actively

involved in several initiatives that are working

hard to bring consistency to the thinking in this

technically complex area.

There is significant market recognition of this

challenge within both importers (receivers) and

exporters (handlers) of data. The solutions

emerging range from evidence-based such as

rating systems, to right-to-erasure execution

performance, and machine learning artificial

intelligence using semantic analysis, as the

industry works to find which is most effective.

Fundamentally, digi.me believes that every

business should have an access path to

consented personal data.

Digi.me approach


8 // 20

3. Integrated Experience

Gap identified

Having to download multiple services, as is the case with today’s Personal Data Mobility

services, creates a fragmented experience. Downloading and using Personal Data Mobility

services needs to be easy so the cost – in time taken and cognitive or physical effort – is low to

ensure the uptake of Personal Data Mobility reaches its full potential.


9 // 20

Better harmony across exporters and importers

is needed here to transform today’s patchwork

user experience into a seamless service. The

market needs a Standard Usability and Technol-

ogy design pattern, supported by better inte-

grated API frameworks.

Key to success is balancing the fluidity needs

of the user with the minimum essential security

friction. When the exporter/importer journey is

integrated with a data facilitator such as digi.

me, it positively influences perceived friction.

As digi.me, we position this integration under

the UI/UX that a brand would present to the

individual in their app. It uses a standard pre-au-

thorisation screen – which lets the individual

easily appreciate how truly in control of their

data they are – laying out what they will get and

what they should expect when logging in.

Digi.me approach


10 // 20

4. Revocation

Gap identified

There is a lack of consistency in data exporters’ user interfaces for revoking data sharing and a

lack of standardisation in API coding of revocation, meaning that confidence in Personal Data

Mobility services may be reduced, if users cannot be sure data sharing has ceased.


11 // 20

As a data facilitator already servicing Social,

Media, Finance, Fitness and Health personal

data, we have already designed and implement-

ed controls and governance for revocation. We

also see considerable variability in how far it

can be enforced automatically. In the interim, as

standardisation grows, our focus is on bridging

the gap between technical solutions and

business communication paths such as email

and instant message services. We have added

support to deep link directly to the importer’s

consent receipt within the digi.me app, so the

individual can quickly, from the importer app,

control the share.

Service and sources revocation is a critical

feature for the overall PDE ecosystem. We will

continue to drive and implement source revoca-

tions supported by API calls and right to erasure

in our certificates.

Digi.me approach


12 // 20

5. Privacy Communication

Gap identified

Current approaches to communicating privacy policies by those sharing and receiving data do

not aid user understanding. Should sensitivity to privacy continue to increase, there is a risk

that uptake of Personal Data Mobility services will be reduced if users aren’t sure of their privacy

rights.


13 // 20

As with the market, our research confirms that there is an educational gap between what users

claim they do and understand about privacy, safety and security and what their actions tell us.

Privacy communication settings and standards are still evolving along the product development

lifecycle. As this matures, so will understanding.

There is a move towards privacy being a brand issue, and that translating into protection of the

users which is good for the market, but the subtlety of how these big branding claims become

technically enforceable still needs to be addressed.

We foresee a language and definition of privacy

convergence over time. This will lead to recog-

nisable offers of privacy that users can accept.

Perhaps more importantly it will allow stan-

dardisation of electronic processes that can be

assured to enact the agreed terms.

We are working with international bodies, legis-

lators, regulators and standards bodies to help

enable a shared set of protocols and standards

to emerge.

Partly this will come down to familiarity and

multiple use. If a user already has digi.me, it

is easy to reuse; the same if they already have

Facebook authenticated. This is a market ini-

tiation issue more than anything else – the

use cases have to be higher value initially to

overcome inertia in sufficient numbers.

Digi.me approach


14 // 20

6. Authentication

Gap identified

Password-based logins neither deliver a smooth authentication experience nor guarantee the

individual is who they say they are and the data they are sharing is theirs. The Personal Data

Mobility market’s growth will be limited without more trustworthy and more user-friendly forms

of individual verification, authentication and access control than password-based approaches

provide.


15 // 20

This is a much bigger digital market issue than

data mobility and is equally applicable to every

digital service. This is also related to other gaps,

especially gap 3 (integrated user experience)

and gap 5 (privacy communication). A reason-

able user experience solution must be defined

without compromising on individuals’ security

and safety. The market is achieving this through

the ongoing review of how the presentation of

pre-authorisation and pre-consent is achieved,

and the messaging around it. To comply with

GDPR, data facilitators must support import and

export authentication processes in whatever

form they evolve in the market. It is why the

liability gap previously identified is important.

From a user perspective, success will be judged

on simplicity, common workflows and especially

the use of the appropriate amount of authenti-

cation friction for the value of each process.

Digi.me approach


16 // 20

7. Know How

Gap identified

Individuals’ understanding of the risks and opportunities of data sharing is limited and needs to

improve if people are to safely and valuably participate in Personal Data Mobility.


17 // 20

We must all work together as a data economy

industry to show what best practice looks like

and evangelise a common view of the safe ways

to accept the data sharing opportunity. It will

involve showing clear signage akin to that of a

road network which clearly shows the right path,

alongside occasional warnings when something

important needs checking.

We must deliver proof of concepts and scalable

applications across all industries where personal

data value opportunities arise, with clear and

tangible use cases such as, for example, ad-

dressing mental health, household budgeting

and diet, that local authorities and individuals

can refer to.

Digi.me approach


18 // 20

8. Additional Sector Data

Gap identified

Realising the full value of Personal Data Mobility needs broad cross-sector participation. In

particular, technology companies, health providers, supermarkets, retailers, travel providers

and government services need to share data as well as banks, media companies, social media

businesses, energy providers and telecoms businesses.


19 // 20

Realising the potential of the PDE depends on data mobility and sharing. It will, in turn, be about a

shared success, between all participants connected across the industry. As importers, exporters

or facilitators, everyone will benefit most by maximising ways to safely and ethically stimulate or

leverage data flow. Digi.me can aid this aim by adding:

PostBox Services

Digi.me’s PostBox services can be utilised

to receive and share data from unsupport-

ed services, helping prove the source and

becoming a valuable mobility use case first

manually and then via PostBox APIs.

Improved Interfaces

Our upcoming new layouts will lend themselves to promoting data exporters and importers on a

per subject/category/market basis. This could be extended to gather interest levels for as-yet-un-

available data sources, and to educate individuals on how to lobby additional potential new sources

for access.

Digi.me approach

Do amazing things with your data with full privacy, security and consent

United Kingdom

Digi.me LtdThe Old Coach House, Grange Court, Grange Road, Tongham, Farnham, Surrey, GU10 1DW UK

United States

Digi.me Inc1200 G Street NW #800, Washington, DC 20005. USA

Fabrizio de Liberali Pascal WheelerDigi.me - Chief Product Officer

e-mail: [email protected]

Digi.me - Chief Experience Officer

Pioneering data mobilityUsing data in the right way is an important start towards creating data mobility in the

right way – with individuals at the heart of their data, able to benefit from it and in

control of who sees it.

Digi.me never sees, touches or holds user data. We are proud to be pioneering a new

generation of tech companies working to build an effective PDE, with consented use of

personal data at its heart, fueling data-driven innovation and a more personalised future

that will ultimately benefit us all.

To discuss the concepts in this paper and how we can help your business make data

mobility a reality, please contact:

white paper: the data mobility opportunity approach to data mobility-full - v1.9.pdfwhite paper: the...

Documents