Your SlideShare is downloading. ×
WEF - Personal Data New Asset Report2011
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

WEF - Personal Data New Asset Report2011


Published on

Published in: Technology, Business

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Personal Data:The Emergence of a New Asset Class
  • 2. An Initiative of the World Economic ForumJanuary 2011In Collaboration with Bain & Company, Inc.The views expressed in this publication do not necessarily reflect those of theWorld Economic Forum or the contributing companies or organisations.Copyright 2011 by the World Economic Forum.All rights reserved.No part of this publication may be reproduced, stored in a retrieval system, or transmittedin any form or by any means, electronic, mechanical, photocopying or otherwise withoutthe prior permission of the World Economic Forum.Title picture by frog design inc.
  • 3. AcknowledgementsThis document was prepared by the World Economic Forum, in partnership with the individuals andorganisations listed below.World Economic ForumProfessor Klaus Schwab Executive ChairmanAlan Marcus Senior Director, IT & Telecommunications IndustriesJustin Rico Oyola Associate Director and Project Lead, Telecommunications IndustryWilliam Hoffman Head, Telecommunications IndustryBain & company, inc.Michele Luzi DirectorThe following experts contributed substantial research and interviews throughout the “Rethinking PersonalData” project. We extend our sincere gratitude to all of them.Julius Akinyemi MITAlberto Calero France TelecomRon Carpinella EquifaxChris Conley ACLUDouglas Dabérius Nokia Siemens NetworksTimothy Edgar Office of the Director of National Intelligence, USAJamie Ferguson Kaiser PermanenteMichael Fertik ReputationDefenderTal Givoly AmdocsKaliya Hamlin Personal Data EcosystemWilliam Heath MydexTrevor Hughes International Association of Privacy ProfessionalsBetsy Masiello GoogleMita Mitra BT GroupDrummond Reed Information Card FoundationNasrin Rezai CiscoNatsuhiko Sakimura OpenID FoundationKevin Stanton MasterCard AdvisorsPamela Warren McAfeeVon Wright AT&TprojEct StEEring BoardThis work would also not have been possible without the commitment of:John Clippinger Berkman Center for Internet and Society, Harvard UniversityScott David K&L GatesMarc Davis MicrosoftRobert Fabricant frog designPhilip Laidler STL PartnersAlexander (Sandy) Pentland MITFabio Sergio frog designSimon Torrance STL Partners
  • 4. Table of ContentIntroductIon 5ExEcutIvESummary 7SEctIon1:PErSonaldataEcoSyStEm:ovErvIEw 13SEctIon2:StakEholdErtruStandtruStFramEworkS 27SEctIon3:concluSIonS 32GloSSaryoFtErmS 37
  • 5. IntroductionWe are moving towards a “Web of the world” in which mobile communications, socialtechnologies and sensors are connecting people, the Internet and the physical world intoone interconnected network.1 Data records are collected on who we are, who we know,where we are, where we have been and where we plan to go. Mining and analysing thisdata give us the ability to understand and even predict where humans focus their atten-tion and activity at the individual, group and global level.This personal data – digital data created by and about “Personal data is the newpeople – is generating a new wave of opportunity for oil of the Internet and theeconomic and societal value creation. The types, quan- new currency of the digitaltity and value of personal data being collected are vast: world. ”our profiles and demographic data from bank accounts to Meglena Kuneva, Europeanmedical records to employment data. Our Web searches Consumer Commissioner,and sites visited, including our likes and dislikes and pur- March 2009chase histories. Our tweets, texts, emails, phone calls,photos and videos as well as the coordinates of our real-world locations. The list con-tinues to grow. Firms collect and use this data to support individualised service-deliverybusiness models that can be monetised. Governments employ personal data to providecritical public services more efficiently and effectively. Researchers accelerate the devel-opment of new drugs and treatment protocols. End users benefit from free, personalisedconsumer experiences such as Internet search, social networking or buying recommen-dations.And that is just the beginning. Increasing the control that individuals have over the man-ner in which their personal data is collected, managed and shared will spur a host of newservices and applications. As some put it, personal data will be the new “oil” – a valuableresource of the 21st century. It will emerge as a new asset class touching all aspects ofsociety.At its core, personal data represents a post-industrial opportunity. It has unprecedentedcomplexity, velocity and global reach. Utilising a ubiquitous communications infrastruc-ture, the personal data opportunity will emerge in a world where nearly everyone andeverything are connected in real time. That will require a highly reliable, secure and avail-able infrastructure at its core and robust innovation at the edge. Stakeholders will needto embrace the uncertainty, ambiguity and risk of an emerging ecosystem. In many ways,this opportunity will resemble a living entity and will require new ways of adapting andresponding. Most importantly, it will demand a new way of thinking about individuals.1 Many of these concepts and background information have been introduced in: Davis, Marc, Ron Martinezand Chris Kalaboukis. “Rethinking Personal Information – Workshop Pre-read.” Invention Arts and WorldEconomic Forum, June 2010. 5
  • 6. Indeed, rethinking the central importance of the individual is fundamental to the transfor-mational nature of this opportunity because that will spur solutions and insights.As personal data increasingly becomes a critical source of innovation and value, busi-ness boundaries are being redrawn. Profit pools, too, are shifting towards companies thatautomate and mine the vast amounts of data we continue to generate.2 Far from certain,however, is how much value will ultimately be created, and who will gain from it. The un-derlying regulatory, business and technological issues are highly complex, interdepend-ent and ever changing.But further advances are at risk. The rapid rate of technological change and commerciali-sation in using personal data is undermining end user confidence and trust. Tensions arerising. Concerns about the misuse of personal data continue to grow. Also mounting is ageneral public unease about what “they” know about us.3 Fundamental questions aboutprivacy, property, global governance, human rights – essentially around who should ben-efit from the products and services built upon personal data – are major uncertaintiesshaping the opportunity. Yet, we can’t just hit the “pause button” and let these issues sortthemselves out. Building the legal, cultural, technological and economic infrastructure toenable the development of a balanced personal data ecosystem is vitally important toimproving the state of the world.It is in this context that the World Economic Forum launched a project entitled “RethinkingPersonal Data” in 2010. The intent of this multiyear project is to bring together a diverseset of stakeholders – private companies, public sector representatives, end user privacyand rights groups, academics and topic experts. The aim is to deepen the collective un-derstanding of how a principled, collaborative and balanced personal data ecosystemcan evolve. In particular, this initiative aims to:• Establish a user-centric framework for identifying the opportunities, risks and collabo- rative responses in the use of personal data;• Foster a rich and collaborative exchange of knowledge in the development of cases and pilot studies;• Develop a guiding set of global principles to help in the evolution of a balanced per- sonal data ecosystem.2 Bain & Company Industry Brief. “Using Data as a Hidden Asset.” August 16, 2010.3 Angwin, Julia. “The Web’s New Gold Mine: Your Secrets.” Wall Street Journal. July 30, 2010.
  • 7. Executive SummarypErSonal data: untappEd From a private sector perspective, someopportunitiES For SocioEconomic of the largest Internet companies such asgroWth Google, Facebook and Twitter clearly show the importance of collecting, aggregating, analysing and monetising personal data.The rate of increase in the amount of data These rapidly growing enterprises are builtgenerated by today’s digital society is as- on the economics of personal data.tounding. According to one estimate, by2020 the global volume of digital data will Governments and public sector institutionsincrease more than 40-fold.4 Beyond its are also transforming themselves to usesheer volume, data is becoming a new data as a public utility. Many governmentstype of raw material that’s on par with capi- have successfully launched e-governancetal and labour.5 As this data revolution era initiatives to improve the efficiency and ef-begins, the impact on all aspects of society fectiveness of communication among vari-– business, science, government and en- ous public organisations – and with citizens.tertainment – will be profound. But some of the most profound insights are coming from understanding how individuals Personal data – a definition themselves are creating, sharing and using For this report personal data is defined personal data. On an average day, users as data (and metadata) created by and globally send around 47 billion (non-spam) about people, encompassing: emails6 and submit 95 million “tweets” on • Volunteered data – created and explic- Twitter. Each month, users share about 30 itly shared by individuals, e.g., social billion pieces of content on Facebook.7 The network profiles. impact of this “empowered individual” is just beginning to be felt. • Observed data – captured by record- ing the actions of individuals, e.g., However, the potential of personal data location data when using cell phones. goes well beyond these promising begin- • Inferred data – data about individuals nings to vast untapped wealth creation based on analysis of volunteered opportunities. But unlocking this value or observed information, e.g., credit depends on several contingencies. The scores. underlying regulatory, business and tech- Source: World Economic Forum, June 2010. nological issues are highly complex, inter- dependent and ever changing.4 IDC. “The Digital Universe Decade – Are You Ready?” May 2010.5 The Economist. “Data, Data Everywhere.” February 25, 2010.6 The Radicati Group. “Email Statistics Report, 2009–2013.” May 2009.7 “Twitter + Ping = Discovering More Music.” Twitter Blog. November 11, 2010; “Statistics.” Facebook PressRoom. January 11, 2011. 7
  • 8. thE pErSonal data EcoSyStEm – regulators have the mandate to protect theWhErE WE Stand today data security and privacy rights of citizens. Therefore, they seek to protect consumersThe current personal data ecosystem is from the potential misuse of their identity.fragmented and inefficient. For many par- On the other hand, regulators balance thisticipants, the risks and liabilities exceed the mandate with the need to foster economiceconomic returns. Personal privacy con- growth and promote public well-being. Pol-cerns are inadequately addressed. Regula- icy makers around the world are engagedtors, advocates and corporations all grapple in discussions to enhance legal and regu-with complex and outdated regulations. latory frameworks that will increase disclo- sure rules, maximise end user control overCurrent technologies and laws fall short of personal data and penalise non-appropriateproviding the legal and technical infrastruc- usage. Finally, government agencies are us-ture needed to support a well-functioning ing personal data to deliver an array of serv-digital economy. Instead, they represent a ices for health, education, welfare and lawpatchwork of solutions for collecting and us- enforcement. The public sector is thereforeing personal data in support of different in- not just an active player in the personal datastitutional aims, and subject to different juris- universe, but also a stimulator and shaperdictional rules and regulatory contexts (e.g., of the ecosystem – and potentially, the crea-personal data systems related to banking tor of tremendous value for individuals, busi-have different purposes and applicable laws nesses and economies.than those developed for the telecom andhealthcare sectors). individuals Behaviours and attitudes towards personalConsider some of the needs and interests of data are highly fragmented. Demographi-stakeholders: cally, individuals differ in their need for trans- parency, control and the ability to extract val-Private sector ue from the various types of personal dataPrivate enterprises use personal data tocreate new efficiencies, stimulate demand,build relationships and generate revenue Common needs for all usersand profit from their services. But in this • Reliabilitydrive to develop the “attention economy” en- , • Predictabilityterprises run the risk of violating customertrust. Overstepping the boundary of what • Interoperabilityusers consider fair use can unleash a huge • Securitybacklash with significant brand implications. • Ease of use • Cost-effectivenessPublic sectorGovernments and regulators play a vital • Risk and liability reductionrole in influencing the size and shape of • Transparencythe personal data ecosystem as well as • Simplicitythe value created by it. On the one hand,8
  • 9. (see Figure 1). According to the research Individuals are also becoming more awarefirm International Data Corporation (IDC), of the consequences of not having controlindividuals’ direct or indirect actions gener- over their digital identity and personal data.ated about 70 per cent of the digital data In 2010 the number of reported incidents ofcreated in 2010. Activities such as sending identity theft skyrocketed by 12 per cent.9an email, taking a digital picture, turning ona mobile phone or posting content online a way forward: the Personal datamade up this huge volume of data. Younger ecosystemindividuals are more comfortable sharing One viable response to this fragmenta-their data with third parties and social net- tion is to align key stakeholders (people,works – though it remains to be seen wheth- private firms and the public sector) in sup-er their behaviours will remain the same or port of one another. Indeed, “win-win-win”become more risk averse as they age. Older outcomes will come from creating mutuallyconsumers appear to be more sceptical, supportive incentives, reducing collectiveand demand demonstrably higher security inefficiencies and innovating in such a waylevels from service providers.8 that collective risks are reduced.FigurE 1: individual End uSErS arE at thE cEntEr oF divErSE typES oF pErSonaldata Searches Social graph Calendars The individual Interests Location PurchasesSource: Davis, Marc, Ron Martinez and Chris Kalaboukis. “Rethinking Personal Information – WorkshopPre-read.” Invention Arts and World Economic Forum, June 2010.8 Nokia Siemens Networks. “Digital Safety, Putting Trust into the Customer Experience.” Unite Magazine.Issue 7. Javelin Strategy & Research. “The 2010 Identity Fraud Survey Report.” February 10, 2010. 9
  • 10. This vision includes a future where: End uSEr-cEntricity: a critical dEtErminant in Building thE• Individuals can have greater control pErSonal data EcoSyStEm over their personal data, digital identity and online privacy, and they would be A key element for aligning stakeholder inter- better compensated for providing others ests and realising the vision of the personal with access to their personal data; data ecosystem is the concept of end user- centricity. This is a holistic approach that• Disparate silos of personal data held recognises that end users are vital and inde- in corporations and government agen- pendent stakeholders in the co-creation and cies will more easily be exchanged to value exchange of services and experienc- increase utility and trust among people, es. A construct designed for the information private firms and the public sector; economy, it breaks from the industrial-age model of the “consumer” – where relation-• Government’s need to maintain stabil- ships are captured, developed and owned. ity, security and individual rights will be met in a more flexible, holistic and Instead, end user-centricity represents a adaptive manner. transformational opportunity. It seeks to integrate diverse types of personal data inIn practical terms, a person’s data would a way that was never possible before. Thisbe equivalent to their “money.” It would can only be done by putting the end user atreside in an account where it would be the centre of four key principles:controlled, managed, exchanged andaccounted for just like personal banking • Transparency: Individuals expect to knowservices operate today. These services what data is being captured about them,would be interoperable so that the data the manner in which such data is cap-could be exchanged with other institutions tured or inferred, the uses it will be put toand individuals globally. As an essential and the parties that have access to it;requirement, the services would operateover a technical and legal infrastructure • Trust: Individuals’ confidence that thethat is highly trusted. Maintaining confi- attributes of availability, reliability, integ-dence in the integrity, confidentiality, trans- rity and security are embraced in theparency and security of the entire system applications, systems and providers thatwould require high levels of monitoring. have access to their personal data; • Control: The ability of individuals to effectively manage the extent to which their personal data is shared; • Value: Individuals’ understanding of the value created by the use of their data and the way in which they are compensated for it.10
  • 11. complEx BuSinESS, policy and – are numerous and complex. The choicestEchnological iSSuES pErSiSt and stakeholders make today will influence therEquirE coordinatEd lEadErShip From personal data ecosystem for years to come. Five key imperatives require action:FirmS and thE puBlic SEctorA user-centric ecosystem faces challeng- 1. Innovate around user-centricity and almost as big as its promise, however. The personal data ecosystem will be builtFirms, policy makers and governments on the trust and control individuals have inmust resolve a series of critical questions. sharing their data. From a technological, policy and sociological sense all stake-For private firms, what are the concrete holders need to embrace this construct.economic incentives to “empower” indi- One particular area of focus is the contin-viduals with greater choice and control ued testing and promoting of “trust frame-over how their data are used? What are works” that explore innovative approachesthe incentives for greater collaboration for identity assurance at Internet scale.within and across industry sectors? Howcan the returns from using personal data 2. Define global principles for using andbegin to outweigh the risks from a techni- sharing personal data. Given the lack ofcal, legal and brand-trust perspective? globally accepted policies governing the use and exchange of personal data, anPolicy makers are unique in their man- international community of stakehold-date to collect, manage and store per- ers should articulate and advance coresonal data for purposes such as national principles of a user-centric personal datadefence, security and public safety. They ecosystem. These pilots should invite real-face the issue of finding the right balance world input from a diverse group of indi-between competing priorities: How can viduals who can not only articulate the val-they ensure the stability and security of ues, needs and desires of end users, butgovernment even as they create incen- also the complex and contextual nuancestives for economic investment and inno- involved in revealing one’s digital identity.vation? How should they define end us-ers’ rights and permissions concerning 3. Strengthen the dialog between regula-personal data? How can they more effec- tors and the private sector. Building ontively clarify the liabilities? How can they a collective sense of fundamental princi-scale globally the concepts of account- ples for creating a balanced ecosystem,ability and due process? public and private stakeholders should actively collaborate as the ecosystem begins to take shape. Those responsi-FivE arEaS oF collEctivE action ble for building and deploying the tools (the technologists) should more closelyThe issues surrounding personal data – po- align with those making the rules (regu-litical, technological and commercial alike lators).10 Establishing the processes to10 David, Scott. K&L Gates and Open Identity Exchange ABA Document. October 20, 2010. 11
  • 12. enable stakeholders to formulate, adopt ies, advocacy groups, think tanks and and update a standardised set of rules various consortia on the user-centric will serve to create a basic legal infra- approaches required to scale the value structure. Additionally, collaborating with of personal data. policy makers as they update legislation to address key questions related to iden- 5. Continually share knowledge. It’s a tity and personal data will be essential.11 huge challenge for entities to keep up with new research, policies and com-4. Focus on interoperability and open mercial developments. To stay current, standards. With the appropriate user stakeholders should share insights and controls and legal infrastructure in learnings on their relevant activities, place, innovations in how personal data from both successes as well as fail- moves throughout the value chain will ures. After all, the ecosystem’s promise be a key driver for societal and econom- is about the tremendous value created ic value creation. Enabling a secure, when individuals share information trusted, reliable and open infrastructure about who they are and what they know. (both legal and technical) will be vital. Clearly, this principle should also apply Participants should identify best prac- to practitioners within the development tises and engage with standards bod- community.11 In the US, recent developments emerging from the NSTIC, the Federal Trade Commission and the De-partment of Commerce warrant attention. In the EU, companies should work with the European Commis-sion’s efforts to revise the EU privacy directive and to synchronise legislation across its member states.12
  • 13. Section 1:Personal Data Ecosystem: OverviewpErSonal data iS an Evolving and many wirelessly (see Figure 2).12 GlobalmultiFacEtEd opportunity traffic on mobile networks is expected to double each year through 2014.13In the era of “anywhere, anytime” con- The variety and volume of digital recordsnectivity, more people connect to the that can be created, processed and ana-Internet now in more ways than ever be- lysed will continue to increase dramati-fore. One recent estimate projects that in cally. By 2020, IDC estimates that the glo-the next 10 years, more than 50 billion bal amount of digital records will increasedevices may connect to the Internet, more than 40-fold (see Figure 3).14FigurE 2: By 2020, morE than 50 As these devices and software continueBillion dEvicES Will BE connEctEd to to come online, they will generate anthE intErnEt increasing amount of personal data. The term personal data has several mean- ings, but we broadly define it as dataGlobal devices connected to the Internet relating to an identified or identifiable per- 50B son or persons.1550B Think of personal data as the digital 40 record of “everything a person makes and does online and in the world.”16 The wide 30 variety of forms that such data assumes for storage and communication evolves 20 constantly, but an initial list of categories 15B includes: 10 5B • Digital identity (for example, names, 0 email addresses, phone numbers, 2009 2015 2020 physical addresses, demographic in- formation, social network profile infor-Sources: Ericsson, Intel mation and the like);12 Ericsson [press release]. “CEO to Shareholders: 50 Billion Connections 2020.” April 13, 2010.13 Cisco. “Cisco Visual Networking Index: Global Mobile Data; Traffic Forecast Update, 2009 – 2014.” Febru-ary 9, 2010.14 IDC. “The Digital Universe Decade – Are You Ready?” May 2010.15 Definition based on Directive 95/46/EC of the European Parliament and the Council of 24, October 1995.16 Davis, Marc, Ron Martinez and Chris Kalaboukis. “Rethinking Personal Information – Workshop Pre-read.”Invention Arts and World Economic Forum, June 2010. 13
  • 14. FigurE 3: By 2020, digital rEcordS • Health data (medical history, medicalWill BE 44 timES largEr than in 2009 device logs, prescriptions and health insurance coverage);Global digital data (in exabytes) • Institutional data (governmental, aca-40,000 demic and employer data). Further, organisations can capture these30,000 different personal data in a variety of ways:1720,000 • Data can be “volunteered” by individuals when they explicitly share information 10,000 about themselves through electronic me- dia, for example, when someone creates a social network profile or enters credit 0 card information for online purchases; 2010 2012 2014 2016 2018 2020 • “Observed” data is captured by record-Source: IDC ing activities of users (in contrast to data they volunteer). Examples include Inter-• Relationships to other people and or- net browsing preferences, location data ganisations (online profiles and contact when using cell phones or telephone lists); usage behaviour;• Real-world and online context, activity, • Organisations can also discern “inferred” interests and behaviour (records of lo- data from individuals, based on the cation, time, clicks, searches, browser analysis of personal data. For instance, histories and calendar data); credit scores can be calculated based on a number of factors relevant to an in-• Communications data and logs (emails, dividual’s financial history. SMS, phone calls, IM and social network posts); Each type of personal data (see Figure 4), volunteered, observed or inferred, can be• Media produced, consumed and shared created by multiple sources (devices, soft- (in-text, audio, photo, video and other ware applications), stored and aggregated forms of media); by various providers (Web retailers, Internet search engines or utility companies) and• Financial data (transactions, accounts, analysed for a variety of purposes for many credit scores, physical assets and vir- different users (end users, businesses, public tual goods); organisations).17 Ibid.14
  • 15. FigurE 4: thE pErSonal data EcoSyStEm: a complEx WEB From data crEation todata conSumption Regulatory environment Communication standards Personal data creation Storage, Analysis, Personal data aggregation productisation Consumption Devices Software Volunteered Mobile phones/ Web retailers Market research smart phones Apps, OS for PCs data exchanges End users Declared interests Internet tracking Desktop PCs, Preferences companies laptops Ad exchanges Apps, OS for mobile phones Internet search Government ... Communication engines agencies and networks Medical records public organisations Observed Electronic medical exchanges Apps for medical records providers Electronic notepads, Browser history devices readers Business intelligence Small Identity providers Location Apps for consumer systems enterprises Smart appliances devices/ Mobile operators, ... appliances Internet service Businesses providers Credit bureaus Sensors Medium Inferred Network Financial institutions enterprises management Public Credit score software administration Smart grids Utility companies Future consumption Large ... ... enterprises ... ... ...Source: Bain & CompanyThese stakeholders range from the individual of data will require addressing current uncer-end users, who are the sources and subjects tainties and points of tension:of personal data, to the various entities withwhich they interact. The latter encompass • Privacy: Individual needs for privacy vary.businesses and corporations in different in- Policy makers face a complex challengedustries to public sector entities like govern- while developing legislation and regula-ment bodies, NGOs and academia. Personal tions;data flows through this ecosystem, within theboundaries of regulation, to result ultimately • Global governance: There is a lack of glo-in exchanges of monetary and other value. bal legal interoperability, with each coun- try evolving its own legal and regulatory frameworks;pointS oF tEnSion and uncErtainty • Personal data ownership: The concept ofWhile tremendous value resides in the data property rights is not easily extended togenerated by different sources, it often re- data, creating challenges in establishingmains untapped. Unlocking the full potential usage rights; 15
  • 16. • Transparency: Too much transparency too concerns, the ambiguity and uncertainty soon presents as much a risk to destabil- on multiple dimensions heighten the risks ising the personal data ecosystem as too that could stall investment and innovation. little transparency; Global Governance • Value distribution: Even before value can Not only are policies and legislation in flux be shared more equitably, much more within national borders, there is wide varia- clarity will be required on what truly consti- tion across different countries and regions. tutes value for each stakeholder. Indeed, there is no global consensus on two major questions: Which issues relat- Privacy ed to personal data should be covered by Privacy continues to be a highly publicised, legal and regulatory frameworks? And how complex and sensitive issue with multi- should those issues be addressed? While ple perspectives. some cross-national agreements exist, for“We need to arrive at an The complexity example, the Safe Harbor agreement be-acceptable reasonable surrounding how tween the US and the EU,20 the developmentexpectation of privacy … privacy is con- of a globally acceptable view of the per-a procedural due proc- ceived and defined sonal data ecosystem may be years away.ess that has the flexibility creates challenges This fragmentation stands in the way of fullyto address any question for policy makers realising the global impact of the personalof privacy and institution- as they seek to data opportunity.alise learnings into the address a myriadecosystem to prevent that of issues related Personal data ownershiPgrievance from happening to context, culture “Who owns the data” and “What rights doesagain. ” and personal pref- ownership imply” are two of the most com- erence.18 Adding to plex issues related to personal data. At first Interviewee, “Rethinking Personal Data” the complexity is blush, these questions seem simple. Most project the pace of techno- people would intuitively assert that they own logical change and data about themselves and that therefore, a general lack of guidance on how to ac- they should control who can access, use, commodate and support various perspec- aggregate, edit and share it. However, even tives on “privacy” robustly, flexibly and at a cursory look at the issue quickly reveals global scale (for multiple jurisdictions, cul- that the answers are much less clear. Indi- tures and commercial and social settings).19 viduals do not “own” their criminal records or Given that many governments are drafting credit history. Medical providers are required laws and regulations to address privacy to keep certain records about patients, even 18 “Fair Information Practice Principles (FIPP) Comparison Tool, Draft.” Discussion and Development Materi- als of the OIX Advisory Board and the OIX Legal Policy Group. October 7, 2010. 19 Ibid. 20 In 2000, the US and the European Commission agreed upon a framework that would act as a bridge for sharing data between the US and EU, while preserving the basic policy principles of both. See, for example, Thompson, Mozelle W., Peder van Wagonen Magee. “US/EU Safe Harbor Agreement: What It Is and What It Says About the Future of Cross Border Data Protection.” Privacy Regulation. Federal Trade Commission, Spring 2003. 16
  • 17. as those patients are allowed to access and concerns end users have; for many organi-share that information with others. Do com- sations, it often poses a risk to their businesspanies such as Google and Amazon, which model. When customers suddenly find outaggregate search and purchase histories how their trusted brand of product or serv-across millions of users, own the proprietary ice was gathering and using their personalalgorithms they’ve built upon those click data, they tend to react with outrage, ratherstreams? than reward the business for its transpar- ency. Similarly, citizens fear Big Brother con-Given the fluid nature of data and the early trol and manipulation in the way governmentstages of the personal data ecosystem, many uses their personal information. As longassert that focusing on the issues of rights as the risk of transparency outweighs themanagement, accountability, due process rewards, the personal data ecosystem will re-and the formation of “interoperable” legal main vulnerable to periodic seismic shocks.frameworks is more productive. It is unlikelythat there is a one-size-fits-all approach. A value distributionmore likely scenario is that different classes The notion that individuals are producers,of information (financial, health, government creators and owners of their digital activi-records, social, etc.) will get varying degrees ties raises the question: How can value beof protection – as already is the case in the equitably exchanged? The answer depends“pre-digital” world. All such solutions will on variables like the structure of personalneed to balance individuals’ rights to priva- data markets; the amount of public educa-cy with practical concerns about legitimateneeds for critical participants (for example,law enforcement and medical personnel) toaccess key information when necessary. In Personal data and developingaddition, practical solutions for issues re- economieslated to data portability, interoperability and As with many innovations related toeasy-to-implement dashboards for consum- mobile applications, the development ofers to set and monitor access rights will also personal data exchanges could achieveneed to be developed to overcome the grow- scale in developing economies. The dataing friction in the current environment. and analytics from the increasing use of mobile devices – in particular, locationtransParency data, images from cell phone camerasMost end users still remain unaware of just and mobile finance – can help coun-how much they are tagged, tracked and fol- tries address significant economic andlowed on the Internet. Few individuals real- health challenges with greater precisionise how much data they implicitly give away, and adaptability. As the mobile platformhow that data might be used or even what brings the unbanked into the formalis known about them. Some businesses economy, real-time insights into localbelieve the solution lies in “fessing up”: sim- economies could be gained. Utilising theply increasing the transparency on how per- analytics of m-Health applications couldsonal data is used. But that approach not also help improve public health.only fails to address the privacy and trust 17
  • 18. tion required; globally governed regulations the purview of legacy legal restrictions andneeded to ensure fair compensation; and typically innovate at the edges of what canthe legal frameworks that would ensure ac- be legally done with personal data. A grow-countability and due process. ing concern is the widening chasm between the regulatory oversight on establishedUncertainty and tension also exist around the business models versus new business ide-evolution of personal data exchanges and the as. Additionally, there are concerns on howdegree of political empowerment they could current legal and regulatory stakeholderscreate. Some governments can perceive can systemically adapt to the velocity of in-empowered citizens as a disruptive threat to novation, the complexity of the ecosystemtheir agenda. Understanding the concept of and the scale of personal impact. Given thatuser-centricity in the context of differing social, a single operational or technical change tocultural and political norms is clearly needed. a networked communications service can immediately impact hundreds of millionsincumbents and disruPters of individuals (if not billions), the capabilityDuring the last few decades, a regulatory of policy makers and regulators to under-patchwork has arisen that does not ad- stand a given risk and adapt in real time isequately reflect the needs of a competitive uncertain. Over time, perceptions of over-global market or the pace of technology. regulation and inequity on who can use cer-The personal data ecosystem consists of tain forms of personal data for commercialestablished and new participants; often the purposes may create an imbalance amongregulatory framework covers established private sector models, but regulation takes timeto catch up with emerging, disruptive mod-els. From a regulatory perspective, this can thE riSkS oF an imBalancEdcreate a fundamentally uneven competitive EcoSyStEmplaying field for creating new personal dataservices. Companies with established busi- The key to unlocking the full potential ofness models – those with large customer data lies in creating equilibrium among thebases, legacy investments and trusted various stakeholders influencing the per-brands – typically possess vast amounts of sonal data ecosystem. A lack of balancecustomer data but are legally constrained between stakeholder interests – business,on its use for commercial purposes. Given government and individuals – can desta-those legal constraints, established players bilise the personal data ecosystem in aare generally conservative in their approach way that erodes rather than creates the market and deeply concerned about What follows are just a few possible out-unclear liabilities and legal inconsistencies. comes that could emerge if any one set of stakeholders gained too strong a role inOn the other hand, many new services and the ecosystem.applications are more innovative in their ap-proach and typically use personal data as a the risk of Private sector imbalancecentral component in their business mod- As personal data becomes a primary cur-els. By definition, they tend to fall outside rency of the digital economy, its use as a18
  • 19. means to create competitive advantage will represents a challenge – but it can be done.increase. If little regard is paid to the needs The solution lies in developing policies, in-of other stakeholders, businesses search- centives and rewards that motivate all stake-ing for innovative ways to collect, aggregate holders – private firms, policy makers, endand use data could end up engaging in a users – to participate in the creation, protec-“race to the bottom” building out ever more , tion, sharing and value generation from per-sophisticated “tricks and traps” to capture sonal data. The private and public sectorspersonal data.21 This unfettered mining of can bring their interests closer by creatingpersonal data would alienate end users and an infrastructure that enables the securepossibly create a backlash.22 and efficient sharing of data across organi- sations and technologies. End users can bethe risk of Public sector imbalance gathered into the fold of the private-publicAs countries revise their legal frameworks, partnership by developing mechanisms thatpolicies and regulations to catch up with the safeguard personal data, validate their con-unprecedented surge in data, they could tent and integrity, and protect ownership.inadvertently stifle value creation by over- When end users begin to get a share of theregulating. Additionally, individual coun- value created from their personal data, theytries may seek to act unilaterally to protect will gain more confidence in sharing it.their own citizens from potential harm. Theresulting lack of clarity and consistency in For such a virtuous cycle to evolve, stake-policy across countries could slow down holders in the personal data ecosystem willinnovation and investment. need to define new roles and opportunities for the private and public sectors. Greaterthe risk of end user imbalance mutual trust can lead to increased informa-In the absence of engagement with both tion flows, value creation, and reduced liti-governments and business, end users could gation and regulatory costs.self-organise and create non-commercialalternatives for how their personal data is Over time, all stakeholders should hope-used. While small groups of dedicated indi- fully recognise that the collective metricviduals could collaborate on non-commer- of success is the overall growth of thecial products that have the same impact as ecosystem rather than the success of oneWikipedia and Linux, the issues of limited specific participant. A defining characteris-funding, security and lack of governance tic of such a balanced ecosystem would bewould remain. Over time, the challenges of end user choice. With the ability to switchmanaging personal data at a global scale easily between vendors, competitive pres-could become overwhelming. sures would strengthen the control of the end users and help them differentiateAligning the different interests to create a between different trust frameworks andtrue “win-win-win” state for all stakeholders service providers.21 Clippinger, John. Berkman Center for Internet & Society at Harvard University.22 To learn more about how companies are using new and intrusive Internet-tracking technologies, see“What They Know” (series). Wall Street Journal. 2010. 19
  • 20. Future Potential: Scenarios of aBalanced Personal Data EcosystemWhat Would the personal data ecosystem offer if the needs ofgovernment, private industry and individuals Were appropriatelybalanced?What folloWs are some possibilities for the year 2018.Dianne is a mother of two teenage daughters and a remote caregiver for her father. She’snot terribly sophisticated with technology but she uses some social networks to keep upwith her friends and family. But as the hub of family care, Dianne is tied to several servicesthat keep her family safe, healthy and informed. putting a nEW Spring in hEr StEpDianne recently upgraded her exercise footwear to a wirelessly networked sportsshoe, a product that transforms all of her daily walking into valuable data points. Herhealth insurance provider encourages exercise through a certified, earned creditsystem. With minimal data breach risk, walking translates directly into discounts onmedications, food and other expenses for not only herself but also her father anddaughters linked to her health savings ac-count. This lets Dianne take better care ofher loved ones, which is a more powerful mo-tivator than her own health and wellness. Theinitial savings helped convert her children toregular walking as well. What was routineis now a game as the family competes inactive walking challenges with one another,all the while providing better healthcare foreveryone.Transparency – data usage disclosureControl – opt-in participation with immediate feedback in rewards balanceTrust – certified by identity consortium across health, finance and other service providersValue – discounts powered by data collection that can be applied to many different needsSource: frog design research, 201020
  • 21. at EaSE and SEcurEDianne’s old anxiety over identity theft has been less of a worry since the Personal Data Pro-tection and Portability Act went into effect, legislation the government passed in 2014 grant-ing citizens greater control and transparency over their digital information. Her employerprovides a private, certified Data-Plus Integrity Plan that monitors and ensures the personaldata of her whole family and is portable across jobs. Dianne feels more at ease about herdaughters’ social habits online with the Parent Teachers Association-endorsed TeenSecure.A comprehensive activity summary and alert system means Dianne no longer feels like aspy, monitoring her kids and investigating everynew social site. Her daughters’ access is man-aged, tracked and protected by a trusted sociallyacceptable source. Dianne receives simple, con-venient monthly statements that highlight boththe activity and stored value of her data. As anadded benefit, various retailers offer couponsand discounts during the holidays, in exchangefor Dianne allowing them to use some of thisactivity data as a second currency.Transparency – single view of all activityControl – monitoring of dependentsTrust – government and consumer advocacy backedValue – peace of mind and stored value tranSForming concErn into EaSEWhen Dianne’s father moved into managed care with early-stage symptoms of Alzhe-imer’s disease, her insurance carrier provided her with control of her father’s medicationsand recommended an online dashboard-like tool adapted to his condition. The service isoffered in a partnership with the Alzheimer’s Research Foundation, as well as the Depart-ment of Public Health, which have connected her father’s information and medical healthrecords to her Data-Plus Integrity Plan. Thisprovides Dianne with on-demand monitoringservices, medication compliance tracking andfeedback on how he is feeling. She is also ableto keep tabs on his finances. Dianne hopesthat through the sharing of her father’s medicalcondition, they may one day find a cure. In themeantime, her in-person visits are less aboutevaluating his condition and much more aboutspending time together.Transparency – permission of data accessControl – progression of need increases accessTrust – family-centric data safeguardsValue – transferable controlSource: frog design research, 2010 21
  • 22. kEy EnaBlErS oF a BalancEd Globally, there is a growing consensus thatEcoSyStEm there is an urgent need for greater trust associated with online identities. PeopleWhile building a balanced ecosystem find the increasing complexity of manag-around personal data will require signifi- ing multiple user names and passwordscant commitment from all stakeholders, across different organisations a major in-four critical enablers are apparent: convenience. Additionally, as online fraud and identity theft continue to skyrocket,• An easy-to-understand user-centric ap- people demand greater assurances about proach to the design of systems, tools who they are interacting with. As secure and policies, with an emphasis on and trusted online relationships are estab- transparency, trust, control and value lished with individuals and various institu- distribution; tions, silos of information that were previ- ously unavailable can also become easier• Mechanisms for enhancing trust among to incorporate into personalised solutions. all parties in digital transactions; A market is now taking shape to address• Greater interoperability among existing these concerns on personal identity. In data silos; fact, an ecosystem of interoperable identity service providers offering solutions that are• An expanded role for government, such secure, easy to use and market based is in that governments can use their purchas- its early stages of development.23 As more ing power to help shape commercially services move online (in particular, health available products and solutions that the and financial services), the infrastructure private sector can then leverage. costs of ensuring the identity of who can use a given online offering will continue touser-centricity escalate. The value of paying a third partyThe concept of user-centricity is the central for trusted digital identities will most likelypivot point of the personal data ecosystem. continue to increase as these services re-With greater control placed in the hands duce both the cost of fraud as well as theof individuals, new efficiencies and capa- risk of offering additional value-added serv-bilities can emerge. Many perceive this ices24 (see sidebar, “End user principles”).shift in power as highly disruptive. It createsa diversity of perspectives on if, how and trust enablerswhen the “pivot for the people” might occur. Interviews and discussions with leadingIn short, the transition to user-centricity is privacy advocates, regulatory experts andanything but simple. It’s hard collectively to business leaders lead to an overwhelmingframe and act upon it due to the significant consensus: trust is another key ingredientdifferences in cultural, geopolitical and in- required for creating value from today’sstitutional norms. oceans of disparate personal data. Without23 National Strategy for Trusted Identities in Cyberspace. Draft. June 25, 2010.24 Reed, Drummond. “Person Data Ecosystem.” Podcast Episode 2, December 2010.22
  • 23. End user principles Transparency TrustWhat is a meaningful way to understand Which investments in building trust willtransparency, and who provides the help users feel comfortable allowinglens to the user? others to access their data?People naturally expect the right to see, Personal data is difficult, if not impossi-and thus know, the data that is being ble, to un-share. Once shared, it gainscaptured about them. If that right is a life of its own. Given the risk of unin-not respected, they feel deceived and tended consequences, people rely heav-exploited. Upon seeing this reflection ily on trust to guide their decisions. Butof themselves through their personal how is trust formed? Different thresh-data, people start to feel a sense of olds of trust exist for different types ofpersonal connection and ownership, data. While a majority of people acceptleading to the desire for control. How- a certain level of risk, viewing it as anever, people struggle to form a mental opportunity cost for gaining something,model of something that is fragmented the benefits are often coupled with feel-and abstract in nature. This creates a ings of anxiety and fear. Such concernschallenge: what is invisible must be will continue to limit the potential valuerevealed, made tangible and ultimately of personal data until a comprehensiblebe connected across different points of model for creating and certifying trustaccess. relationships is adopted on a large scale. Control ValueWhat are the primary parameters that What measures must be taken to ensureinfluence how users will want to control that data created today is a mutuallytheir data, and how are they adapted to beneficial asset in the future?different contexts? The value of personal data is wildlyPeople naturally want control over data subjective. Many business models havethat is both about them and often cre- emerged that encourage and capitaliseated by them. Control can be exercised on the flow of that data. Consumers arein three ways: becoming increasingly aware of the value of the data they generate even in mun-(a) directly through explicit choices; dane interactions like a Google search.(b) indirectly by defining rules; While direct personal data has an inherent(c) by proxy. value, secondary inferred data can often be mined and interpreted to producePeople’s perception of a given situa- new information of equal or greater value.tion will determine whether they The long-term impact of the aggrega-choose to exercise control. The more tion and unchecked dissemination of thissubtle qualities of an experience (such information is unknown. Digital behaviouras feedback, convenience and today may yield positive distributed valueunderstanding) will determine how across the ecosystem in the near term,they choose to exercise that but can have detrimental consequencescontrol. for the end user in the future. 23
  • 24. the establishment of trust, particularly the seen the emergence of digital personal trust of the end user, a personal data eco- data as a valuable asset. Inadequate system that benefits all stakeholders will legislation has thus made standards sur- never coalesce. rounding the use of personal data incon- sistent. To use a metaphor, trust is the lubri- cant that enables a virtuous cycle for Furthermore, many organisations employ the ecosystem: it legacy technology systems and databas-“A collective metric of suc- engenders stake- es that were created in proprietary, closedcess could emerge where holder participa- environments. As a result, personal datathe overall growth of the tion, which, in today is often isolated in silos – boundecosystem was the goal – turn, drives the by organisational, data type, regional orrather than the success of value creation service borders – each focusing on a lim-one particular institution.” process. For such ited set of data types and services. a virtuous cycle “Rethinking Personal Data” project to evolve, mutual To achieve global scale, technical, se- trust needs to be mantic and legal infrastructures will need at the foundation of all relationships. In- to be established that are both resilient creased trust leads to increased informa- and interoperable. The US National Strat- tion flows, sharing and value creation and egy for Trusted Identities in Cyberspace reduces litigation and regulatory costs. notes three types of interoperability for identity solutions:25 increasinG interoPerability and the sharinG of Personal data • Technical interoperability – The ability Promoting solutions that drive the ex- for different technologies to communi- change and “movement” of personal data cate and exchange data based upon in a secure, trust- well-defined and widely adopted inter-“We do not have the data- ed and authenti- face standards;sharing equivalent of cated manner isSMTP, but as we develop also essential. To- • Semantic interoperability – Theor achieve real data porta- day, it is difficult ability of each end point to communi-bility we will have a stand- to share personal cate data and have the receiving partyardised infrastructure for data across pri- understand the message in the sensedata sharing that does not vate and public intended by the sending party;require centralisation. ” organisations and jurisdictions. This • Legal interoperability – Common busi- Interviewee, “Rethinking Personal Data” is due to a combi- ness policies and processes (e.g., project nation of techno- identity proofing and vetting) related to logical, regulatory the transmission, receipt and accept- and business factors. Decades-old priva- ance of data between systems, which cy laws and policies could not have fore- a legal framework supports. 25 “National Strategy for Trusted Identities.” Draft pages 8–9. June 25, 2010. 24
  • 25. standards, existing pilots and collabora- US Department of Health & Human tion with industry and advocacy groups, Services: “Blue Button” initiative26 a functional degree of interoperability can Personal data also has clear opportuni- be achieved in a shorter time frame. ties to create value for the public sector. In October 2010, the US Department of Despite this “need for speed” the levels , Health’s Medicare arm launched its “Blue of reliability, integrity and security for Button” application. It’s a Web-based fea- both the individual and the computing in- ture that allows patients easily to down- frastructure cannot be understated. The load all their historical health information broad private sector support to cooperate from one secure location and then share in the sharing of personal data will bring it with healthcare providers, caregivers with it extremely high technical, legal and and others they trust – something that performance requirements. wasn’t possible before. The service is innovative in many ways. Government as enabler First, it allows Medicare beneficiaries Governments have a vital role to play in to access their medical histories from accelerating the growth of a balanced various databases and compile sources personal data ecosystem. Their influence into one place (e.g., test results, emer- manifests itself along three primary di- gency contact information, family health mensions. history, military health history and other health-related information). Second, First, they play a dominant role in crafting the service provides the information in the legal and regulatory environments that a very convenient and transportable shape what is possible in the ecosystem. format (ASCII text file). That allows it to This is a challenging role in many respects. be shared seamlessly with virtually any Within the national context, regulators are healthcare or insurance provider. Finally, being asked to balance consumer protec- Blue Button fully empowers the end user: tion with the need to create a business en- patients are given control over how their vironment conducive to innovation, growth information is shared and distributed. and job creation. On top of that, many That allows them to be more proactive global industry participants are turning to about – and have more insight into – the national and regional regulatory bodies to medical treatments that they need. harmonise guidelines to facilitate global platforms.It is important to stress that the call for Second, governments are active partici-interoperability does not equate to work- pants in ongoing experiments regardinging exclusively with standards bodies. how the personal data ecosystem can beIn many cases standards take too long. harnessed to achieve important socialBy leveraging open protocols, de facto goals such as providing more efficient and26 “‘Blue Button’ Provides Access to Downloadable Personal Health Data.” Office of Science and TechnologyPolicy, the White House website. 25
  • 26. “We must have empowered cost-effective serv- ery, governments can write specificationsusers, but no one is sug- ices to citizens, for everything from security protocols togesting the user should stopping epidem- end user interfaces and data portabilitybe able to edit his or her ics before they options. Successful projects can servecriminal records. We’re become pandem- as proof points and major references forlooking at a collaborative ics and using data- innovative solutions.model with users who are mining techniquesas empowered as we can to enhance nation- Hands-on experience gained in leverag-make them. ” al security. ing personal data for government services and objectives, combined with insights Interviewee, “Rethinking Personal Data” Third, and perhaps gleaned from negotiations with vendors, project most importantly, can give regulatory deliberations a very given their pur- practical bent, which should be beneficial chasing power, governments are in a posi- to all parties. tion to influence significantly commercially available solutions. In crafting requests for proposals to help modernise service deliv- 26
  • 27. Section 2:Stakeholder Trust and Trust FrameworksAchieving a high level of stakeholder trust The magnitude of data breachesrequires a set of legal and technical struc- The Privacy Rights Clearinghousetures to govern the interactions of partici- estimates that in the US alone, morepants within the ecosystem. The concept of than 2,000 publicly announced datatrust frameworks is emerging as an increas- breaches have occurred since 2005.ingly attractive means for the personal data These include instances of unintendedecosystem to scale in a balanced manner. disclosure of sensitive information, hacksTrust frameworks consist of documented and payment card fraud, all of whichspecifications selected by a particular resulted in a staggering 500-million-plusgroup (a “trust community”). These govern records of data being compromised.the laws, contracts and policies undergird-ing the technologies selected to build the Source: Privacy Rights Clearinghouseidentity system. The specifications ensurethe system reliability that is crucial for cre-ating trust within the ecosystem. establish a user name and password, and invariably requires the sharing of such per- sonal data as name, address and creditthE truSt FramEWork modEl card information. Not only is this inconven- ient, it’s unsafe. It puts our personal dataThe Open Identity Trust Framework model onto every server with which we interact,(OITF) is a working example. Built to Inter- increasing the odds that our data may benet scale, it offers a single sign-on envi- compromised.ronment for trust between relying partiesand end users. The model addresses two The second problem trust frameworksproblems with the way end users and rely- address is the lack of certainty abouting parties interact with the Internet today: online identities. In most of today’s Internet transactions, neither the user nor the rely-• The proliferation of user names and ing party is completely sure of the other’s passwords; identity. That creates a huge opening for identity theft and fraud. In 2009, more than• The inability of relying parties to verify $3 billion in online revenue was lost due the identity of other entities. to fraud in North America.27 Some $550 million of that was money lost by individualMost people can relate to the first problem. US consumers.28 The hope is that with aAlmost every website requires visitors to richer, scalable and more flexible identity27 CyberSource. 11th Annual “Online Fraud Report.” 2010.28 2009 “Internet Crime Report.” Internet Crime Complaint Center. US Department of Justice, 2010. 27
  • 28. FigurE 5: thE opEn idEntity truSt FramEWork modEl Policy makers Identity service Trust framework provider (TFP) provider Relying party Assessor User Contracts with the trust framework provider for implementing requirements set by policy makers Other agreements potentially affected by requirements set by policy makersSource: OITFmanagement system, these losses can be framework provider recruits assessorsreduced. responsible for auditing and ensuring that framework participants adhere toThe model defines the following roles (see the specifications;Figure 5) to support Internet-scale identitymanagement: • Identity providers (IdPs) issue, verify and maintain online credentials for an indi-• Policy makers decide the technical, op- vidual user. Relying parties accept these erational and legal requirements for credentials and have firm assurances exchanges of identity information among that the IdP has analysed and validated the group they govern; the individual user;• Trust framework providers translate • Assessors evaluate IdPs and relying these requirements into the building parties, and certify that they are capable blocks of a trust framework. They then of following the trust framework provid- certify identity verification providers that er’s blueprint. provide identity management services in accordance with the specifications Within such a trust framework model, end of the trust framework. Finally, the trust users can access multiple sites (relying28
  • 29. FigurE 6: pErSonal data SErvicES StorE End uSErS’ data and providEapplicationS that EnaBlE thEm to managE, SharE and gain BEnEFit From thEirpErSonal data29 Alices Attribute Data Service Local personal data store Managed data stores Telco 1 Credit card profile Facebook Ad preferences Anonymous Age >21 profile Friends, Home address Amazon interests Equifax Facebook Local DB AmazonSource: The Eclipse Foundationparties) using a single credential issued by data to complete the transaction. In somean identity provider. On their part, the sites cases, that may simply amount to verifica-can rest assured about the identities of the tion of the availability of the funds beingindividuals they are doing business with. transmitted to the relying party.This screening is similar to how a car rentalagent trusts that a driver can legally oper-ate an automobile because he or she has a pErSonal data SErvicESvalid driver’s licence. The trust framework model will bringWith such a framework, users would need benefits to end users in the form ofonly to share less sensitive personal data increased privacy and a more seamlesswith relying parties. No longer would they and convenient Web experience. But suchhave to enter their name, address and advantages can be extended through thecredit card information in order to purchase related concepts of personal data servic-a Web service. Using the trust framework, es and vendor relationship managementthey would share the minimum amount of (VRM).29 Higgins Open Source Identity Framework is a project of The Eclipse Foundation. Ottawa, Ontario, Cana-da. 29
  • 30. Personal data services provide the safe have primarily been at websites where themeans by which an end user can store, level of assurance required is relatively low,manage, share and gain benefit from his or such as those enabling blogging or provid-her personal data. These data can range ing news content. They need to be deployedfrom such self-asserted attributes as the in environments that encompass more high-individual’s likes, preferences and interests risk transactions, such as logging into a bankto such managed and verified attributes as account. Only then will proponents know ifa person’s age, credit score or affiliations, these ideas can achieve Internet scale.and histories with external entities likefirms, government agencies and the like Risks and uncertainties also surround the(see Figure 6). business models for both identity providers and relying parties. While a large numberPersonal data services consolidate end of private enterprises have begun workingusers’ digital identity, allowing them to con- in this space (Acxiom, AOL, Citibank, Equi-trol which third parties are entitled to ac- fax, Google and PayPal) the economics arecess – along with how, when and at what unclear.30price. VRM extends this control to the realmof realising direct value – monetary or in From the perspective of relying parties, thekind – from the personal data stored and benefits of transitioning to a user-centricmanaged by personal data services provid- model are still emerging. In this new ap-ers. proach, relying parties will be constrained on collecting data for free and will need toThese emerging concepts will help build start paying for end user data. While somestakeholder trust and herald additional ben- believe that an aggregated and holistic viewefits for end users and relying parties alike. of an individual would be more valuable, theIndeed, some promising trials are already balance of trade between what relying par-under way. Yet more testing will be needed ties would be willing to share versus the newto resolve some open questions about the insights and efficiencies they would gainviability of these concepts. from a holistic user-centric view are unclear. However, the cost of online fraud and riskkEy uncErtaintiES oF truSt mitigation could be enough to make relyingFramEWorkS parties seriously consider participating in a more collaborative model. On average, on-Trust frameworks and personal data serv- line fraud represented 1.2 per cent of a Webices are concepts in their infancy. Despite retailer’s revenue in 2009.31encouraging pilots in the US and the UK,they need further refinement and testing to Finally, building end user awareness isfulfil their promise. Implementations thus far another uncertainty. How can firms com-30 Kreizman, Gregg, Ray Wagner and Earl Perkins. “Open Identity Pilot Advances the Maturity of User-Cen-tric Identity, but Business Models Are Still Needed.” Gartner, November 9, 2009. Cybersource. “11th Annual Online Fraud Report.” 2010.30
  • 31. municate to individuals the advantages of personal data dashboards. Further investi-managing their personal data? For a start, gation is therefore needed into applicationscompanies must themselves fully under- and services that provide end users withstand the convenience, value proposi- convenient, contextually relevant and sim-tion, contextual nuances and usability of plified control over their data. 31
  • 32. Section 3:ConclusionsPersonal data will continue to increase in trust frameworks? What are the busi-dramatically in both quantity and diversity, ness model mechanics? Who will pay forand has the potential to unlock significant identity provider services?economic and societal value for end users,private firms and public organisations alike. what is required and why Complex blueprints for Internet businessThe business, technology and policy trends models typically come to life in iterativeshaping the nascent personal ecosystem steps. For example, the retail bankingare complex, interrelated and constantly sector evolved online through succes-changing. Yet a future ecosystem that both sive phases of change. Trust frameworksmaximises economic and societal value – need similar pressure testing in large-and spreads its wealth across all stakehold- scale applications to prove these con-ers – is not only desirable but distinctly pos- cepts can be instrumental in unlockingsible. To achieve that promise, industries economic and societal value. Addition-and public bodies must take coordinated ally, end user participation in testing andactions today. Leaders should consider tak- developing these trust frameworks ising steps in the following five areas: crucial. Offering more transparency on how personal data is used and educat- ing end users on the benefits they can1. innovatE around uSEr-cEntricity extract from such applications – two ar-and truSt eas lacking in the ecosystem today – will significantly strengthen trust among allwhere we stand today stakeholders.Innovative concepts already exist onhow personal data can be shared in a recommended next stePsway that allows all stakeholders to trust Private firms and policy makers shouldthe integrity and safety of this data. consider the following next steps:Examples of such trust frameworks in-clude the Open Identity Trust Framework • Invest in open and collaborative tri-and Kantara’s Identity Assurance Frame- als orchestrated by end user privacywork. However, no truly large-scale appli- groups or academics;cation of a trust framework has yet beenrolled out. As a consequence, we remain • Integrate principles surrounding enduncertain about how to take advan- user trust and data protection intotage of personal data while still aligning the development of new services andstakeholder interests. Also unanswered platforms (the concept of “privacy byare questions such as: What are the in- design”), particularly when designingcentives for stakeholders to participate new “e-government” platforms;32
  • 33. • Engage with leading innovators and end of internationally accepted, user-centric user advocacy groups to explore the fur- principles. Additionally, a set of commonly ther applications for, and development accepted terms of, trust frameworks. and definitions – a “Digital bill of rights have taxonomy – sur- been introduced a half rounding personal dozen times... If they are2. dEFinE gloBal principlES For uSing data concepts must introduced in conjunctionand Sharing pErSonal data be created to al- with a way for them to be low unencumbered actionable by large popu-where we stand today dialog. Although lations of people then itPrivacy-related laws and police enforcement it is unrealistic to may have more success. ”differ significantly across jurisdictions, of- hope to develop Interviewee,ten based on cultural, political and histori- globally accepted “Rethinking Personal Data”cal contexts. Attempts to align such policies standards and projecthave largely failed.32 But the need is growing. frameworks whileMany Internet services, in particular those national and regional versions are still inbased upon cloud computing delivery mod- significant flux, establishing a standing,els, require the cross-jurisdictional exchange cross-regional dialog will allow for moreof personal data to function at optimal levels. rapid harmonisation once regulatory envi- ronments do begin to stabilise.what is required and whyThe downside of the current divergence in It is imperative for private sector firms toregulatory frameworks manifests itself in participate in at least some of these dia-several ways. First, companies striving to logs, as they can share real-world perspec-provide products and services based upon tives on the cost and challenges of deal-personal data see significant complexity ing with divergent regulations and can helpcosts associated with compliance. As a re- public sector officials adapt pragmatic andsult of these costs, they may choose not to consistent policies.offer their product and services in certainsmaller markets, where the cost of doing recommended next stePsbusiness may outweigh incremental prof- • Policy makers and private firms shouldits. That decision to opt out obviously hurts launch an international dialog to staythe users who cannot access the services. informed about proposed laws and poli-Less obvious is the fact that users with ac- cies that would have a global bearing oncess are also hurt, as the value of many of their markets. This dialog should encom-these services increases with the number pass governments, international bod-of users. ies such as the World Trade Organiza- tion, end user privacy rights groups andA truly global and seamless exchange of representation from the private sector.personal data will not emerge without a set It should include not only US and Eu-32 See, for example, Connolly, Chris. “The US Safe Harbor – Fact or Fiction?” Galexia, 2008. 33
  • 34. ropean Union members, but interested ble outcome for all stakeholders. Instead, parties from the Asia-Pacific region and national and regional agencies must adopt emerging countries; 21st-century digital policies that promote and accelerate favourable behaviour from• Among the outputs of this body would all market participants. be an agreed-upon benchmark measur- ing the effectiveness of national regula- recommended next stePs tions and their impact on free markets. • In the United States: Private firms should This could prove vital in unearthing and closely watch developments of the spreading best practises that could National Strategy for Trusted Identities ultimately guide the development of con- in Cyberspace programme and the pri- sistent national policies. vacy bill – and seek ways to contribute to them. Private firms and advocacy groups need to be in constant dialog with the3. StrEngthEn thE dialog BEtWEEn US Department of Commerce, therEgulatorS and thE privatE SEctor Federal Trade Commission and other bodies to help shape future legislation andwhere we stand today policies;The roots of today’s data privacy laws grewfrom the aspirational principles of the early • In the European Union: Private firms1980s, which reflected a consensus about should collaborate with the Europeanthe need for standards to ensure both indi- Commission in its move to revise the EUvidual privacy and information flows.33 But privacy directive and to synchronise leg-over the last two decades, these principles islation across its member states. A re-have been translated very differently into vised EU privacy directive is schedulednational policies in the US, the European to go into effect in 2011, after a periodUnion and the Asia-Pacific. Although most of public consultation through the Eu-of these laws aim to maximise data protec- ropean Commission’s website duringtion and individual control, many experts January;34question their practical effectiveness giventechnological advances. Some govern- • In other countries: In other regions thatments, such as in the US and European differ from the US or the EU in culturalUnion, are therefore revising their policies. or social norms, very different paths in adopting policy frameworks will be re-what is required and why quired. However, given the global rel-Topic experts and executives involved in evance of many such markets in thethe “Rethinking Personal Data” project future digital economy, private firms andagree that self-regulation of markets policy makers should not just wait andrelated to personal data is not a desira- see. One initial step in making progress33 See, for example, Cate, Fred H. “The Failure of Fair Information Practice Principles.” Consumer Protectionin the Age of the Information Economy, 2006. Ashford, Warwick. “Revised EU Privacy Laws to Demand Greater Transparency on the Web.”, November 5, 2010.34
  • 35. could be to seek ways to harmonise and the public sector will require common fragmented national privacy policies. For communication standards, system archi- example, a starting point in Asia could tectures, accepted personal data terms be the Asia Pacific Privacy Charter Ini- and definitions, and standard interface de- tiative, which, since 2003, aims to align sign specifications. privacy policies and to promote best practises in regulatory and legislative recommended next stePs frameworks in the region. • Private firms, in particular those from the information communication technolo- gies sector, should participate in initia-4. FocuS on intEropEraBility and tives that aim to align today’s jumble ofopEn StandardS standards. The Open Web Foundation is one such example: it has helped compa-where we stand today nies define commonly accepted stand-A large variety of syntax and semantic ards and avoid competitive deadlocks;36standards exist to describe and share per-sonal data. Most of those standards are • Private firms and public bodies shouldproprietary and were often invented in an use the knowledge gained from ongo-ad hoc manner without broader consulta- ing pilot tests of trust frameworks andtion with industry peers. While some open related services to inform standardisa-standards are emerging – for example, in tion bodies, such as the IEEE;the realm of digital identities, standardsinclude ISO/IEEE, Mozilla and OIX – no • To build momentum, firms and public or-standards are in place for many other data ganisations should monitor the ongoingtypes, particularly new ones. The history of dialog to identify the most valuable typesthe Internet shows that open standards can of personal data and focus standardisa-improve data portability significantly. One tion efforts on those first.example from the 1980s was the advent ofthe simple mail transfer protocol (SMTP),which superseded various proprietary 5. continually SharE knoWlEdgEemail standards.35 where we stand todaywhat is required and why Interested sponsors continually hold aIf we posit that the highest potential for large number of conferences, events,economic and societal value creation lies websites, private-public discussions andin the aggregation of different personal blogs on the different aspects of the per-data types, the implication is clear: To en- sonal data ecosystem. Even for activeable the seamless sharing of personal data dialog participants, it’s challenging toacross organisational borders, private firms keep up with the latest developments and35 Strauser, Kirk. “The History and Future of SMTP.” FSM, March 4, 2005.36 Taft, Darryl K. “Microsoft Specs Support Open Web Foundation Agreement.” eWEEK, November 25, 2009. 35
  • 36. research. Some platforms are aiming to recommended next stePssynthesise this ongoing dialog, yet none • Private firms should nominate a centralhas yet reached a critical mass with pri- gatekeeper in the organisation who ac-vate and public stakeholders. tively contributes to the personal data dialog. That person’s purview would notwhat is required and why only include privacy but also encompassThe goal is to aggregate the key insights a business development and strategic– from both successful and unsuccess- perspective;ful initiatives – in a timely and unbiasedmanner. This would enable the sharing • Private and public sector representativesof lessons learned, right from the intro- should invest in a jointly run organisationduction of new personal data services that facilitates a truly global dialog aboutto the development of further research personal data – one that stretches acrossactivities. industries and regions. Given private com- panies’ increasing propensity to be multi- national, the onus is on them to pressure their respective governments to think on a global scale.36
  • 37. Glossary of Termsend userThis term refers to individual consumers, citizens or persons about and from whompersonal data is created. End users are also able to participate in the use and proliferationof personal data via related services, applications and technology. End users are typicallyrepresented on a broad, public scale by consumer advocacy groups, such as the AmericanCivil Liberties Union (ACLU) in the United States.end user-centricityEnd user-centricity refers to the concept of organising the rules and policies of the personaldata ecosystem around the key principles that end users value: transparency into what datais captured, control over how it is shared, trust in how others use it and value attributablebecause of it.identity ProviderIdentity providers (IdPs) issue, verify and maintain online credentials for an individual user.Relying parties accept these credentials and have solid assurances that the IdP has ana-lysed and validated the individual user in accordance with specifications.Person37A person can be defined as a natural person, a legal person or a digital persona. A naturalperson refers to a specific human being with an individual physical body (e.g., John Smith).A legal person refers to a body of persons or an entity (as a corporation) considered as hav-ing many of the rights and responsibilities of a natural person and in particular the capacityto sue and be sued (e.g., John Smith and Associates, LLC). Legal persons encompass awide range of legal entities, including corporations, partnerships, limited liability compa-nies, cooperatives, municipalities, sovereign states, intergovernmental organisations andsome international organisations. A digital persona (or identity) can be understood as adigital representation of a set of claims made about a person, either by themselves or byanother person (e.g., or Note that anatural person may have multiple digital personae.Personal dataWe broadly define personal data as data and metadata (i.e., data about data) relatingto an identified or identifiable person or persons. Our definition is based upon EuropeanUnion Directive 95/46/EC. Personal data can be created in multiple ways, including: (1)volunteered data, which is created and explicitly shared by individuals (e.g., social networkprofiles); (2) observed data, which is captured by recording the actions of individuals (e.g.,37 Sourced from Davis, Marc, Ron Martinez and Chris Kalaboukis. “Rethinking Personal Information – Work-shop Pre-read.” Invention Arts and World Economic Forum, June 2010. 37
  • 38. location data when using cell phones); and (3) inferred data, which is data about individualsbased on analysis of volunteered or observed information (e.g., credit scores).Privacy38The term privacy has two separate meanings. The public use of the term privacy is verybroad, and it is used to reference nearly anything that has to do with personal data and moregenerally the perceived rights of an individual in relationship to a group. The legal meaningis much narrower. In US domestic law, it refers to a constitutional right (as interpreted bythe courts) and several specific tort rights. Privacy tort rights, which are based mostly incommon law (i.e., cases as opposed to statutes), are generally categorised to include theprotection of solitude and has developed to include protection of “personality.” Privacy tort“causes of action” are generally recognised to protect against four kinds of wrongs againstthe invasion of privacy. That includes (1) the appropriation of a person’s picture or nameby another for their commercial advantage (generally the promotion of goods), (2) the in-trusion on a person’s affairs or seclusion (if objectionable to a reasonable person), (3) thepublication of facts that place a person in a false light (for example, publicly attributing anaction or statement to a person that he or she did not make), and (4) public disclosures ofprivate facts about the person. Both the public and legal meanings have one thing in com-mon; they are both associated with “protection from harm” of the affected person.Private sector (or comPanies)Within the context of the personal data ecosystem, the “private sector” refers to for-profitcompanies and private organisations involved in the capture, storage, analysis and sharingof personal data for the purposes of developing – and monetising – related services andapplications. Private sector participants are not limited by size or industry group: they areany private entity that directly manipulates personal data for explicit financial gain.Public sector (or aGencies)Within the context of the personal data ecosystem, the public sector refers to governments(and their agencies) and nonprofit public organisations that are involved in the passingof legislation and policies that regulate the capture and use of personal data within theirrespective jurisdictions. Public sector entities also participate in capturing and storing per-sonal data (e.g., social security information), as well as the development of related servicesand applications.relyinG PartyIn the context of trust frameworks, relying parties are typically businesses or organisationsthat rely on personal data as a means to verify the identities of their customers or partners.Without reliable and verifiable information, these transactions can be fraught with risks,including fraud.38 Ibid.38
  • 39. trust frameworksWithin the context of online and digital transactions, a trust framework is a formalised speci-fication of policies and rules to which a participant (e.g., an end user, relying party oridentity provider) must conform in order to be trusted. These policies include requirementsaround identity, security, privacy, data protection, technical profiles and assessor qualifi-cations. This trust may be subject to different levels of assurance or protection, which areexplicitly made clear to all parties.3939 Ibid. 39
  • 40. The World Economic Forum is an independent internationalorganisation committed to improving the state of the worldby engaging business, political, academic and otherleaders of society to shape global, regional and industryagendas.Incorporated as a foundation in 1971, and based inGeneva, Switzerland, the World Economic Forum isimpartial and not-for-profit; it is tied to no political, partisanor national interests. World Economic Forum 91- 93 route de la Capite CH – 1223 Cologny/Geneva Switzerland Tel.: +41 (0) 22 869 1212 Fax: +41 (0) 22 786 2744 email: