Successfully reported this slideshow.

WEF - Personal Data New Asset Report2011

1

Share

1 of 40
1 of 40

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

WEF - Personal Data New Asset Report2011

  1. 1. Personal Data: The Emergence of a New Asset Class
  2. 2. An Initiative of the World Economic Forum January 2011 In Collaboration with Bain & Company, Inc. The views expressed in this publication do not necessarily reflect those of the World Economic Forum or the contributing companies or organisations. Copyright 2011 by the World Economic Forum. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying or otherwise without the prior permission of the World Economic Forum. Title picture by frog design inc.
  3. 3. Acknowledgements This document was prepared by the World Economic Forum, in partnership with the individuals and organisations listed below. World Economic Forum Professor Klaus Schwab Executive Chairman Alan Marcus Senior Director, IT & Telecommunications Industries Justin Rico Oyola Associate Director and Project Lead, Telecommunications Industry William Hoffman Head, Telecommunications Industry Bain & company, inc. Michele Luzi Director The following experts contributed substantial research and interviews throughout the “Rethinking Personal Data” project. We extend our sincere gratitude to all of them. Julius Akinyemi MIT Alberto Calero France Telecom Ron Carpinella Equifax Chris Conley ACLU Douglas Dabérius Nokia Siemens Networks Timothy Edgar Office of the Director of National Intelligence, USA Jamie Ferguson Kaiser Permanente Michael Fertik ReputationDefender Tal Givoly Amdocs Kaliya Hamlin Personal Data Ecosystem William Heath Mydex Trevor Hughes International Association of Privacy Professionals Betsy Masiello Google Mita Mitra BT Group Drummond Reed Information Card Foundation Nasrin Rezai Cisco Natsuhiko Sakimura OpenID Foundation Kevin Stanton MasterCard Advisors Pamela Warren McAfee Von Wright AT&T projEct StEEring Board This work would also not have been possible without the commitment of: John Clippinger Berkman Center for Internet and Society, Harvard University Scott David K&L Gates Marc Davis Microsoft Robert Fabricant frog design Philip Laidler STL Partners Alexander (Sandy) Pentland MIT Fabio Sergio frog design Simon Torrance STL Partners
  4. 4. Table of Content IntroductIon 5 ExEcutIvESummary 7 SEctIon1: PErSonaldataEcoSyStEm:ovErvIEw 13 SEctIon2: StakEholdErtruStandtruStFramEworkS 27 SEctIon3: concluSIonS 32 GloSSaryoFtErmS 37
  5. 5. Introduction We are moving towards a “Web of the world” in which mobile communications, social technologies and sensors are connecting people, the Internet and the physical world into one interconnected network.1 Data records are collected on who we are, who we know, where we are, where we have been and where we plan to go. Mining and analysing this data give us the ability to understand and even predict where humans focus their atten- tion and activity at the individual, group and global level. This personal data – digital data created by and about “Personal data is the new people – is generating a new wave of opportunity for oil of the Internet and the economic and societal value creation. The types, quan- new currency of the digital tity and value of personal data being collected are vast: world. ” our profiles and demographic data from bank accounts to Meglena Kuneva, European medical records to employment data. Our Web searches Consumer Commissioner, and sites visited, including our likes and dislikes and pur- March 2009 chase histories. Our tweets, texts, emails, phone calls, photos and videos as well as the coordinates of our real-world locations. The list con- tinues to grow. Firms collect and use this data to support individualised service-delivery business models that can be monetised. Governments employ personal data to provide critical public services more efficiently and effectively. Researchers accelerate the devel- opment of new drugs and treatment protocols. End users benefit from free, personalised consumer experiences such as Internet search, social networking or buying recommen- dations. And that is just the beginning. Increasing the control that individuals have over the man- ner in which their personal data is collected, managed and shared will spur a host of new services and applications. As some put it, personal data will be the new “oil” – a valuable resource of the 21st century. It will emerge as a new asset class touching all aspects of society. At its core, personal data represents a post-industrial opportunity. It has unprecedented complexity, velocity and global reach. Utilising a ubiquitous communications infrastruc- ture, the personal data opportunity will emerge in a world where nearly everyone and everything are connected in real time. That will require a highly reliable, secure and avail- able infrastructure at its core and robust innovation at the edge. Stakeholders will need to embrace the uncertainty, ambiguity and risk of an emerging ecosystem. In many ways, this opportunity will resemble a living entity and will require new ways of adapting and responding. Most importantly, it will demand a new way of thinking about individuals. 1 Many of these concepts and background information have been introduced in: Davis, Marc, Ron Martinez and Chris Kalaboukis. “Rethinking Personal Information – Workshop Pre-read.” Invention Arts and World Economic Forum, June 2010. 5
  6. 6. Indeed, rethinking the central importance of the individual is fundamental to the transfor- mational nature of this opportunity because that will spur solutions and insights. As personal data increasingly becomes a critical source of innovation and value, busi- ness boundaries are being redrawn. Profit pools, too, are shifting towards companies that automate and mine the vast amounts of data we continue to generate.2 Far from certain, however, is how much value will ultimately be created, and who will gain from it. The un- derlying regulatory, business and technological issues are highly complex, interdepend- ent and ever changing. But further advances are at risk. The rapid rate of technological change and commerciali- sation in using personal data is undermining end user confidence and trust. Tensions are rising. Concerns about the misuse of personal data continue to grow. Also mounting is a general public unease about what “they” know about us.3 Fundamental questions about privacy, property, global governance, human rights – essentially around who should ben- efit from the products and services built upon personal data – are major uncertainties shaping the opportunity. Yet, we can’t just hit the “pause button” and let these issues sort themselves out. Building the legal, cultural, technological and economic infrastructure to enable the development of a balanced personal data ecosystem is vitally important to improving the state of the world. It is in this context that the World Economic Forum launched a project entitled “Rethinking Personal Data” in 2010. The intent of this multiyear project is to bring together a diverse set of stakeholders – private companies, public sector representatives, end user privacy and rights groups, academics and topic experts. The aim is to deepen the collective un- derstanding of how a principled, collaborative and balanced personal data ecosystem can evolve. In particular, this initiative aims to: • Establish a user-centric framework for identifying the opportunities, risks and collabo- rative responses in the use of personal data; • Foster a rich and collaborative exchange of knowledge in the development of cases and pilot studies; • Develop a guiding set of global principles to help in the evolution of a balanced per- sonal data ecosystem. 2 Bain Company Industry Brief. “Using Data as a Hidden Asset.” August 16, 2010. 3 Angwin, Julia. “The Web’s New Gold Mine: Your Secrets.” Wall Street Journal. July 30, 2010. http://online. wsj.com/article/SB10001424052748703940904575395073512989404.html 6
  7. 7. Executive Summary pErSonal data: untappEd From a private sector perspective, some opportunitiES For SocioEconomic of the largest Internet companies such as groWth Google, Facebook and Twitter clearly show the importance of collecting, aggregating, analysing and monetising personal data. The rate of increase in the amount of data These rapidly growing enterprises are built generated by today’s digital society is as- on the economics of personal data. tounding. According to one estimate, by 2020 the global volume of digital data will Governments and public sector institutions increase more than 40-fold.4 Beyond its are also transforming themselves to use sheer volume, data is becoming a new data as a public utility. Many governments type of raw material that’s on par with capi- have successfully launched e-governance tal and labour.5 As this data revolution era initiatives to improve the efficiency and ef- begins, the impact on all aspects of society fectiveness of communication among vari- – business, science, government and en- ous public organisations – and with citizens. tertainment – will be profound. But some of the most profound insights are coming from understanding how individuals Personal data – a definition themselves are creating, sharing and using For this report personal data is defined personal data. On an average day, users as data (and metadata) created by and globally send around 47 billion (non-spam) about people, encompassing: emails6 and submit 95 million “tweets” on • Volunteered data – created and explic- Twitter. Each month, users share about 30 itly shared by individuals, e.g., social billion pieces of content on Facebook.7 The network profiles. impact of this “empowered individual” is just beginning to be felt. • Observed data – captured by record- ing the actions of individuals, e.g., However, the potential of personal data location data when using cell phones. goes well beyond these promising begin- • Inferred data – data about individuals nings to vast untapped wealth creation based on analysis of volunteered opportunities. But unlocking this value or observed information, e.g., credit depends on several contingencies. The scores. underlying regulatory, business and tech- Source: World Economic Forum, June 2010. nological issues are highly complex, inter- dependent and ever changing. 4 IDC. “The Digital Universe Decade – Are You Ready?” May 2010. 5 The Economist. “Data, Data Everywhere.” February 25, 2010. 6 The Radicati Group. “Email Statistics Report, 2009–2013.” May 2009. 7 “Twitter + Ping = Discovering More Music.” Twitter Blog. November 11, 2010; “Statistics.” Facebook Press Room. January 11, 2011. http://www.facebook.com/press/info.php?statistics 7
  8. 8. thE pErSonal data EcoSyStEm – regulators have the mandate to protect the WhErE WE Stand today data security and privacy rights of citizens. Therefore, they seek to protect consumers The current personal data ecosystem is from the potential misuse of their identity. fragmented and inefficient. For many par- On the other hand, regulators balance this ticipants, the risks and liabilities exceed the mandate with the need to foster economic economic returns. Personal privacy con- growth and promote public well-being. Pol- cerns are inadequately addressed. Regula- icy makers around the world are engaged tors, advocates and corporations all grapple in discussions to enhance legal and regu- with complex and outdated regulations. latory frameworks that will increase disclo- sure rules, maximise end user control over Current technologies and laws fall short of personal data and penalise non-appropriate providing the legal and technical infrastruc- usage. Finally, government agencies are us- ture needed to support a well-functioning ing personal data to deliver an array of serv- digital economy. Instead, they represent a ices for health, education, welfare and law patchwork of solutions for collecting and us- enforcement. The public sector is therefore ing personal data in support of different in- not just an active player in the personal data stitutional aims, and subject to different juris- universe, but also a stimulator and shaper dictional rules and regulatory contexts (e.g., of the ecosystem – and potentially, the crea- personal data systems related to banking tor of tremendous value for individuals, busi- have different purposes and applicable laws nesses and economies. than those developed for the telecom and healthcare sectors). individuals Behaviours and attitudes towards personal Consider some of the needs and interests of data are highly fragmented. Demographi- stakeholders: cally, individuals differ in their need for trans- parency, control and the ability to extract val- Private sector ue from the various types of personal data Private enterprises use personal data to create new efficiencies, stimulate demand, build relationships and generate revenue Common needs for all users and profit from their services. But in this • Reliability drive to develop the “attention economy” en- , • Predictability terprises run the risk of violating customer trust. Overstepping the boundary of what • Interoperability users consider fair use can unleash a huge • Security backlash with significant brand implications. • Ease of use • Cost-effectiveness Public sector Governments and regulators play a vital • Risk and liability reduction role in influencing the size and shape of • Transparency the personal data ecosystem as well as • Simplicity the value created by it. On the one hand, 8
  9. 9. (see Figure 1). According to the research Individuals are also becoming more aware firm International Data Corporation (IDC), of the consequences of not having control individuals’ direct or indirect actions gener- over their digital identity and personal data. ated about 70 per cent of the digital data In 2010 the number of reported incidents of created in 2010. Activities such as sending identity theft skyrocketed by 12 per cent.9 an email, taking a digital picture, turning on a mobile phone or posting content online a way forward: the Personal data made up this huge volume of data. Younger ecosystem individuals are more comfortable sharing One viable response to this fragmenta- their data with third parties and social net- tion is to align key stakeholders (people, works – though it remains to be seen wheth- private firms and the public sector) in sup- er their behaviours will remain the same or port of one another. Indeed, “win-win-win” become more risk averse as they age. Older outcomes will come from creating mutually consumers appear to be more sceptical, supportive incentives, reducing collective and demand demonstrably higher security inefficiencies and innovating in such a way levels from service providers.8 that collective risks are reduced. FigurE 1: individual End uSErS arE at thE cEntEr oF divErSE typES oF pErSonal data Searches Social graph Calendars The individual Interests Location Purchases Source: Davis, Marc, Ron Martinez and Chris Kalaboukis. “Rethinking Personal Information – Workshop Pre-read.” Invention Arts and World Economic Forum, June 2010. 8 Nokia Siemens Networks. “Digital Safety, Putting Trust into the Customer Experience.” Unite Magazine. Issue 7. http://www.nokiasiemensnetworks.com/news-events/publications/unite-magazine-february-2010/ digital-safety-putting-trust-into-the-customer 9 Javelin Strategy Research. “The 2010 Identity Fraud Survey Report.” February 10, 2010. 9
  10. 10. This vision includes a future where: End uSEr-cEntricity: a critical dEtErminant in Building thE • Individuals can have greater control pErSonal data EcoSyStEm over their personal data, digital identity and online privacy, and they would be A key element for aligning stakeholder inter- better compensated for providing others ests and realising the vision of the personal with access to their personal data; data ecosystem is the concept of end user- centricity. This is a holistic approach that • Disparate silos of personal data held recognises that end users are vital and inde- in corporations and government agen- pendent stakeholders in the co-creation and cies will more easily be exchanged to value exchange of services and experienc- increase utility and trust among people, es. A construct designed for the information private firms and the public sector; economy, it breaks from the industrial-age model of the “consumer” – where relation- • Government’s need to maintain stabil- ships are captured, developed and owned. ity, security and individual rights will be met in a more flexible, holistic and Instead, end user-centricity represents a adaptive manner. transformational opportunity. It seeks to integrate diverse types of personal data in In practical terms, a person’s data would a way that was never possible before. This be equivalent to their “money.” It would can only be done by putting the end user at reside in an account where it would be the centre of four key principles: controlled, managed, exchanged and accounted for just like personal banking • Transparency: Individuals expect to know services operate today. These services what data is being captured about them, would be interoperable so that the data the manner in which such data is cap- could be exchanged with other institutions tured or inferred, the uses it will be put to and individuals globally. As an essential and the parties that have access to it; requirement, the services would operate over a technical and legal infrastructure • Trust: Individuals’ confidence that the that is highly trusted. Maintaining confi- attributes of availability, reliability, integ- dence in the integrity, confidentiality, trans- rity and security are embraced in the parency and security of the entire system applications, systems and providers that would require high levels of monitoring. have access to their personal data; • Control: The ability of individuals to effectively manage the extent to which their personal data is shared; • Value: Individuals’ understanding of the value created by the use of their data and the way in which they are compensated for it. 10
  11. 11. complEx BuSinESS, policy and – are numerous and complex. The choices tEchnological iSSuES pErSiSt and stakeholders make today will influence the rEquirE coordinatEd lEadErShip From personal data ecosystem for years to come. Five key imperatives require action: FirmS and thE puBlic SEctor A user-centric ecosystem faces challeng- 1. Innovate around user-centricity and trust. es almost as big as its promise, however. The personal data ecosystem will be built Firms, policy makers and governments on the trust and control individuals have in must resolve a series of critical questions. sharing their data. From a technological, policy and sociological sense all stake- For private firms, what are the concrete holders need to embrace this construct. economic incentives to “empower” indi- One particular area of focus is the contin- viduals with greater choice and control ued testing and promoting of “trust frame- over how their data are used? What are works” that explore innovative approaches the incentives for greater collaboration for identity assurance at Internet scale. within and across industry sectors? How can the returns from using personal data 2. Define global principles for using and begin to outweigh the risks from a techni- sharing personal data. Given the lack of cal, legal and brand-trust perspective? globally accepted policies governing the use and exchange of personal data, an Policy makers are unique in their man- international community of stakehold- date to collect, manage and store per- ers should articulate and advance core sonal data for purposes such as national principles of a user-centric personal data defence, security and public safety. They ecosystem. These pilots should invite real- face the issue of finding the right balance world input from a diverse group of indi- between competing priorities: How can viduals who can not only articulate the val- they ensure the stability and security of ues, needs and desires of end users, but government even as they create incen- also the complex and contextual nuances tives for economic investment and inno- involved in revealing one’s digital identity. vation? How should they define end us- ers’ rights and permissions concerning 3. Strengthen the dialog between regula- personal data? How can they more effec- tors and the private sector. Building on tively clarify the liabilities? How can they a collective sense of fundamental princi- scale globally the concepts of account- ples for creating a balanced ecosystem, ability and due process? public and private stakeholders should actively collaborate as the ecosystem begins to take shape. Those responsi- FivE arEaS oF collEctivE action ble for building and deploying the tools (the technologists) should more closely The issues surrounding personal data – po- align with those making the rules (regu- litical, technological and commercial alike lators).10 Establishing the processes to 10 David, Scott. KL Gates and Open Identity Exchange ABA Document. October 20, 2010. 11
  12. 12. enable stakeholders to formulate, adopt ies, advocacy groups, think tanks and and update a standardised set of rules various consortia on the user-centric will serve to create a basic legal infra- approaches required to scale the value structure. Additionally, collaborating with of personal data. policy makers as they update legislation to address key questions related to iden- 5. Continually share knowledge. It’s a tity and personal data will be essential.11 huge challenge for entities to keep up with new research, policies and com- 4. Focus on interoperability and open mercial developments. To stay current, standards. With the appropriate user stakeholders should share insights and controls and legal infrastructure in learnings on their relevant activities, place, innovations in how personal data from both successes as well as fail- moves throughout the value chain will ures. After all, the ecosystem’s promise be a key driver for societal and econom- is about the tremendous value created ic value creation. Enabling a secure, when individuals share information trusted, reliable and open infrastructure about who they are and what they know. (both legal and technical) will be vital. Clearly, this principle should also apply Participants should identify best prac- to practitioners within the development tises and engage with standards bod- community. 11 In the US, recent developments emerging from the NSTIC, the Federal Trade Commission and the De- partment of Commerce warrant attention. In the EU, companies should work with the European Commis- sion’s efforts to revise the EU privacy directive and to synchronise legislation across its member states. 12
  13. 13. Section 1: Personal Data Ecosystem: Overview pErSonal data iS an Evolving and many wirelessly (see Figure 2).12 Global multiFacEtEd opportunity traffic on mobile networks is expected to double each year through 2014.13 In the era of “anywhere, anytime” con- The variety and volume of digital records nectivity, more people connect to the that can be created, processed and ana- Internet now in more ways than ever be- lysed will continue to increase dramati- fore. One recent estimate projects that in cally. By 2020, IDC estimates that the glo- the next 10 years, more than 50 billion bal amount of digital records will increase devices may connect to the Internet, more than 40-fold (see Figure 3).14 FigurE 2: By 2020, morE than 50 As these devices and software continue Billion dEvicES Will BE connEctEd to to come online, they will generate an thE intErnEt increasing amount of personal data. The term personal data has several mean- ings, but we broadly define it as data Global devices connected to the Internet relating to an identified or identifiable per- 50B son or persons.15 50B Think of personal data as the digital 40 record of “everything a person makes and does online and in the world.”16 The wide 30 variety of forms that such data assumes for storage and communication evolves 20 constantly, but an initial list of categories 15B includes: 10 5B • Digital identity (for example, names, 0 email addresses, phone numbers, 2009 2015 2020 physical addresses, demographic in- formation, social network profile infor- Sources: Ericsson, Intel mation and the like); 12 Ericsson [press release]. “CEO to Shareholders: 50 Billion Connections 2020.” April 13, 2010. 13 Cisco. “Cisco Visual Networking Index: Global Mobile Data; Traffic Forecast Update, 2009 – 2014.” Febru- ary 9, 2010. 14 IDC. “The Digital Universe Decade – Are You Ready?” May 2010. 15 Definition based on Directive 95/46/EC of the European Parliament and the Council of 24, October 1995. 16 Davis, Marc, Ron Martinez and Chris Kalaboukis. “Rethinking Personal Information – Workshop Pre-read.” Invention Arts and World Economic Forum, June 2010. 13
  14. 14. FigurE 3: By 2020, digital rEcordS • Health data (medical history, medical Will BE 44 timES largEr than in 2009 device logs, prescriptions and health insurance coverage); Global digital data (in exabytes) • Institutional data (governmental, aca- 40,000 demic and employer data). Further, organisations can capture these 30,000 different personal data in a variety of ways:17 20,000 • Data can be “volunteered” by individuals when they explicitly share information 10,000 about themselves through electronic me- dia, for example, when someone creates a social network profile or enters credit 0 card information for online purchases; 2010 2012 2014 2016 2018 2020 • “Observed” data is captured by record- Source: IDC ing activities of users (in contrast to data they volunteer). Examples include Inter- • Relationships to other people and or- net browsing preferences, location data ganisations (online profiles and contact when using cell phones or telephone lists); usage behaviour; • Real-world and online context, activity, • Organisations can also discern “inferred” interests and behaviour (records of lo- data from individuals, based on the cation, time, clicks, searches, browser analysis of personal data. For instance, histories and calendar data); credit scores can be calculated based on a number of factors relevant to an in- • Communications data and logs (emails, dividual’s financial history. SMS, phone calls, IM and social network posts); Each type of personal data (see Figure 4), volunteered, observed or inferred, can be • Media produced, consumed and shared created by multiple sources (devices, soft- (in-text, audio, photo, video and other ware applications), stored and aggregated forms of media); by various providers (Web retailers, Internet search engines or utility companies) and • Financial data (transactions, accounts, analysed for a variety of purposes for many credit scores, physical assets and vir- different users (end users, businesses, public tual goods); organisations). 17 Ibid. 14
  15. 15. FigurE 4: thE pErSonal data EcoSyStEm: a complEx WEB From data crEation to data conSumption Regulatory environment Communication standards Personal data creation Storage, Analysis, Personal data aggregation productisation Consumption Devices Software Volunteered Mobile phones/ Web retailers Market research smart phones Apps, OS for PCs data exchanges End users Declared interests Internet tracking Desktop PCs, Preferences companies laptops Ad exchanges Apps, OS for mobile phones Internet search Government ... Communication engines agencies and networks Medical records public organisations Observed Electronic medical exchanges Apps for medical records providers Electronic notepads, Browser history devices readers Business intelligence Small Identity providers Location Apps for consumer systems enterprises Smart appliances devices/ Mobile operators, ... appliances Internet service Businesses providers Credit bureaus Sensors Medium Inferred Network Financial institutions enterprises management Public Credit score software administration Smart grids Utility companies Future consumption Large ... ... enterprises ... ... ... Source: Bain Company These stakeholders range from the individual of data will require addressing current uncer- end users, who are the sources and subjects tainties and points of tension: of personal data, to the various entities with which they interact. The latter encompass • Privacy: Individual needs for privacy vary. businesses and corporations in different in- Policy makers face a complex challenge dustries to public sector entities like govern- while developing legislation and regula- ment bodies, NGOs and academia. Personal tions; data flows through this ecosystem, within the boundaries of regulation, to result ultimately • Global governance: There is a lack of glo- in exchanges of monetary and other value. bal legal interoperability, with each coun- try evolving its own legal and regulatory frameworks; pointS oF tEnSion and uncErtainty • Personal data ownership: The concept of While tremendous value resides in the data property rights is not easily extended to generated by different sources, it often re- data, creating challenges in establishing mains untapped. Unlocking the full potential usage rights; 15
  16. 16. • Transparency: Too much transparency too concerns, the ambiguity and uncertainty soon presents as much a risk to destabil- on multiple dimensions heighten the risks ising the personal data ecosystem as too that could stall investment and innovation. little transparency; Global Governance • Value distribution: Even before value can Not only are policies and legislation in flux be shared more equitably, much more within national borders, there is wide varia- clarity will be required on what truly consti- tion across different countries and regions. tutes value for each stakeholder. Indeed, there is no global consensus on two major questions: Which issues relat- Privacy ed to personal data should be covered by Privacy continues to be a highly publicised, legal and regulatory frameworks? And how complex and sensitive issue with multi- should those issues be addressed? While ple perspectives. some cross-national agreements exist, for “We need to arrive at an The complexity example, the Safe Harbor agreement be- acceptable reasonable surrounding how tween the US and the EU,20 the development expectation of privacy … privacy is con- of a globally acceptable view of the per- a procedural due proc- ceived and defined sonal data ecosystem may be years away. ess that has the flexibility creates challenges This fragmentation stands in the way of fully to address any question for policy makers realising the global impact of the personal of privacy and institution- as they seek to data opportunity. alise learnings into the address a myriad ecosystem to prevent that of issues related Personal data ownershiP grievance from happening to context, culture “Who owns the data” and “What rights does again. ” and personal pref- ownership imply” are two of the most com- erence.18 Adding to plex issues related to personal data. At first Interviewee, “Rethinking Personal Data” the complexity is blush, these questions seem simple. Most project the pace of techno- people would intuitively assert that they own logical change and data about themselves and that therefore, a general lack of guidance on how to ac- they should control who can access, use, commodate and support various perspec- aggregate, edit and share it. However, even tives on “privacy” robustly, flexibly and at a cursory look at the issue quickly reveals global scale (for multiple jurisdictions, cul- that the answers are much less clear. Indi- tures and commercial and social settings).19 viduals do not “own” their criminal records or Given that many governments are drafting credit history. Medical providers are required laws and regulations to address privacy to keep certain records about patients, even 18 “Fair Information Practice Principles (FIPP) Comparison Tool, Draft.” Discussion and Development Materi- als of the OIX Advisory Board and the OIX Legal Policy Group. October 7, 2010. 19 Ibid. 20 In 2000, the US and the European Commission agreed upon a framework that would act as a bridge for sharing data between the US and EU, while preserving the basic policy principles of both. See, for example, Thompson, Mozelle W., Peder van Wagonen Magee. “US/EU Safe Harbor Agreement: What It Is and What It Says About the Future of Cross Border Data Protection.” Privacy Regulation. Federal Trade Commission, Spring 2003. http://www.ftc.gov/speeches/thompson/thompsonsafeharbor.pdf 16
  17. 17. as those patients are allowed to access and concerns end users have; for many organi- share that information with others. Do com- sations, it often poses a risk to their business panies such as Google and Amazon, which model. When customers suddenly find out aggregate search and purchase histories how their trusted brand of product or serv- across millions of users, own the proprietary ice was gathering and using their personal algorithms they’ve built upon those click data, they tend to react with outrage, rather streams? than reward the business for its transpar- ency. Similarly, citizens fear Big Brother con- Given the fluid nature of data and the early trol and manipulation in the way government stages of the personal data ecosystem, many uses their personal information. As long assert that focusing on the issues of rights as the risk of transparency outweighs the management, accountability, due process rewards, the personal data ecosystem will re- and the formation of “interoperable” legal main vulnerable to periodic seismic shocks. frameworks is more productive. It is unlikely that there is a one-size-fits-all approach. A value distribution more likely scenario is that different classes The notion that individuals are producers, of information (financial, health, government creators and owners of their digital activi- records, social, etc.) will get varying degrees ties raises the question: How can value be of protection – as already is the case in the equitably exchanged? The answer depends “pre-digital” world. All such solutions will on variables like the structure of personal need to balance individuals’ rights to priva- data markets; the amount of public educa- cy with practical concerns about legitimate needs for critical participants (for example, law enforcement and medical personnel) to access key information when necessary. In Personal data and developing addition, practical solutions for issues re- economies lated to data portability, interoperability and As with many innovations related to easy-to-implement dashboards for consum- mobile applications, the development of ers to set and monitor access rights will also personal data exchanges could achieve need to be developed to overcome the grow- scale in developing economies. The data ing friction in the current environment. and analytics from the increasing use of mobile devices – in particular, location transParency data, images from cell phone cameras Most end users still remain unaware of just and mobile finance – can help coun- how much they are tagged, tracked and fol- tries address significant economic and lowed on the Internet. Few individuals real- health challenges with greater precision ise how much data they implicitly give away, and adaptability. As the mobile platform how that data might be used or even what brings the unbanked into the formal is known about them. Some businesses economy, real-time insights into local believe the solution lies in “fessing up”: sim- economies could be gained. Utilising the ply increasing the transparency on how per- analytics of m-Health applications could sonal data is used. But that approach not also help improve public health. only fails to address the privacy and trust 17
  18. 18. tion required; globally governed regulations the purview of legacy legal restrictions and needed to ensure fair compensation; and typically innovate at the edges of what can the legal frameworks that would ensure ac- be legally done with personal data. A grow- countability and due process. ing concern is the widening chasm between the regulatory oversight on established Uncertainty and tension also exist around the business models versus new business ide- evolution of personal data exchanges and the as. Additionally, there are concerns on how degree of political empowerment they could current legal and regulatory stakeholders create. Some governments can perceive can systemically adapt to the velocity of in- empowered citizens as a disruptive threat to novation, the complexity of the ecosystem their agenda. Understanding the concept of and the scale of personal impact. Given that user-centricity in the context of differing social, a single operational or technical change to cultural and political norms is clearly needed. a networked communications service can immediately impact hundreds of millions incumbents and disruPters of individuals (if not billions), the capability During the last few decades, a regulatory of policy makers and regulators to under- patchwork has arisen that does not ad- stand a given risk and adapt in real time is equately reflect the needs of a competitive uncertain. Over time, perceptions of over- global market or the pace of technology. regulation and inequity on who can use cer- The personal data ecosystem consists of tain forms of personal data for commercial established and new participants; often the purposes may create an imbalance among regulatory framework covers established private sector actors. business models, but regulation takes time to catch up with emerging, disruptive mod- els. From a regulatory perspective, this can thE riSkS oF an imBalancEd create a fundamentally uneven competitive EcoSyStEm playing field for creating new personal data services. Companies with established busi- The key to unlocking the full potential of ness models – those with large customer data lies in creating equilibrium among the bases, legacy investments and trusted various stakeholders influencing the per- brands – typically possess vast amounts of sonal data ecosystem. A lack of balance customer data but are legally constrained between stakeholder interests – business, on its use for commercial purposes. Given government and individuals – can desta- those legal constraints, established players bilise the personal data ecosystem in a are generally conservative in their approach way that erodes rather than creates value. to the market and deeply concerned about What follows are just a few possible out- unclear liabilities and legal inconsistencies. comes that could emerge if any one set of stakeholders gained too strong a role in On the other hand, many new services and the ecosystem. applications are more innovative in their ap- proach and typically use personal data as a the risk of Private sector imbalance central component in their business mod- As personal data becomes a primary cur- els. By definition, they tend to fall outside rency of the digital economy, its use as a 18
  19. 19. means to create competitive advantage will represents a challenge – but it can be done. increase. If little regard is paid to the needs The solution lies in developing policies, in- of other stakeholders, businesses search- centives and rewards that motivate all stake- ing for innovative ways to collect, aggregate holders – private firms, policy makers, end and use data could end up engaging in a users – to participate in the creation, protec- “race to the bottom” building out ever more , tion, sharing and value generation from per- sophisticated “tricks and traps” to capture sonal data. The private and public sectors personal data.21 This unfettered mining of can bring their interests closer by creating personal data would alienate end users and an infrastructure that enables the secure possibly create a backlash.22 and efficient sharing of data across organi- sations and technologies. End users can be the risk of Public sector imbalance gathered into the fold of the private-public As countries revise their legal frameworks, partnership by developing mechanisms that policies and regulations to catch up with the safeguard personal data, validate their con- unprecedented surge in data, they could tent and integrity, and protect ownership. inadvertently stifle value creation by over- When end users begin to get a share of the regulating. Additionally, individual coun- value created from their personal data, they tries may seek to act unilaterally to protect will gain more confidence in sharing it. their own citizens from potential harm. The resulting lack of clarity and consistency in For such a virtuous cycle to evolve, stake- policy across countries could slow down holders in the personal data ecosystem will innovation and investment. need to define new roles and opportunities for the private and public sectors. Greater the risk of end user imbalance mutual trust can lead to increased informa- In the absence of engagement with both tion flows, value creation, and reduced liti- governments and business, end users could gation and regulatory costs. self-organise and create non-commercial alternatives for how their personal data is Over time, all stakeholders should hope- used. While small groups of dedicated indi- fully recognise that the collective metric viduals could collaborate on non-commer- of success is the overall growth of the cial products that have the same impact as ecosystem rather than the success of one Wikipedia and Linux, the issues of limited specific participant. A defining characteris- funding, security and lack of governance tic of such a balanced ecosystem would be would remain. Over time, the challenges of end user choice. With the ability to switch managing personal data at a global scale easily between vendors, competitive pres- could become overwhelming. sures would strengthen the control of the end users and help them differentiate Aligning the different interests to create a between different trust frameworks and true “win-win-win” state for all stakeholders service providers. 21 Clippinger, John. Berkman Center for Internet Society at Harvard University. 22 To learn more about how companies are using new and intrusive Internet-tracking technologies, see “What They Know” (series). Wall Street Journal. 2010. http://online.wsj.com/public/page/what-they-know- digital-privacy.html 19
  20. 20. Future Potential: Scenarios of a Balanced Personal Data Ecosystem What Would the personal data ecosystem offer if the needs of government, private industry and individuals Were appropriately balanced? What folloWs are some possibilities for the year 2018. Dianne is a mother of two teenage daughters and a remote caregiver for her father. She’s not terribly sophisticated with technology but she uses some social networks to keep up with her friends and family. But as the hub of family care, Dianne is tied to several services that keep her family safe, healthy and informed. putting a nEW Spring in hEr StEp Dianne recently upgraded her exercise footwear to a wirelessly networked sports shoe, a product that transforms all of her daily walking into valuable data points. Her health insurance provider encourages exercise through a certified, earned credit system. With minimal data breach risk, walking translates directly into discounts on medications, food and other expenses for not only herself but also her father and daughters linked to her health savings ac- count. This lets Dianne take better care of her loved ones, which is a more powerful mo- tivator than her own health and wellness. The initial savings helped convert her children to regular walking as well. What was routine is now a game as the family competes in active walking challenges with one another, all the while providing better healthcare for everyone. Transparency – data usage disclosure Control – opt-in participation with immediate feedback in rewards balance Trust – certified by identity consortium across health, finance and other service providers Value – discounts powered by data collection that can be applied to many different needs Source: frog design research, 2010 20
  21. 21. at EaSE and SEcurE Dianne’s old anxiety over identity theft has been less of a worry since the Personal Data Pro- tection and Portability Act went into effect, legislation the government passed in 2014 grant- ing citizens greater control and transparency over their digital information. Her employer provides a private, certified Data-Plus Integrity Plan that monitors and ensures the personal data of her whole family and is portable across jobs. Dianne feels more at ease about her daughters’ social habits online with the Parent Teachers Association-endorsed TeenSecure. A comprehensive activity summary and alert system means Dianne no longer feels like a spy, monitoring her kids and investigating every new social site. Her daughters’ access is man- aged, tracked and protected by a trusted socially acceptable source. Dianne receives simple, con- venient monthly statements that highlight both the activity and stored value of her data. As an added benefit, various retailers offer coupons and discounts during the holidays, in exchange for Dianne allowing them to use some of this activity data as a second currency. Transparency – single view of all activity Control – monitoring of dependents Trust – government and consumer advocacy backed Value – peace of mind and stored value tranSForming concErn into EaSE When Dianne’s father moved into managed care with early-stage symptoms of Alzhe- imer’s disease, her insurance carrier provided her with control of her father’s medications and recommended an online dashboard-like tool adapted to his condition. The service is offered in a partnership with the Alzheimer’s Research Foundation, as well as the Depart- ment of Public Health, which have connected her father’s information and medical health records to her Data-Plus Integrity Plan. This provides Dianne with on-demand monitoring services, medication compliance tracking and feedback on how he is feeling. She is also able to keep tabs on his finances. Dianne hopes that through the sharing of her father’s medical condition, they may one day find a cure. In the meantime, her in-person visits are less about evaluating his condition and much more about spending time together. Transparency – permission of data access Control – progression of need increases access Trust – family-centric data safeguards Value – transferable control Source: frog design research, 2010 21
  22. 22. kEy EnaBlErS oF a BalancEd Globally, there is a growing consensus that EcoSyStEm there is an urgent need for greater trust associated with online identities. People While building a balanced ecosystem find the increasing complexity of manag- around personal data will require signifi- ing multiple user names and passwords cant commitment from all stakeholders, across different organisations a major in- four critical enablers are apparent: convenience. Additionally, as online fraud and identity theft continue to skyrocket, • An easy-to-understand user-centric ap- people demand greater assurances about proach to the design of systems, tools who they are interacting with. As secure and policies, with an emphasis on and trusted online relationships are estab- transparency, trust, control and value lished with individuals and various institu- distribution; tions, silos of information that were previ- ously unavailable can also become easier • Mechanisms for enhancing trust among to incorporate into personalised solutions. all parties in digital transactions; A market is now taking shape to address • Greater interoperability among existing these concerns on personal identity. In data silos; fact, an ecosystem of interoperable identity service providers offering solutions that are • An expanded role for government, such secure, easy to use and market based is in that governments can use their purchas- its early stages of development.23 As more ing power to help shape commercially services move online (in particular, health available products and solutions that the and financial services), the infrastructure private sector can then leverage. costs of ensuring the identity of who can use a given online offering will continue to user-centricity escalate. The value of paying a third party The concept of user-centricity is the central for trusted digital identities will most likely pivot point of the personal data ecosystem. continue to increase as these services re- With greater control placed in the hands duce both the cost of fraud as well as the of individuals, new efficiencies and capa- risk of offering additional value-added serv- bilities can emerge. Many perceive this ices24 (see sidebar, “End user principles”). shift in power as highly disruptive. It creates a diversity of perspectives on if, how and trust enablers when the “pivot for the people” might occur. Interviews and discussions with leading In short, the transition to user-centricity is privacy advocates, regulatory experts and anything but simple. It’s hard collectively to business leaders lead to an overwhelming frame and act upon it due to the significant consensus: trust is another key ingredient differences in cultural, geopolitical and in- required for creating value from today’s stitutional norms. oceans of disparate personal data. Without 23 National Strategy for Trusted Identities in Cyberspace. Draft. June 25, 2010. 24 Reed, Drummond. “Person Data Ecosystem.” Podcast Episode 2, December 2010. 22
  23. 23. End user principles Transparency Trust What is a meaningful way to understand Which investments in building trust will transparency, and who provides the help users feel comfortable allowing lens to the user? others to access their data? People naturally expect the right to see, Personal data is difficult, if not impossi- and thus know, the data that is being ble, to un-share. Once shared, it gains captured about them. If that right is a life of its own. Given the risk of unin- not respected, they feel deceived and tended consequences, people rely heav- exploited. Upon seeing this reflection ily on trust to guide their decisions. But of themselves through their personal how is trust formed? Different thresh- data, people start to feel a sense of olds of trust exist for different types of personal connection and ownership, data. While a majority of people accept leading to the desire for control. How- a certain level of risk, viewing it as an ever, people struggle to form a mental opportunity cost for gaining something, model of something that is fragmented the benefits are often coupled with feel- and abstract in nature. This creates a ings of anxiety and fear. Such concerns challenge: what is invisible must be will continue to limit the potential value revealed, made tangible and ultimately of personal data until a comprehensible be connected across different points of model for creating and certifying trust access. relationships is adopted on a large scale. Control Value What are the primary parameters that What measures must be taken to ensure influence how users will want to control that data created today is a mutually their data, and how are they adapted to beneficial asset in the future? different contexts? The value of personal data is wildly People naturally want control over data subjective. Many business models have that is both about them and often cre- emerged that encourage and capitalise ated by them. Control can be exercised on the flow of that data. Consumers are in three ways: becoming increasingly aware of the value of the data they generate even in mun- (a) directly through explicit choices; dane interactions like a Google search. (b) indirectly by defining rules; While direct personal data has an inherent (c) by proxy. value, secondary inferred data can often be mined and interpreted to produce People’s perception of a given situa- new information of equal or greater value. tion will determine whether they The long-term impact of the aggrega- choose to exercise control. The more tion and unchecked dissemination of this subtle qualities of an experience (such information is unknown. Digital behaviour as feedback, convenience and today may yield positive distributed value understanding) will determine how across the ecosystem in the near term, they choose to exercise that but can have detrimental consequences control. for the end user in the future. 23
  24. 24. the establishment of trust, particularly the seen the emergence of digital personal trust of the end user, a personal data eco- data as a valuable asset. Inadequate system that benefits all stakeholders will legislation has thus made standards sur- never coalesce. rounding the use of personal data incon- sistent. To use a metaphor, trust is the lubri- cant that enables a virtuous cycle for Furthermore, many organisations employ the ecosystem: it legacy technology systems and databas- “A collective metric of suc- engenders stake- es that were created in proprietary, closed cess could emerge where holder participa- environments. As a result, personal data the overall growth of the tion, which, in today is often isolated in silos – bound ecosystem was the goal – turn, drives the by organisational, data type, regional or rather than the success of value creation service borders – each focusing on a lim- one particular institution.” process. For such ited set of data types and services. a virtuous cycle “Rethinking Personal Data” project to evolve, mutual To achieve global scale, technical, se- trust needs to be mantic and legal infrastructures will need at the foundation of all relationships. In- to be established that are both resilient creased trust leads to increased informa- and interoperable. The US National Strat- tion flows, sharing and value creation and egy for Trusted Identities in Cyberspace reduces litigation and regulatory costs. notes three types of interoperability for identity solutions:25 increasinG interoPerability and the sharinG of Personal data • Technical interoperability – The ability Promoting solutions that drive the ex- for different technologies to communi- change and “movement” of personal data cate and exchange data based upon in a secure, trust- well-defined and widely adopted inter- “We do not have the data- ed and authenti- face standards; sharing equivalent of cated manner is SMTP, but as we develop also essential. To- • Semantic interoperability – The or achieve real data porta- day, it is difficult ability of each end point to communi- bility we will have a stand- to share personal cate data and have the receiving party ardised infrastructure for data across pri- understand the message in the sense data sharing that does not vate and public intended by the sending party; require centralisation. ” organisations and jurisdictions. This • Legal interoperability – Common busi- Interviewee, “Rethinking Personal Data” is due to a combi- ness policies and processes (e.g., project nation of techno- identity proofing and vetting) related to logical, regulatory the transmission, receipt and accept- and business factors. Decades-old priva- ance of data between systems, which cy laws and policies could not have fore- a legal framework supports. 25 “National Strategy for Trusted Identities.” Draft pages 8–9. June 25, 2010. 24
  25. 25. standards, existing pilots and collabora- US Department of Health Human tion with industry and advocacy groups, Services: “Blue Button” initiative26 a functional degree of interoperability can Personal data also has clear opportuni- be achieved in a shorter time frame. ties to create value for the public sector. In October 2010, the US Department of Despite this “need for speed” the levels , Health’s Medicare arm launched its “Blue of reliability, integrity and security for Button” application. It’s a Web-based fea- both the individual and the computing in- ture that allows patients easily to down- frastructure cannot be understated. The load all their historical health information broad private sector support to cooperate from one secure location and then share in the sharing of personal data will bring it with healthcare providers, caregivers with it extremely high technical, legal and and others they trust – something that performance requirements. wasn’t possible before. The service is innovative in many ways. Government as enabler First, it allows Medicare beneficiaries Governments have a vital role to play in to access their medical histories from accelerating the growth of a balanced various databases and compile sources personal data ecosystem. Their influence into one place (e.g., test results, emer- manifests itself along three primary di- gency contact information, family health mensions. history, military health history and other health-related information). Second, First, they play a dominant role in crafting the service provides the information in the legal and regulatory environments that a very convenient and transportable shape what is possible in the ecosystem. format (ASCII text file). That allows it to This is a challenging role in many respects. be shared seamlessly with virtually any Within the national context, regulators are healthcare or insurance provider. Finally, being asked to balance consumer protec- Blue Button fully empowers the end user: tion with the need to create a business en- patients are given control over how their vironment conducive to innovation, growth information is shared and distributed. and job creation. On top of that, many That allows them to be more proactive global industry participants are turning to about – and have more insight into – the national and regional regulatory bodies to medical treatments that they need. harmonise guidelines to facilitate global platforms. It is important to stress that the call for Second, governments are active partici- interoperability does not equate to work- pants in ongoing experiments regarding ing exclusively with standards bodies. how the personal data ecosystem can be In many cases standards take too long. harnessed to achieve important social By leveraging open protocols, de facto goals such as providing more efficient and 26 “‘Blue Button’ Provides Access to Downloadable Personal Health Data.” Office of Science and Technology Policy, the White House website. http://www.whitehouse.gov/blog/2010/10/07/blue-button-provides-access- downloadable-personal-health-data 25
  26. 26. “We must have empowered cost-effective serv- ery, governments can write specifications users, but no one is sug- ices to citizens, for everything from security protocols to gesting the user should stopping epidem- end user interfaces and data portability be able to edit his or her ics before they options. Successful projects can serve criminal records. We’re become pandem- as proof points and major references for looking at a collaborative ics and using data- innovative solutions. model with users who are mining techniques as empowered as we can to enhance nation- Hands-on experience gained in leverag- make them. ” al security. ing personal data for government services and objectives, combined with insights Interviewee, “Rethinking Personal Data” Third, and perhaps gleaned from negotiations with vendors, project most importantly, can give regulatory deliberations a very given their pur- practical bent, which should be beneficial chasing power, governments are in a posi- to all parties. tion to influence significantly commercially available solutions. In crafting requests for proposals to help modernise service deliv- 26
  27. 27. Section 2: Stakeholder Trust and Trust Frameworks Achieving a high level of stakeholder trust The magnitude of data breaches requires a set of legal and technical struc- The Privacy Rights Clearinghouse tures to govern the interactions of partici- estimates that in the US alone, more pants within the ecosystem. The concept of than 2,000 publicly announced data trust frameworks is emerging as an increas- breaches have occurred since 2005. ingly attractive means for the personal data These include instances of unintended ecosystem to scale in a balanced manner. disclosure of sensitive information, hacks Trust frameworks consist of documented and payment card fraud, all of which specifications selected by a particular resulted in a staggering 500-million-plus group (a “trust community”). These govern records of data being compromised. the laws, contracts and policies undergird- ing the technologies selected to build the Source: Privacy Rights Clearinghouse identity system. The specifications ensure the system reliability that is crucial for cre- ating trust within the ecosystem. establish a user name and password, and invariably requires the sharing of such per- sonal data as name, address and credit thE truSt FramEWork modEl card information. Not only is this inconven- ient, it’s unsafe. It puts our personal data The Open Identity Trust Framework model onto every server with which we interact, (OITF) is a working example. Built to Inter- increasing the odds that our data may be net scale, it offers a single sign-on envi- compromised. ronment for trust between relying parties and end users. The model addresses two The second problem trust frameworks problems with the way end users and rely- address is the lack of certainty about ing parties interact with the Internet today: online identities. In most of today’s Internet transactions, neither the user nor the rely- • The proliferation of user names and ing party is completely sure of the other’s passwords; identity. That creates a huge opening for identity theft and fraud. In 2009, more than • The inability of relying parties to verify $3 billion in online revenue was lost due the identity of other entities. to fraud in North America.27 Some $550 million of that was money lost by individual Most people can relate to the first problem. US consumers.28 The hope is that with a Almost every website requires visitors to richer, scalable and more flexible identity 27 CyberSource. 11th Annual “Online Fraud Report.” 2010. 28 2009 “Internet Crime Report.” Internet Crime Complaint Center. US Department of Justice, 2010. 27
  28. 28. FigurE 5: thE opEn idEntity truSt FramEWork modEl Policy makers Identity service Trust framework provider (TFP) provider Relying party Assessor User Contracts with the trust framework provider for implementing requirements set by policy makers Other agreements potentially affected by requirements set by policy makers Source: OITF management system, these losses can be framework provider recruits assessors reduced. responsible for auditing and ensuring that framework participants adhere to The model defines the following roles (see the specifications; Figure 5) to support Internet-scale identity management: • Identity providers (IdPs) issue, verify and maintain online credentials for an indi- • Policy makers decide the technical, op- vidual user. Relying parties accept these erational and legal requirements for credentials and have firm assurances exchanges of identity information among that the IdP has analysed and validated the group they govern; the individual user; • Trust framework providers translate • Assessors evaluate IdPs and relying these requirements into the building parties, and certify that they are capable blocks of a trust framework. They then of following the trust framework provid- certify identity verification providers that er’s blueprint. provide identity management services in accordance with the specifications Within such a trust framework model, end of the trust framework. Finally, the trust users can access multiple sites (relying 28
  29. 29. FigurE 6: pErSonal data SErvicES StorE End uSErS’ data and providE applicationS that EnaBlE thEm to managE, SharE and gain BEnEFit From thEir pErSonal data29 Alice's Attribute Data Service Local personal data store Managed data stores Telco 1 Credit card profile Facebook Ad preferences Anonymous Age 21 profile Friends, Home address Amazon interests Equifax Facebook Local DB Amazon Source: The Eclipse Foundation parties) using a single credential issued by data to complete the transaction. In some an identity provider. On their part, the sites cases, that may simply amount to verifica- can rest assured about the identities of the tion of the availability of the funds being individuals they are doing business with. transmitted to the relying party. This screening is similar to how a car rental agent trusts that a driver can legally oper- ate an automobile because he or she has a pErSonal data SErvicES valid driver’s licence. The trust framework model will bring With such a framework, users would need benefits to end users in the form of only to share less sensitive personal data increased privacy and a more seamless with relying parties. No longer would they and convenient Web experience. But such have to enter their name, address and advantages can be extended through the credit card information in order to purchase related concepts of personal data servic- a Web service. Using the trust framework, es and vendor relationship management they would share the minimum amount of (VRM). 29 Higgins Open Source Identity Framework is a project of The Eclipse Foundation. Ottawa, Ontario, Cana- da. http://www.eclipse.org/higgins/faq.php 29
  30. 30. Personal data services provide the safe have primarily been at websites where the means by which an end user can store, level of assurance required is relatively low, manage, share and gain benefit from his or such as those enabling blogging or provid- her personal data. These data can range ing news content. They need to be deployed from such self-asserted attributes as the in environments that encompass more high- individual’s likes, preferences and interests risk transactions, such as logging into a bank to such managed and verified attributes as account. Only then will proponents know if a person’s age, credit score or affiliations, these ideas can achieve Internet scale. and histories with external entities like firms, government agencies and the like Risks and uncertainties also surround the (see Figure 6). business models for both identity providers and relying parties. While a large number Personal data services consolidate end of private enterprises have begun working users’ digital identity, allowing them to con- in this space (Acxiom, AOL, Citibank, Equi- trol which third parties are entitled to ac- fax, Google and PayPal) the economics are cess – along with how, when and at what unclear.30 price. VRM extends this control to the realm of realising direct value – monetary or in From the perspective of relying parties, the kind – from the personal data stored and benefits of transitioning to a user-centric managed by personal data services provid- model are still emerging. In this new ap- ers. proach, relying parties will be constrained on collecting data for free and will need to These emerging concepts will help build start paying for end user data. While some stakeholder trust and herald additional ben- believe that an aggregated and holistic view efits for end users and relying parties alike. of an individual would be more valuable, the Indeed, some promising trials are already balance of trade between what relying par- under way. Yet more testing will be needed ties would be willing to share versus the new to resolve some open questions about the insights and efficiencies they would gain viability of these concepts. from a holistic user-centric view are unclear. However, the cost of online fraud and risk kEy uncErtaintiES oF truSt mitigation could be enough to make relying FramEWorkS parties seriously consider participating in a more collaborative model. On average, on- Trust frameworks and personal data serv- line fraud represented 1.2 per cent of a Web ices are concepts in their infancy. Despite retailer’s revenue in 2009.31 encouraging pilots in the US and the UK, they need further refinement and testing to Finally, building end user awareness is fulfil their promise. Implementations thus far another uncertainty. How can firms com- 30 Kreizman, Gregg, Ray Wagner and Earl Perkins. “Open Identity Pilot Advances the Maturity of User-Cen- tric Identity, but Business Models Are Still Needed.” Gartner, November 9, 2009. http://www.gartner.com/ DisplayDocument?id=1223830 31 Cybersource. “11th Annual Online Fraud Report.” 2010. 30
  31. 31. municate to individuals the advantages of personal data dashboards. Further investi- managing their personal data? For a start, gation is therefore needed into applications companies must themselves fully under- and services that provide end users with stand the convenience, value proposi- convenient, contextually relevant and sim- tion, contextual nuances and usability of plified control over their data. 31
  32. 32. Section 3: Conclusions Personal data will continue to increase in trust frameworks? What are the busi- dramatically in both quantity and diversity, ness model mechanics? Who will pay for and has the potential to unlock significant identity provider services? economic and societal value for end users, private firms and public organisations alike. what is required and why Complex blueprints for Internet business The business, technology and policy trends models typically come to life in iterative shaping the nascent personal ecosystem steps. For example, the retail banking are complex, interrelated and constantly sector evolved online through succes- changing. Yet a future ecosystem that both sive phases of change. Trust frameworks maximises economic and societal value – need similar pressure testing in large- and spreads its wealth across all stakehold- scale applications to prove these con- ers – is not only desirable but distinctly pos- cepts can be instrumental in unlocking sible. To achieve that promise, industries economic and societal value. Addition- and public bodies must take coordinated ally, end user participation in testing and actions today. Leaders should consider tak- developing these trust frameworks is ing steps in the following five areas: crucial. Offering more transparency on how personal data is used and educat- ing end users on the benefits they can 1. innovatE around uSEr-cEntricity extract from such applications – two ar- and truSt eas lacking in the ecosystem today – will significantly strengthen trust among all where we stand today stakeholders. Innovative concepts already exist on how personal data can be shared in a recommended next stePs way that allows all stakeholders to trust Private firms and policy makers should the integrity and safety of this data. consider the following next steps: Examples of such trust frameworks in- clude the Open Identity Trust Framework • Invest in open and collaborative tri- and Kantara’s Identity Assurance Frame- als orchestrated by end user privacy work. However, no truly large-scale appli- groups or academics; cation of a trust framework has yet been rolled out. As a consequence, we remain • Integrate principles surrounding end uncertain about how to take advan- user trust and data protection into tage of personal data while still aligning the development of new services and stakeholder interests. Also unanswered platforms (the concept of “privacy by are questions such as: What are the in- design”), particularly when designing centives for stakeholders to participate new “e-government” platforms; 32
  33. 33. • Engage with leading innovators and end of internationally accepted, user-centric user advocacy groups to explore the fur- principles. Additionally, a set of commonly ther applications for, and development accepted terms of, trust frameworks. and definitions – a “Digital bill of rights have taxonomy – sur- been introduced a half rounding personal dozen times... If they are 2. dEFinE gloBal principlES For uSing data concepts must introduced in conjunction and Sharing pErSonal data be created to al- with a way for them to be low unencumbered actionable by large popu- where we stand today dialog. Although lations of people then it Privacy-related laws and police enforcement it is unrealistic to may have more success. ” differ significantly across jurisdictions, of- hope to develop Interviewee, ten based on cultural, political and histori- globally accepted “Rethinking Personal Data” cal contexts. Attempts to align such policies standards and project have largely failed.32 But the need is growing. frameworks while Many Internet services, in particular those national and regional versions are still in based upon cloud computing delivery mod- significant flux, establishing a standing, els, require the cross-jurisdictional exchange cross-regional dialog will allow for more of personal data to function at optimal levels. rapid harmonisation once regulatory envi- ronments do begin to stabilise. what is required and why The downside of the current divergence in It is imperative for private sector firms to regulatory frameworks manifests itself in participate in at least some of these dia- several ways. First, companies striving to logs, as they can share real-world perspec- provide products and services based upon tives on the cost and challenges of deal- personal data see significant complexity ing with divergent regulations and can help costs associated with compliance. As a re- public sector officials adapt pragmatic and sult of these costs, they may choose not to consistent policies. offer their product and services in certain smaller markets, where the cost of doing recommended next stePs business may outweigh incremental prof- • Policy makers and private firms should its. That decision to opt out obviously hurts launch an international dialog to stay the users who cannot access the services. informed about proposed laws and poli- Less obvious is the fact that users with ac- cies that would have a global bearing on cess are also hurt, as the value of many of their markets. This dialog should encom- these services increases with the number pass governments, international bod- of users. ies such as the World Trade Organiza- tion, end user privacy rights groups and A truly global and seamless exchange of representation from the private sector. personal data will not emerge without a set It should include not only US and Eu- 32 See, for example, Connolly, Chris. “The US Safe Harbor – Fact or Fiction?” Galexia, 2008. 33

×