As we write this there is an ongoing conversation about the regulation of Facebook and the regulation of big tech in general. We see a problem with the frame of the conversation because we believe ON PRINCIPLE they shouldn’t exist as in no-one entity should have that much power and control over the global population’s identities, “their” data and the conversion we have. So any frame that accepts BIG TECH as acceptable won’t create rules that actually move towards the principle of ending the current hegemony but rather just seek to regulate it as is.

With this piece, we are seeking to look at how principles change when the underlying fabric of what is possible changes? The entire privacy framework we have today is based on early 1970’s reports written in the United States to address concerns over mass state databases that were proposed in the mid-late 1960’s and the growing data broker industry that was sending people catalogues out of the blue. It doesn’t take account for the world we live in now where “everyone” has a little computer in their pocket.

So let’s get to the question at hand “Why does it matter that we connect values, principles and rules?” The connection is not clear because we have created so many words and variance in languages that there is significant confusion. We are often confused in ourselves to what we mean, we are very inconsistent in how we apply our understanding, often to provide a benefit to ourselves or justify our belief. To unpack the relationship we need to look at definitions, but we have to accept that even definitions are inconsistent. Our conformational bias is going to fight us, as we want to believe what we already know, rather than expand our thinking.

Are we imagining principles or values?

Worth noting our principles are defined by our values. Much like ethics (group beliefs) and morals (personal beliefs) and how in a complex adaptive system my morals affect the group’s ethics and a group’s ethics changes my morals. Situational awareness and experience play a significant part in what you believe right now, and what the group or society believes.

Values can be adaptable by context whereas principles are fixed for a period, withstanding the test of time. When setting up a framework where we are setting our principles implies that we are saying that we don’t want them to change every day, week, month, year, that they are good and stable for a generation but we can adapt/ revise/ adjust principles based on learning. Fundamentally principles are based on values which do change, so there are ebbs and flows of conflict between them, this means we frame principles and often refuse to see that they are not future proof forever. Indeed the further a principle is away from the time it was created, the less it will have in common with values.

Are we confusing principles and rules?

Considering characteristics, conceptually principles are abstract and universal whereas a rule is specific and particular. Principles cope with exceptions, rules need another rule. Principles provide the power of thought and decision making, rules prevent thought and discretion. Principles need knowledge and experience to deliver outcomes, rules don’t. Principles cope with risk, conflict and abstraction; conflict is not possible for a rule, it is this rule or a rule is needed.

We love rules-of-thumb, as such rules and heuristics provide time-saving frameworks which mean we don’t have to think. Not having to think saves energy for things we like to do. Take away the little ways you have that creates a stable place for yourself and you end up exhausted. Travel to a new place and you don’t know where the simple amenities of life are, COVID19 took away the structure of our lives which created exhaustion until we found a new routine. However, we often confuse “our heuristics”, the way I do something, or “my rules” as a principle. This diet rule is a principle for losing weight. We should accept that we purposely interchange rules, values and principles to provide assurance and bias to the philosophy, theory, thesis or point we are trying to gain acceptance of.

In companies and for a social policy we set rules and principles into matrices as below. Asking is it better to break rules or comply, is better to uphold principle or challenge them.

A review round the four quadrants highlights that there is no favourable sector and indeed as a society who wants to get improve, we continually travel through all of them. Companies and executives often feel that upholding principles and obeyed rules (top right) creates the best culture, but also ask the organisation to be adaptive, agile and innovative.

Given that principles are based on values, the leadership team will be instrumental into how upheld the principles are. Whereas the companies level of documentation for processes, procedures and rules will define what is to be obeyed, the culture of the top team will determine if they are to be obeyed or not.

The matrix below thinks about the combinations of values and principles. Where values are either mine as an individual or we as a collective society.

The fundamental issue with the two representations (rules or values and principles) is that they cannot highlight the dynamic nature of the relationship between them. By example, our collective values help normalise an individuals bias and that collective values informs and refine principles. Indeed as principles become extreme and too restrictive say as our collective values become too godly, our collective values opt to no-longer uphold them. When our individualism leads to the falling apart of society we raise the bar to create better virtues as it makes us more content, loved and at peace.

Movement within the “stable compromise” domain has been explored many times but the Tytler cycle of history expands it very well.

In summary, a rules-based approach prescribes or describes in detail a set of rules and how to behave based on known and agreed principles. Whereas a principle-based approach develops principles which set the limits that enable controls, measures, procedures on how to achieve that outcome is left for each organisation to determine.

Risk frameworks help us to connect principles and rules

Having explored that a rules-based approach prescribes in detail the rules, methods, procedures, processes and tasks on how to behave and act, whereas a principle-based approach to creating outcomes crafts principles that frame boundaries, leaving the individual or organisation to determine its own interruption.

• In a linear system, we would agree on principles which would bound the rules.
• In a non-linear system, we would agree on the principles, which would bound the rules and as we learn from the rules we would refine the principles.
• In a complex adaptive system, we are changing principles, as our values change because of the rules which are continually be modified to cope with the response to the rules.

This post is titled “In a digital age, how can we reconnect values, principles and rules?” and the obvious reason is that rules change, values, which change principles that means our rules need to be updated. However, this process of learning and adoption depends on understanding the connection which offers closed-loop feedback. An effective connection is our risk frameworks.

The diagram below places rules and principles at two extremes. As already explored we move from principles to rules but rarely go back to rethink our principles, principally because of the time. Rules should refine and improve in real-time, principles are generational. However to create and refine rules we use and apply a risk framework. The risk framework identifies risk and to help us manage it, we create rules that are capable of ensuring we get the right data/ information to be able to determine if we have control over risk. As humans, we are not experts in always forecasting the unimagined and so when we implement rules things break and clever minds think how to bend, break or avoid them. To that end we create more rules to manage exceptions. However, occasionally we need to check that our rules are aligned to our principles and indeed go back and check and refine our principles.

Starting from “Principles” these are anchored in ideas such as Human Dignity, Subsidiarity, Solidarity, Covenantal, Sustainability, The common good, Stewardship, Equality.

Once we decide that one or more of these should anchor our principles and form a north star, a direction to travel in and towards. The reason to agree on the Principle(s) is that collectively we agree on a commitment to get to a better place. We state our principles as an ambition, goal, target with allow us to understand, manage and control uncertainty using a risk framework. The risk framework frame or bounds the risk we are prepared to take. The risk framework enables us to define rules that get to our known outcomes. We implement the rules to create controls using regulation, code and standards. Our risk frameworks use tools to identify, measure, manage, monitor and report on the risk, the delta in risk and compliance with the rules. Whilst all is good we use the risk framework to create more rules and better framing and boundaries, creating better outcomes. However, when the desired outcomes are not being created we revert to the principles, check our north star and take our new knowledge to refine/ redefine the risk we are prepared to take.

Data and Identity Principles

Having established this framework, the idea is to apply this to the authors favourite topics of data and identity. We have an abundance of rules and regulations and as many opinions on what we are trying to achieve through identity and data ownership. We don’t appear to have an agreed risk framework at any level, individual, company, society, national or global. This is not a bill of rights, this is “what do we think is the north star for data and identity and on what principle they are built?” How do these principles help us agree on risks, and will our existing rules help or hinder us?

“what do we think is the north star for data and identity and on what principle they are built?” How do these principles help us agree on risks, and will our existing rules help or hinder us?

Our problems probably started a while back when information could travel faster than people (the telegraph rollout of 1850). This was a change in the fabric of values and principles. The person who was trusted was passed over and that person-to-person trust was no longer needed. Delays that allowed time for consideration gave way to immediacy; a shift in values and principles.

The question is how do our principles change when the underlying fabric of what is possible changes, the world we designed for was physical; it is now digital-first. Now we are becoming aware that the fabric has changed, where next? By example, Lexis is the legal system and database. With a case in mind, you use this tool to uncover previous judgments and specific cases to determine and inform your thinking. However, this database is built on humans and physical first. Any digital judgements in this database are still predicated on the old frameworks, what is its value when the very fabric of all those judgements changes. Do we use it to slow us down and prevent adoption? Time to unpack this

Physical-world first (framed as AD 00 to 2010)

Classic thinking (western capital civilisation philosophy) defined values and principles which have created policy, norms and rules. Today’s policy is governed by people and processes. We have history to provide visibility over time and can call on millennia of thought, thinking and wisdom. Depending on what is trending/ leading as a philosophy we create norms. In a physical and human first world, we have multi-starting positioning. We can start with a market, followed by norms, followed by doctrine/ architecture — creating law and regulations OR we can start with norms, followed by doctrine/ architecture, followed by market-creating law.

Without our common and accepted belief, our physical world would not work. Law, money, rights are not real, they are command and control schema with shared beliefs. Our created norms are based on our experience with the belief. We cope by managing our appetite to risk.

Digital world first (frame as AD 2020 — AD MMMCCX )

People-in-companies rather than people-in-government form the new norms as companies have the capital to include how to avoid the rules and regulations. The best companies are forming new rules to suit them. Companies have the users to mould the norms with the use of their data. Behaviour can be directed. Companies set their own rules. Doctrine/architecture creates the market, forming norms, and the law protects those who control the market. Policy can create rules but it has no idea how rules are implemented or governed as the companies make it complex and hide the data. There are few signs of visible “core” human values, indeed there are no shared and visible data principles. We are heading to the unknown and unimagined.

The companies automate, the decisions become automated, the machine defines the rules and changes the risk model. We are heading to the unknown and unimagined as we have no data principles.

By example. Our news and media have changed models. The editor crafted control to meet the demand of an audience were willing to pay to have orchestrated content that they liked. As advertising became important, content mirrored advertising preferences and editorial became the advertising and advertising the content. Digital created clicks that drove a new model to anything that drives clicks works. The fabric changed from physical to digital and in doing so we lost the principles and rules of the physical first world to a digital-first world that has not yet agreed on principles for data.

To our favourite topic: Data and Identity

Imagine looking at this framework of “principles, rules and risk” within the industry and sectors seeking to re-define, re-imagine and create ways for people to manage the digital representations of themselves with dignity. How would privacy and identity be presented?

Within data and identity, we have an abundance of rules and regulations and as many opinions on what we are trying to achieve. We don’t appear to have an agreed risk framework at any level, individual, company, society, national or global.

The stated GDPR principles are set out in Article 5:

• Lawfulness, fairness and transparency.
• Purpose limitation.
• Data minimisation.
• Accuracy.
• Storage limitation.
• Integrity and confidentiality (security)
• Accountability.

We know they are called “Principles” by the framing of the heading in Article 5, however, are these principles, values or rules? Further are these boundaries, stewardships or a bit of a mashup. By example to get round “Purpose Limitation,” terms and conditions become as wide as possible so that all and or any use is possible. Data minimisation is only possible if you know the data you want, which is rarely the case if you are a data platform. If a principle of The European Union is to ensure the free “movement/mobility” of people, goods, services and capital within the Union (the ‘four freedoms’), does data identity ideals and GDPR align?

Considering the issue with “the regulation of Facebook” or the “regulation of” Big Tech, in general, is that ON PRINCIPLE they shouldn’t exist, no one entity should have that much power and control over people’s identities and their data? So the framings that accept them, as acceptable, won’t create rules that actually moves towards the principle of ending the current hegemony but rather just seek to regulate it as is. If we add in open API’s and the increasing level of data mobility, portability and sharing whose “rules or principles” should be adopted?

How do your principles change when the underlying fabric of what is possible changes? The entire privacy framework, say in the US today, is based on early 1970’s reports written in the United States to address concerns over mass state databases that were proposed in the mid-late 1960’s and the growing data broker industry that was sending people catalogues out of the blue. It doesn’t take account for the world we live in now where “everyone” has a little computer in their pocket. Alas, IMHO, GDPR is not a lot better than rules with no truly human-based core principles.

The lobby of time

By example here is the 1973: The Code of Fair Information Practices This Code was the central contribution of the HEW (Health, Education, Welfare) Advisory Committee on Automated Data Systems. The Advisory Committee was established in 1972, and the report released in July. The simplicity and the power of the code have been eroded and water down so that the code is now ineffective. Would we be in a much better place if we had adopted such thinking at the time?

1. There must be no personal data record-keeping systems whose very existence is secret.
2. There must be a way for a person to find out what information about the person is in a record and how it is used.
3. There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person’s consent.
4. There must be a way for a person to correct or amend a record of identifiable information about the person.
5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.

Conclusion

We have outdated “principles” driving rules in a digital-first world. This world is now dominated by companies setting norms and without reference to any widely agreed-upon values. The downside of big tech gaining so much power that they are actually seen by people-in-government as “equivalent to nation-states” is telling. We have small well-networked organizations attempting to make a dent in this. MyData, for example, has generated, from an engaged collaborative community, a set of ideals (principles) that provide a good starting point for a wider constructive discussion, but we need historians, anthropologists, ontologist, psychologist, data scientists and regular every day people who are the users to be able to close the loop between the rules we have, the risk frameworks we manage to and the principles that we should be aiming for.

How can we leverage innovative democratic deliberative processes like citizen’s jury’s that are used in some parts of Europe to close the loop between rules and principles around emerging technology?

Take Away

• How are we checking the rules we have are aligned to our principles?
• How are we checking our principles?
• Is our risk framework able to adapt to new principles and changes to rules?
• How do we test the rules that define and constrain create better outcomes?

In a digital age, how can we reconnect values, principles and rules? was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

The role of a CDO does not have a natural bias to one or other of these traditional leadership styles. Data is used to drive the creation of value, but data also drives decisions to maintain control. The CDO power as the key decision maker is abundantly clear.

The emergence of the CDO has been fast and pervasive. Whilst confusion reigns that the Chief Data Officer title shares its abbreviation with the Chief Digital Officer, both roles are facing significant difficulty. (yes — ignoring Career Development Office and other permutations)

Starting in the 1990’s organisations recognised the importance of information technology as well as business intelligence, data integration, master data management and data processing to the fundamental functioning of everyday business, as roles such as the CIO grew in power it was divided emerging into a CDO’s which has become more visible and crucial; however there is a BUT.

The Chief Data Officer has a significant measure of business responsibility for determining what kinds of information the enterprise will choose to capture, retain and exploit and for what purposes, but not ethics, branding, revenue or propositions. However, the similar-sounding Chief Digital Officer or Chief Digital Information Officer has responsible for the information systems through which data is stored and processed (CTO type role) but no legal, infrastructure, business or contractual responsibility. Adding a CIO and Chief Data Scientist to the mix along with the other existing traditional roles; it is now a complex, interdependent, mess of responsibilities and accountability.

It was once clear who was accountable and responsible for revenue, infrastructure, team, brand, proposition, finances, strategy and operations. Senior and executive leadership teams now find they are each all both responsible for everything and nothing at the same time, unable to deliver or think. As we become data driven platform business we have retained the old roles and added new roles meaning everyone is included in: defining strategic priorities for platforms and the opportunities, identifying new business opportunities pertaining to data, optimizing revenue generation through data, and generally representing data as a strategic business asset at the executive table. BUT not everyone sat at the senior table understands data or has the relevant skills.

If the future is a platform and therefore a data led business, the CEO will have to have CIO/CDO skills and experience, meaning CDO’s roles should not exist. A CEO who has a CDO in place as part of a transition knows the CDO is the natural successor. CEO’s who have the traditional business and new platform roles will understand the conflicts and wrestle with to observation that the CEO should be the CDO, and they are not separate roles.

In reality the CDO should be an AI or algorithm supporting the CEO and senior leadership team in decision making — meaning that a CEO stands for “Clearly Dead On-arrival”

CDO surly means “Clearly Dead On-arrival”

If CIO is “Career Is Over”, what does CDO stand for? was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

{portability, sharing, mobility} this is used to provide the widest possible coverage of models and thinking. Portability that the data can move, sharing data as the ability to have access but does not need to move, and mobility as in the data is decentralized

Any discussion about personal data leads to opinions being shared about what it means (to someone) based on the position you start from; a personal view is different from a groups view, which is different from a citizens view and different again from an enterprise views. Inevitably there is a heated exchange as one of the parties believes in the purity of their view(point) and model to create a utopia and panacea for everyone.

Once we grasp that there are massive gaps, voids and value in any of the starting positions; adding the complexity of assumptions, experiences and data itself, we can look at the different approaches and debate the wide range of solutions. The purpose of this post is to provide a framework to move on from a “single unified theory of personal data”

Below in figure 1, is not an exhaustive list, but one that sets out some of the issues which creates friction when talking about personal data (digital footprints, exhaust, pixy dust, whatever.) A critical one, which is endlessly debated, is the “ownership” of data, and as a specific topic it is explored in much more detail in this long post here at Data is Data.

Figure 1. Dilemma’s of data

It is important to differentiate between a number of closely related ideas ahead of diving into the specifics of the data {portability, sharing, mobility} market. These are set out in figure 2 below. The focus here is Data {portability, sharing, mobility}, this is where the user requests their data (this is data about them, that they have given to someone) is given back as a copy. The copy should be secure and machine readable (GDPR.) If the company has added to a data set about you or performed analysis or acted on the analysis, this data is not covered for return to the user under existing legislation, as it was not created by the user and could easily be used to unpack investment and IP about a companies processes and algorithm. It is also highly likely that any data generated by analysis will mean little to an individual. Worth reading We Are Data as this explores how an algorithm will see you as 54% female and 38% male today — which may not align with your own thinking. Getting your own data back may not be that helpful (in itself)

Figure 2. Context

The focus of the framework presented later is just on data {portability, sharing, mobility}

The purpose of data {portability, sharing, mobility} is to grow the data economy by enabling the user to be in “control” of their own data. A direct consequence for a market full of data hungry companies from having access to data {portability, sharing, mobility} is that they can all get access to “better” data. In context better meaning: single source, wide, deep, rich, accurate, validated, proofed with providence, normalised. The individual data lake will be personal, private, secure and trusted. Sharing of this individual data is controlled by the user through consent.

A data economy will grow as the companies dependent on personal data will get access to richer data, whilst saving costs on storing, protecting and cleaning data. An excellent report on the status and market opportunity for data Portability was commissioned by DCMS and undertaken by CTRL SHIFT

Plotting the data {portability, sharing, mobility} market is difficult!

The two-axis selected for this representation of the market are about the user having control and the user experience of trust/ exploitation. Why these axes? If the purpose of data {portability, sharing, mobility} is to grow the data economy by enabling the user to be in control of their own data, then a base assumption is that growth will be fueled by (users/ consumer) feeling trust (in a company) and not exploitation (by a company), whilst feeling in more control of their choices/ data.

Plotting these as X and Y we get Figure 3 the Market Models and the effect / perception of branding and where the regulator wants the market to operate.

Figure 3 Market models

Opening observation. The majority of the existing models for data exist where the user does not feel in control and where the user feels exploited. Branding then takes this bottom left experience/ existence and makes the users (consumer) believe that we have more control or less exploited than we actually are. By example: Facebook gives the user preference controls over their data. Google gives you setting, Apple says data never leaves the phone. This does not shift any actual model, but through the power of perception/ trust and marketing many users feel more in control. Branding enables the players to provide an extension from where they actually operate. Google and Twitter per say gives services for free as part of a value exchange, so the user feels trust in the service (email) and not on how their data is exploited for commercial gain.

The regulators desire in this thinking is to provide a framework for a market where the user is in control and the user also feels trust in the service (for the right reasons).

The next step, before a mapping of the market, is to explore the intermediary models. Who are the intermediaries and why do they matter? The thinking is that whilst a handful of people in the world will be capable of collecting and collating their data ( and sharing it if they want) this is a such a difficult requirement that there will be a need for intermediaries who take this responsibility on, on behalf of the user/ consumer. In other words, a player who acts between the {data provider} (person with your data that you want a copy from) and the {data recipient} (the place where you want your data to go to)

There are lots of intermediaries already in the B2B space and a growing number in the B2C market. Therefore, the market will depend on intermediaries and we need to determine what they will look like — they are the brokers, agents, traders who enable data {portability, sharing, mobility} to happen without the user having to do anything.

Intermediaries have three types of infrastructure services which they can offer to the market, these are:

They act as a locker, store, vault/safe, or library of a consumer’s personal data.

The specific word chosen is very emotive and provide in the user’s eyes different ways of describing the same “type” of service — a place that the data resides. A locker being for the user like a locker with a key and unique to them. A store, like a store room — a big place where everything is keep and people have access. A vault/safe being a very secure place where only you have access and a library, somewhere that is well organized and your data is easy to find and share. They are all true and soon we will have a word that describes all these functions and that your data can be safely shared.

They act as a manager of your data

In this case the intermediary offers the user/ consumer abilities to control their data. These include rights (who has the rights to see, copy, share, delete, modify) data. Consent (whom have your granted consent to and on what basis) and Access Management (who can access raw data, all data, some data, just outcomes, or just receive results based on questions) The will also provide tracking and traceability of any changes and audit capabilities.

They act as a mechanism for monitisation

How your data goes from data to being valued to the individual. This can be direct payment, an indirect payment, a barter or trade or indeed more loyalty. The model for monetisation and how it works is just starting. Note — if the user does not receive any upside from their data, it means that the company benefits but the user does not. These monitisation models assumes the user gets to enjoy some of the benefit. If the user pays for a service, they are a different model.

These three capabilities, generate 4 models (as a matrix)

Model 1: the intermediary company only provides the Vault/ store/ locker/ library (the user will pay for this and there is no monitisation shown as the user does not benefit from the upside)

Model 2: the intermediary company only provides the Vault/ store/ locker/ library AND management solutions (the user will pay for this and there is no monitisation shown as the user does not benefit from the upside)

Model 3: the intermediary company only provides the Vault/ store/ locker/ library ND monitisation of data where the provider shares value with the user

Model 4: the intermediary company only provides the Vault/ store/ locker/ library AND management solutions AND various monetization models that are dependent on exploitation of the data where the provider shares value with the user

This is set out in Figure 4 below provides an overview.

Figure 4 The Matrix of capabilities and models

Opening up each of the capabilities up by examples of companies we can start to map the market.

Locker, Store, Vault or Library

As an intermediary in the data portability market, you have to provide a locker, store, vault or library where data from the data provider can be placed. It will have to be secure and private (these are basic hygiene factors and not explored here) This capability is the building block — without this basic capability there is no method to play. The options/ models for offering the locker, store, vault, library functions are

1. You are a unique and different company to either the data provider or data receiver and act as an aggregator. You act as a new silo taking data in for the individual. (different company) Examples Google, Facebook
2. As a company you enable the individual to be their own aggregator, but act as a commercial enterprise in offering this capability/ service (personal but commercial) digi.me
3. As a service you enable the individual to be their own aggregator, but act as a non-commercial enterprise in offering this capability/ service (personal but non-commercial) Western Digital drive + Open Source s/w

A key tenet to the value of data portability [mobility] is that you have to be able to share the data. The problem with the language with lockers, stores, vault and library is that it does not imply sharing, they imply secure, private and long term closed storage. So we need to add to this basic function management capability for sharing.

Management capability

For any intermediary in the data portability market, management capability can be broken down into three core features ( there are many more but these are critical)

1. rights control. This is providing to the user the ability to have control over the rights of their data and that the rights are controlled from this service
2. consent certification. This is a store and management of consent receipts (approved or not) and consent passed on (layered)
3. access management. The control given to the user to determine who has access to their system to control their rights and consent

It is deemed necessary that an intermediary player will have to provide these three feature for them to have a credible offer in the market.

Monitisation of Data

It is probable that there are three core models which will support the Locker, store, vault/ library with management capabilities. There being

1. The user will pay for the service directly (paid for FIAT/ Crypto)
2. The user enters into a “fair” trade and or value exchange (trade / value exchange) (not free and give up everything)
3. The user is paid in a percentage or of the revenue/ contribution from the intermediary gaining an upside from the data (share %

Taking these models and plot them on a user (might/ could/ would/ should) feel about control and how that same user feels trust or exploited. Figure 5

Figure 5 Possible models

Conclusion

This is a framework and the purpose is to start the thinking and debate about the models, the regulators role and what the user wants. Indeed, many of the models you can place in every position depending on how you want to argue them, but if you argue one sits somewhere it means that the others move. The key point here is not the absolute positioning or if you agree, rather that the current models are not aligned to what the regulator or user wants, but there are models that do align — which is good news and they are the ones we need to unwrap and find support for.

Further reading

Trust needed is explored in this blog

https://www.mydigitalfootprint.com/2018/12/how-can-brands-restore-user-trust.html

Data Portability and some issues are here

https://www.mydigitalfootprint.com/2019/02/black-swan-data-portability-mobility.html

Why Data Portability will change the Facebook Model

https://www.mydigitalfootprint.com/2019/01/why-data-portability-will-change.html

Exploring the nascent personal data {portability, sharing, mobility} market models, players and… was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

There are two existing models of trust that are relevant to business. Let’s call them “experience trust” and “emotional trust.” We are going to explore two new models of trust, explain why they are so disruptive and create a strawman as a way of thinking about the way forward.

Experience trust is simple to grasp. Think about using your bank card, pushing the brake pedal in a car, getting on a plane, charging your phone, posting a picture on Facebook, using a vape pipe, drinking water, taking a taxi, texting, etc. Every time you do something the ‘experience’ functions, within reason, as you expect it to. Expected feedback loops reinforce a message that whatever you use can be trusted. Society depends on experience trust. It makes life simple and convenient. As the old advert goes; “it does what is says on the tin.” Virtually every brand and every company has close to 100% experience trust, as without it there are unlikely to be new let alone repeat customers. Rules, regulations and standards make the services repeatable anywhere at any time from any provider, essentially experience trust makes usage and choice easy.

Emotional trust is more subtle. “Do I believe that the company I am about to use has my best interests at heart?” Your bank can make the payment (‘experience trust’ — I know the payment will happen as promised), but that is not the same as trusting the bank to sell the best products, service or advice or as a long standing customer to reward you for loyalty in the way providers bend over backwards to entice and reward new customers. Whilst there are always a few exceptions; the reality is that pharma, government, the church, charities, banks, social media, medical, insurance, CPE, retail, gaming, media and auto have eroded our natural goodwill, our emotional trust. As consumers we feel that “brands don’t have our best interests at heart”. Yes, you can use any service and trust it will do what you want (the joy of regulation and standards) but we have generally lost faith in companies purpose, ethics, morals and integrity. To hide this stark reality many of the world’s biggest brands spend vast sums in marketing and branding to keep consumers focused on the utility of the experience as the reason to trust them. We have little option but to fall back on experience trust as our best mechanism for selecting any brand and over another, leaving emotional trust out of the decision-making cycle.

However, this is not healthy. We don’t ‘emotionally trust’ digital brands at one level because we know that our data is being used and abused as the mechanism to make money, to create value and generate wealth for the business and its shareholders in exchange for the service. We translate this into the motive behind every piece of communication with us, as their gain is at our loss on some level; however subtle.

Something disruptive and novel is happening and it opens up a whole new world of trust that was either lost or forgotten or maybe never existed. This will, I am sure be debated. For want of a better way to describe this new trust component I will label it Enablement trust (keeps everything to E — the third E of trust!) Before we describe enablement trust, we need to remind ourselves of the context of data portability and data mobility, where the consumer can ask for a copy of their data back. The wider concept (which is not new) is that the user is the best person to keep a copy of their own data. The base thinking being that the user will want the data to be correct and there is only one source. Up to now (2019) this has been a very hard concept to grasp and evaluate but companies are emerging who make this ideal simple such as digi.me. As an analogy for the way it works consider Microsft Outlook; we don’t understand how email works, but we use it, we don’t need to understand how giving users control and consent of their data works, but it must be secure, private, trustable and simple.

Why Disruptive: BigTech, banks and corporates collect and control your data in their silo. These players offer to users products based on their limited view of the user ( a subset of all user data). From this limited position the companies use this position to offer and sell products and services for which there is a good business case, but which may not be in your best interest because the business case for the service that would have matched your needs did not work at scale for example. In taking the scale option they erode your emotional trust in them. As we have become increasingly digital, brands are collecting and keeping more data on and about you and through the Privacy Statements we all sign up to they have the legal right to reach you. Owing your data gives them the power in the relationship and they hope that functional trust and marketing is enough to keep you “loyal.”

Were the data back in your own “care” or were you at least to have greater control of it ( recent legislation is designed to do this — GDPR, PSD2, Data Portability, data mobility = the data economy), user could decide who looks at their data, who can provide products and services. When the user is in control not just of the data but also of the consent (they have the ability to switch on and off who has access and to what); this will create a shift in the power balance.

“Brands have largely paid lip service for the past 30+ years to customer first, customer centric and all that thinking” (Anthony Thomson) When data is back with the creator (user), the customer is genuinely now first as the corporate will now have to ask the customer to look at the customers data. This changes the relationship.

Enablement trust changes a vital aspect of the trust relationship. If the corporate fouls up in the current model, the user has very few real alternatives. In the new model the user can turn off their feed to their data. The corporate, who works out that by putting the user first, and genuinely creates amazing customer experiences, is the one the user may choose to keep using and allow access to ever more new and rich data. This is enabling the corporate to re-establish emotional trust by showing to the user that they are putting the user’s best interests at heart: because they have to if they want to compete and it would be the smart thing to do.

This concept does not wipe out or destroy the existing model or Brands. It allows a few Brands to move into a new position. “First Movers” will be rewarded.

The idea of giving control of data back to users could induce two kinds of response. The first is the immediate response. ‘Lock down, never going to happen. This weakens our position. We have invested to create this data. The value is in control. We know better than the user. In summary defense and defend. This position will survive and companies who are here will still flourish.

The second response, more subtle is that we have a chance to change the game, we can be the first mover, we can win by doing what we have said we would do forever — put the customer first and do that every day in everything we do.

Brand Values for Banks

One argument from Banks and the wider fintech market is that they are the safest place to store data. However, when we centralise value (money for instance), it becomes attractive to rob, pinch, steal or walk off with and protecting it comes at an ever increasing cost.

In the old language the rational could be summed up as “dynamite and vault”; in our modern language “very attractive hacker economics” The centralised deposit(s) become of great interest to those who want take (pinch) user data and control it; and see it as a way to increase their own value. Centralised works first for the institutions and second for the consumer.

A more subtle part of the conversation (should we trust banks with our data in a big vault) turns to where modern day value comes from with data and that is in the sharing of data. The essential value of data is relational. Data in a vault with no access (other than you with your key) has limited value. There is some value possible for an individual if they want the bank to monetise their data in very small increments (that might “add up” nicely over time); but that is a different story. This area will pitch the bank and BigTech against each other.

The issue banks have lies in the inherent tensions of their brand value in relation to data that we have been discussing. Their brand value today is built on being a trusted champion of ‘our” data security, privacy. They charter with us to defend, hold, keep, store, protect. You cash will be protected, in fact we are so sure, we will give you a guarantee.

However if the value for your data comes from the sharing; how does this align to the lock it up, store it and protect it way of building brand value?

Data from The 15 Most Common Brand Positions in Retail Banking — If you use one of these 15 common themes, you’ll have to apply your entire organisation to it with gusto. That means 100% at every customer-facing touch point. You have to go above and beyond in order to stand out. If you don’t align every aspect of your organisation around your brand, you’ll just end up being another commoditised “also-ran.” That’s what separates “great service” from “lip service.”

However, not one brand value is about sharing your data!

Worth pondering is the concept that if banks focused on transactions/ payments as a brand value and not safe keeping, protection and guarantees; the argument would shift. Payments work as there is a fundamental idea of sharing. You need to share your card, share details, share the payment processes — payments has a far better alignment to New Digital Banking thinking.

Before we look at the new model for sharing data from Banks and brand alignment, we need to revisit the four kinds of trust I mentioned at the start. We know experience trust is good, we know emotional trust is broken, we can guess enablement trust is coming — probably from a growth fintech rather than an incumbent; however where is this fourth one Tony?

Trust in data and governance

The fourth trust we need to unpack is about the employees and directors of an institution having trust in their own system and systems. This is not experience and functional as that is how the user perceives what the company does and how it works. System trust is about governance. This is not corporate governance as in comply or explain — nor the dark arts of Data Governance, which is a whole different topic. ‘Systems Trust’ is about the corporate governance of data, so that directors and officers can be held accountable for the systemic way in which data is ‘managed’.

Imagine you are the CEO of a bank. I am going to ask you a few questions over a coffee. Let’s see how we get on.

“Hello Jenny (CEO of bank x), have a think. Do you trust your CFO ? But please don’t answer yet.

Do you meet your CFO pretty much daily and talk about finance and numbers? “Yes I do”

Do you have a monthly board meeting and spend 50/60% time talking finance? (“Yes we do.”

Do you have an accounting system? “Yup.” Are your monthly PL,BS and cash flow generated from the system? “Of course”.

Do you have independent NXD for Renumeration and audi?t “That’s just good practice.”

Do you have an external auditor who you churn every now and again? “ Again, just good practice.”

Right, back to the CFO. You trust the her?. Let’s be honest, you trust the system that the CFO is responsible for. You trust the CFO for analysis, experience and insight.

Do you believe that data is already or going to be a core/key/critical asset for your business survival and growth? YES!

Phew. That all ways worries me

Who is accountable for data your CTO, CDO, COO, CIO)? You trust your CxO ? Please don’t answer yet. Let’s assume that at least one of them is. Do you meet your CxO all the time and talk about data and analysis “Actually No.”

Do you have a monthly board meeting and spend 50/60% time talking data? “No.”

Do you have system for meta-data reporting across the organisation including suppliers, customer and employees? “No.”

Do you have any data generated about data from a system that you report on? “No.”

Do you have independent NXD for data, ethics, privacy? “Er, no.”

Do you have an external auditor who looks at your data? <rueful smile> “I think you already know the answer to that one Tony!”

Do you trust the CxO? Let’s be honest, you have no idea and you are not alone!

How are you reporting on consent, how do you know where data comes from for marketing, how are you tracking how you track people, how are you ensuring that data given to suppliers is used in accordance with the terms of the contract, how do you test ‘use data’ provided to you to see if you are compliant with your own terms, is privacy consistent? How are you analysing test data for automated decision making, how many automated decision are you making, who is checking for bias in your data and automation, do you know where you data came from? How do you know that you data is real data, how are you checking that the HR software you use does not bias against anyone?

Why is this important to get our heads round? Decisions and working relationships are increasingly shaped by data and now of course by AI, off which ‘feeds’ on data like whales feed on phytoplankton. How can we have faith in the decision if the data is not trustworthy and we do not have a line of sight into how the new elemental force that is data is shaping the working practices of the company? How can the Board do its work in this new area without that line of sight?

Huston we may have a problem!

How does this story so far offer value and insights into the problem and solution?

Let’s start from the user centric view of the market. The two axes selected for this viewpoint of the market are about the user having control and the user experience of trust/exploitation. Why these two axes? If we want to grow the data economy, an assumption is that growth will come from the user having more trust and more control, which means that there has to be better regulation, standards and governance.

Plotting these as X and Y — we can show the existing market models, the effect/ perception of branding and where the regulator wants the market to operate.

First up. The majority of the existing models for data exist where the user does not feel in control and where the user feels exploited.

Branding then takes this bottom left existence and makes the users (consumer) believe that we have more control or are less exploited than we actually are. For example: Facebook gives the user preference controls over their data. This does not shift their actual business and data model, but many users feel more in control. Google and Twitter provide services for free as part of a value exchange. The user feels trust in the service (email) but if she thinks about not in relation to how their data is exploited for commercial gain. Apple is interesting in their position as the user feels trust and in control but they are neither. Apple is in total control and exploits the user with branding, experience and lock in. Apple is a walled garden, and we regulated walled gardens into new models starting in 1990/92 — just think AOL or unbundling of IE4.

The regulators desire is to provide a framework for a market where the user is in control and the user also feels trust in the service (for the right reasons).

* Trust article link

The regulator has a big tool bag to try and drag the models from the existing position to the new, however the companies have an equally large toolkit to ensure that the regulator remains frustrated and prevents the move in model, because the model they have delivers super profitability and growth. The regulatory model will probably deliver neither.

Health and Safety (H&S) provide an interesting case study. The regulator for a long time , encouraged change in behaviour with best practices, rules, regulations and even fines. What created change was when directors because accountable and responsible for H&S with the introduction in 1974 of the act. The key was to prevent delegation of responsibility and to make a breach of H&S a criminal action. https://en.wikipedia.org/wiki/Health_and_Safety_at_Work_etc._Act_1974

What changed was that there was suddenly a reason and a motivation to change.

Current regulation around privacy is too weak. My view would be we follow the H&S framework. It would extend the new Australian “abhorrent violent material” laws to include privacy and make a breach in privacy a criminal offence.

However, this is probably not enough on its own. We need to think and discuss how to upgrade our corporate governance processes to incorporate data and its implications. Data is not oil — data is data. We have, since 1992, been improving reporting, the management of information and oversight of process to deliver corporate Governance.

The “new’ force of Data creates the need for an upgrade to the existing approaches, as data is unique. It is not like finance, cash, assets, people, suppliers or operations.

The proposal is that best practice governance will form a third committee for an organisation that has to report to public shareholders. This third committee would stand alongside the remuneration committee and audit committee and would be something like a “Privacy and data ethics committee”

We have to help companies to take a different approach to finding ways to avoid regulation. We also need to help ourselves as there is increasing confusion due to the volume of conflicting regulation and create simple accountability and responsibility metrics that rest with the board. As with H&S and fraud, the directors cannot then say it is someone else’s problem or there was a process problem.

How does this new thinking help with creating more customers or improving margin?

Holding directors to account for data means that we can have trust in the systems. This will mean that some players can be more transparent, everything that BigTech does not do today. Why will that help? Winning more customers.

Trust and transparency in the system and taking the customer on the journey by story-telling (imagitive TV ads) is one way that springs to mind that existing Banks with Brand values can compete in this new world. There will be other ways and the introduction of more personalised engagement helps to show that a brand really cares about me and puts my best interests first. But if there is no faith in the system, that is a difficult customer “promise” to deliver on. If not overseen at Board Level with a meaningful flow of “management information” such ideals rich looking shallow, could be misinterpreted by customers and maybe some employees as a new kind of manipulation. This would actually worsen the Trust Gap. Don’t make promises you cannot keep or at least cannot show through process and review that you have every intention of keeping. The System will need to move swiftly and in line with brand promise when things go wrong.

The more everybody in the organisation can trust to the way in which data is managed and “responded to” in the organisation the better the relationship between human judgment and accountability and data and its sibling “AI” will be. Better data will then lead to better decisions and more margin.

We have covered experience trust ( it works); emotional trust ( do they work in your best interest — broken), enablement trust ( give the user their data and ask them to trust you) and then system trust, making directors accountable and responsible for data — changes the culture and attitude towards data.

The difference data makes is that we can now see who does what they promise and who does not — then we can trust. How much work is a Board really willing to do to be seen as “Trustworthy?”

The first two trust models worked in a pre-data world; we now need to think in a data driven world.

many thanks to Robbie Stamp for helping to refine the ideas, flow and concepts

Trust is not a destination! was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

We love the idea of a single unified theory of everything. One eloquent and beautiful equation which describes everything. It can unfold and from it, all that is, can and will be explained. It would provide a rationale to the unexplained and a purpose for the unreasonable. Such an equation would have logic, it can be translated into an algorithm, which we can code and run. From this exiliar we can solve all questions of humanity and our future will be predictable.

It raises lots of questions. If we found the equation surely we would dissolve the need for a soul, our belief would be worthless, hope would be irrelevant, faith pointless and luck would be a calculation. Chaos and humanity will give way to order and authority — the Matrix was real.

Ignoring if possible or if that is what we want, physics helpfully starts to highlight one of many problems of any unified theory. Relativity ( big stuff) has one set of equations and behaviours and Quantum (very small stuff) has a totally different set of equation and behaviours. We, who live in the mid-section between the impossible vastness of relativity and the unimaginable chaos of tiny quantum energy, can model both these boundaries but lack the unified models to explain how they co-exist.

How does this thinking link to Privacy?

For some reason we want and desire A Single Unified Theory of Privacy, one that solves all our privacy quirkiness, however are we also searching for the impossible?

At a very large scale (using the physics analogy) privacy would be for all humanity, all citizens, every person together as one; we will have the same and equal rights, all 8 billion of us. At a very small scale privacy is for me; right now, at this place and at this time. It is unique to this context, this experience, this thought at this very moment. Between the 8Bn and this single person at this point in time, we want to create a set of unifying rules, the single algorithm, the one equation which would work for, and embrace, all circumstances and situations. We desire to create a framework that will act equally for me (unique to me and only me right now), and one that apply to everyone for ever; but we are delivering rules which work for neither situation or anyone (except the very rich few)

Perhaps we should stop searching for the one solution and start to look at two, one set of privacy rules and guidelines, one for everyone which is a human right AND a different one for this moment, this instant, this thought, this action, this click, this interaction, this communication. We could call one Relative-Privacy and one Quant-Privacy.

One for coffee, do we have the same problem with Identity ?

Finally, a Single Unified Theory of Privacy was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

“The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power”

So I took this one for the team, and read every single page of the near 700 pages. It is a slog, even for me as a massive advocate of privacy, PII, identity, security, trust and data.

Massive respect to Shoshana Zuboff for 15 years of thinking, research, dedication and writing on and to the topic. This is half of a life’s dedication. Yes I wrote and published “My Digital Footprint — where your privacy is someone else’s business model” 10 years ago and whilst we now have lots of proof now, the theory has not moved on.

There is a lot written on this book already. If you want a summary of Shoshana work these are some of these better write ups. WIRED, FT, ZDNET, The Guardian, Harvard, Linux Journal, The Verge, Philosophical. For those who want a few videos try these TWIT, Democracy Now

My thinking

I am critical of this book, and can only assume that some who have written the summaries have not read the book, or indeed have not read a lot about this aspect of the digital market. Indeed, some may be too young to remember 1993 and the emergence of the web. I do doubt they have being reading on this since say Resisting the Virtual Life 1995 or Being Digital 1996.

Shoshana book offers a very deep vertical view of the topic — this is brilliant. Make no mistake this is really well researched and the reading list is eminence. The time it takes to get the depth is hard, the finesse of subtle debates is sublime, however it therefore lacks a horizontal and wider macro economic view — it does not consider the market and other wider issues/ factors. You have to read say The Future Of Capitalism by Prof Paul Collier and suddenly many of the arguments don’t hold up.

Shoshana makes a set of unwritten and self-assumed assumptions which I want draw out and then challenge them. Most are very much self criticism of my thinking as well, and how I have evolved over the past 10 years.

Data = Behavior

The core of this assumption is that we are predictable. We gather or collect data and with that data I can predict you. [algorithms are next] TBH I was on the same assumption 10 years ago. I wrote the same. I believed that we were rational and that only 1% was irrational. Since then I have read the works of say Dan Ariely and many other behavioral physiologists. Nudge and Hooked I loved Nick Charter’s work the Mind is Flat . If time is short and you want a generate a quick view about why the link between data and behavior does not work, read about emotional bias. It will raise reasonable doubt.

Why is this important as an assumption to bring out. If this (data = behavior) is not true a large part of the economic theory proposed in the book, that makes up the basis of Surveillance Capitalism (Big Other) falls away. If data does not lead to the prediction and behavioral change then the economics don’t work. We are still be watched — that is not in question, it is the economics of the model that needs to be questioned.

There is some truth in data = behavior but the gap is so significant that to base a market model on it is too unstable.

Algorithm = You

Like the thinking above that data can lead to understanding and the manipulation of behavior, there is a step in between data and effect, which is the algorithm or heaven forbid AI. On this topic you have to read Hannah Fry’s work, Artificial Unintelligence by @merbroussard, We Are Data or Team Human

Why read this material as you will quickly realise it is a fantasy that we either understand the algorithm, we have the models, we understand bias, we can build the system, we know what the effect will be. There is work going on all over the world to understand this. From my perspective this provides a good insight, it is UK’s THE ALL-PARTY PARLIAMENTARY GROUP ON ARTIFICIAL INTELLIGENCE which I am part of. This provides a stack of expect views and insights into the complexity of the issues and our total lack of understanding.

Silo = data

In a way the most obvious assumption is that data rests in silo’s of the BigTech. It assumes it is the only place it can rest. The economic rational for Big Other Fundamentally the economic model proposed ignores GDPR in EU, CDR in Australia, The California Privacy Act and many others — all looking to create a even playing field where data returns to the creator. Data will be in both the Silo and with the individual, this changes basis of the assumptions and the economic model being proposed does not stack up when data is back with the user. Indeed this model, where data has mobility, is far more exciting

Data = Oil

I will only say please read data is data The thinking that links data to the existing basis of existing economic models and law is broken. Shoshana goes a long way but ultimately fits the surveillance capitalism model to the existing economics ( accepting constraints of abundance and non rational man). However when we realise that data is not an existing class but something new, we have to change the assumptions. I have changed my views on this over time and this says where I am now.

You = You

A bit subtle this one but in the data and computing world we find it safer to ignore biology and chemistry. In the book The strange order of things it becomes obvious to the reader that your DNA changes which affect how we think, react and behave. Not only our DNA but our food, diet, disease, bacteria, gut flora and environment. The data we have is so thin that the end game that the book explores is not in reach.

Why important — the simple link between data and behavior economic exploitation as explored above is just not that simple.

Excellence = Truth

The book takes a very high ground and looks like it is trying to prove that Harvard Academic excellence is better than anyone else and has a point to prove. The specific slating of Hal Varian, Google’s chief economist and Alex Pentland (MIT) I find the most disturbing, just to justify points that align to thinking. Both have changed, iterated and refined their thinking over the past 10 years and they continue to hone their views as this is a really complex area.

So overall, I would not recommend reading this as a book unless you are prepared to read much wider and form your own view. Love Shoshana as she has raised the bar and the debate.

Why Survillance Capitalism is not an end game or model! was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

You have rights to data about you. You have the right to privacy and data protection. You also have the right not merely be the passive recipient of protection, but actively to make the fullest use of data about you. This is why MyData Global exists: the nonprofit in your corner, working for the empowerment of all with our data.

Data protection is the bare minimum

Privacy is about putting you in the driver’s seat. Privacy by default gives you the possibility then to share and reuse your data, exactly when and how you want.

Privacy is a radical paradigm shift. Right now, decisions about your data, my data, and our data are being made by people and processes other than you or me. They are being made to benefit those who control that data. What if you and I had the chance to decide who gets to benefit from our data? What kind of a world would we create?

Imagine if the researchers of the world had access to all the data they needed to conduct studies about disease and suffering. Imagine if people you could trust were in control of making sure your data helped create better cities, more useful services, and a fairer society. Imagine contributing to the world you would like to see but wouldn’t in your wildest dreams believe possible.

Data has the power to transform society. Your data is part of this, why shouldn’t you be a part of ensuring this transformation is for the better?

Data protection is the bare minimum. It’s absolutely vital, but it’s only the first step. Once your data is protected, the next step is to put it to work. What do you want your data to do for you and for us all?

What MyData Global is and does, and why

MyData Global is the award-winning nonprofit born out of a community of data professionals, businesses, activists, legal experts, academics, techies, entrepreneurs, social scientists, and citizens who share a common goal. Founded in the autumn of 2018, we are some 500 members (people and organisations) from six continents who believe in putting the human in the middle of all this data talk.

Our purpose is to empower individuals by improving their right to self-determination regarding their personal data. The human-centric paradigm is aimed at a fair, sustainable, and prosperous digital society, where the sharing of personal data is based on trust as well as a balanced and fair relationship between individuals and organisations.

Learn about us, follow us, stand with us. We’re in this together.

#MyData: From Data Protection to Data Empowerment was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

Words, in general, are a common and creative invention of homo sapiens which enables us to shortcut detailed explanations. A dog = mammal, fury, four legs, barks, teeth etc. However, words; because they are a shortcut often lack context and relationship. Love, for example, can mean, or be interpreted to mean many propositions depending on context and relationship. The 2019 update to the New Oxford Dictionary brings in the words agender and intersexual to help define better and enable more nuanced conversations about sexuality and gender identity, as society has words without the specific context and better words help avoid conflict and confrontation.

Words allow us to explore and debate wider and deeper concepts but also their misunderstanding leads to fights, war, turmoil, anger or innovation, problem solving and creativity. Sometime we don’t have a word for something and therefore we need to spend a lot of time using metaphors and add context and relationships. The rhetorical question is say, how did we describe competition before the word competition. In 1996 Nicholas Negroponte wrote a book called “Being Digital”. In the book he spends an entire chapter to explain Broadband, another to explain Social Media, another to explain what is e-commerce. It took a lot of time for everyone.

Humans process words depending upon a rich tapestry of context, relationship, mood, how it was said, when it was said and by whom. We interrupt combination of words with our own bias so they make sense to us individually. This abstract view of sense making comes from and is baked into our experience and the order and weight we give to it such experience. Shakespeare’s plays are all written using the same 26 alphabet letters. Knowing the symbols and even the words does not allow easy access to meaning and at best reading is a starting point in trying to determine the message.

Economics, biology, physics, psychology, maths have all created their own language and words to explain the order of things. This has allowed us to explain better and create value, wealth and prosperity. However, in economics for example the order given by words we have, are based on the general concepts of scarcity and abundance with the equations of supply and demand. Therefore the words have certain limitations and assumption, which also means that these established words may not work well to describe new models, theories or markets. The words and descriptions breakdown.

The reason for this long introduction and context is that we lack words to describe the new activities, models and functions in a data driven digital world. Our current wordset may constrain us and slow us down because of some of the ambiguities inherent in the words we currently use. For example, consider the word identity as in ‘name’ vs identity as in ‘provider’ and identity as used to mean ‘access’ — context and relationship matter. Or consider the internet descriptor language we have. We say there are sites, domains and locations that we visit and browse, so framing the Internet as real estate, which is something we relate to. When we speak of pages that we author, publish and syndicate, we are framing the Web as a publishing system. When we speak of content comprised of packets that we move, upload, download and store with addresses, we’re framing the underlying infrastructure as freight forwarding between storage facilities. Analogies such as these inevitably have their limitations.

The word data is a particular problem as it is a word that we want to constrain by context and relationships but ‘data’ does not comply to the same boundaries, field, domain, graph, market or constraints. As much as we would like to explain data and its functions with a metaphor or analogy — it is unique. Data is closer to the discovery of a new core element for the periodic table with new properties, a new energy concept for quantum that allows us to understand something we could not explain, a new model for dark matter.

Every model we use to explain data fails. Data is not oil, we don’t mine or refine it. Data is not gold; there is more data than there are atoms in the universe. Data is not labour, it does not pass with time. Generically data is not a commodity. Commodities, at least of the sort that get bought and sold in stores and in commodities markets, are both rivalrous and excludable by nature. Data is, by its nature, non-rivalrous and non-excludable. This simple fact are that you cannot declare ownership of data (though many people try), you cannot control it, you lose nothing when you copy it. It is why data is data.

By design all metaphors are wrong. For example, time is not money, but we use money to frame our understanding of time. That’s why we save it, spend it, waste it, invest it and put it aside. Likewise life is not travel, yet birth is arrival, death is departure, choices are crossroads, we get stuck in a rut, lost in the woods, get back on track, and so on.

Those metaphorical frames make full sense to us as humans because our experiences of time and life are very much ones of valuable commodities (time as money) and movement (life as travel). As explored in the “Mind is Flat” by Nick Chater our brains as built to create and make sense, we need the metaphor to make the jump to make sense, but then words to move us forward.

But the words and metaphors we use for the Internet, Web and Data insult all, and that’s a problem. Our digital world is too radically new and different to be fully conceptualised, understood, explained and honored by the metaphors we apply to them, limited by words that have the wrong meaning, therefore it is time to build a new wordset!

We talk about data as a commodity, just as we talk about time as one. But while our experience of time is of a finite non-thing, our experience of data is something like the Sorcerer’s Apprentice’s experience of magic: it gets way out of control.

Joyce Searls points out that our experience in the Web is one of “no gravity” (because the Internet isn’t a place, and we are incorporeal chimeras to each other there: damn fine ghosts or holograms, but not physically real) and of no distance. She also thinks we’ll adapt to those conditions, but it’s still too early to generalize with full confidence from our experience so far.

Creating value from data requires an entirely new wordset, just like the breakdown when we talk about the concept that “data is oil”, data storage, data consent, data analysis as a few example functions, when put into context and relationship they all fall apart. As an example Data Storage is not the same as it was when we had an economic model for the storage of documents in 1980. In 2018 digital data storage has a relationship and content to security, access, rights, liability, control, sharing, conflicting national compliance laws and privacy changes. However we continue to use old economic framing, thinking and words to describe these new data functions that then fail.

There is a wider point with data storage, is storing data useful or useless? Is data as useful or as useless as a bad memory that stops a person from falling in love, taking a promotion or starting their own business? These add depth and shows how our words fall apart all too quickly.

As Doc Searls puts it “We are now digital as well as physical beings, and our habitat as digital beings is very new, strange and has no history so we are forming new human experiences, even though we live in a digital world almost as much as we live in the natural world.

From the 10th to the 21st century our thinking built a word set that was based on an economic model that existed in the here and now; physical limited by space and time. The relationships and formula could be discovered, explained and modelled. In our new data world these word sets that described the constrained physical are holding us back as we are having to explain more and more context and relationship. The objective value of a word is to create a shortcut and using the wrong words that have the wrong meaning means we waste more time explaining than we are doing creating. Our new data world needs new words to describe the new functions, as the world of data is not constrained by the vocabulary we have developed to understand the relationship between time and space (we will probably discover that vocabulary to be limited too!). Our new world is messy, interwound, interconnected, interdependent, driven, causal, relationships, immediacy and feedback driven.

Our history has provided context and relevance which has become baked into laws based on experience over a very long time, TRUST in a data world has new meanings where new dependent relationships and contexts change the understanding. The MIT study that led to the “Privacy Paradox” is a good example that the word PRIVACY is broken when we talk about data. Do people want Privacy to avoid exploitation and danger? To mitigate their sense of vulnerability?

Are people willing to trade Privacy in order for the control to manipulate their data and live out their life fantasies in a digital world? Are people so addicted to the control they have in shaping their digital lives, that a privacy, security breach or fraud brings them back to their analogue life. A person owns (maybe) their body, mind and thoughts, but do they own their data?

Let’s explore one idea that needs a word, as a starter. DATA OWNERSHIP. If we had a better word that describes the context and relationship we could save pages of debate; Can you actually own data? It would be good if the answer was “yes”, however the reality is ‘no’, but you can own the machine and software that stores data and different players do have different rights to the data.

In fact, the non-rivalrous nature of data plays havoc with modern notions of ownership. The Romans had a much subtler understanding of the nuances of ‘ownership,’ when they created separate legal rights and processes for ‘usus’, ‘fructus’ and ‘abusus’.

Usus (use) was the right to use or enjoy a thing directly, without altering it. For example, to walk on a piece of land or eat a fig off a fig tree. Fructus (fruit, in a figurative sense) was the right to derive profit from a thing possessed: for instance, by selling crops (but not the land on which they were produced), taxing for entry, etc. And abusus: (literally abuse) was the right to alienate the thing possessed, either by consuming or destroying it or by transferring it to someone else (e.g. sale, exchange, gift). These notions of usus, fructus and abusus imoly, when applied to territory, not ‘private property,’ provides a notion that different rights apply inside and outside clearly delineated boundaries.

When the 18th century constitutionalist William Blackstone observed that an Englishman’s home was his castle, he wasn’t talking about absolute rights of private property. Rather, he was talking about Englishmen defending a piece of territory where they were safe. Englishmen didn’t just have their castles, they also shared the fruits and benefits of commons, public rights of way and so on. Each of these different territories had different rules and rights associated with them. In contrast to this subtle ecosystem of rights and responsibilities, Blackstone characterised modern notions of private property as “the sole and despotic dominion, which one man claims and exercises over the external things of the world, in total exclusion of the right to any other individual in the universe.”

In a new data age we need to establish a new concept in digital and data that builds appropriate boundaries each with their own rules, rights and responsibilities. Critically, individuals’ rights to ‘usus’, ‘fructus’ as well as ‘abusus’ in relation to their own data need to be clearly delineated. This is very different to current debates about ‘control’, virtually all of which relate to individuals trying to control what other parties do with their data rather having the right and ability to use their own data for their own purposes.

As a footnote DATA itself as a word is also a problem, and by extension so is the entire emerging world of Cryptocurrency. “Data” has many different definitions (a quick search gives well over 50 to play with) and individual “labels” and “biases”. However we can be specifically clear about what we are talking about with data types; as long as a verb is included. Flat, big, meta, real-time, old, static, new, current, statistical, empirical, computer, binary, linked etc However, not all “data” is created equal and as such data is contextual to where value may lie, which can be either good for humanity or good for the value of one of the players who are able to exploit it. As yet we have not been able to add context to types of data such as rights, ownership, providence, trust, privacy, security, faithfulness, correctness.

Is there a similar problem elsewhere that provides precedent?

Whilst risk, beauty or compassion are useful thought experiments they lack the direct linkage to value creation which data provides. Data is Data!

From Wikipedia: Risk is the possibility of losing something of value. Values (such as physical health, social status, emotional well-being, or financial wealth) can be gained or lost when taking risk resulting from a given action or inaction, foreseen or unforeseen (planned or not planned). Risk can also be defined as the intentional interaction with uncertainty. Uncertainty is a potential, unpredictable, and uncontrollable outcome; risk is a consequence of action taken in spite of uncertainty.

Possible that “Risk” as a conceptual framework has some similar properties which could help us. Risk cannot be owned or held physically (it can be accounted for), it cannot be controlled or touched, it changes continually, it has no value in of itself, it cannot be weighed or measured in the real world, it can be passed, sold and assigned, but cannot be “copied”; we can only describe outcomes and assign a risk measure. Risk is totally subjective and we all make different judgments make about the severity and probability of any and all risks. All human endeavour carries risk, but some can be defined as being much riskier than others depending on the lens.

So What …..

Creating words will not happen, however there are companies who are solving and delivering solutions in our new data world who have ideas of privacy, consent, rights, ownership, sharing, storage as core functions. Like Hoover became a generic name for a function, Google for search, Text for messaging and many others. Should we (the digital community) start to adopt names of companies, which have a pure single function that delivers context and relationship in this new data world to allow us to describe functions in a clear and crisp way.

Would such adoption get us to value, models, growth and fun a whole lot quicker; avoiding the words that prevent us from agreeing the same solution because we insist on using the same language with different words?

Extending this to AI — given that AI needs data.

As a further thought, does the lack of current wordset descriptors for data provide a rationale as to why AI will be slower to become adopted than perhaps the technology will enable? Is the timing such that we will spend too much time debating words that cannot describe the concepts and therefore, we cannot provide the assurance or governance?

/# please contribute #/

We need you to offer suggestions, ideas, wordsets and brands — these will get debated at forums and meetings. All input will be open and shared through our community and member at mydata.org, IIW, VRM, Kantara and other initiatives such as W3C, Open Intelligence, Open Knowledge forum, WEF and other committee where our members met and collaborate.

Let’s start to find better words but it can only happen if you contribute and help, please copy this and post it, offer suggestions, bring comments, debate with others over a glass of wine.

Please share and make suggestions and help refine. As a best practice please provide a mandate for any company, brand, word set as an activity that allows for a public debate to claims and what are the constraints of the new function.

Someone may want to take on a role and survey the players in the space and ask what notions they are trying to convey in their platform/ software that they are having trouble explaining, etc. we could come up with a list that everyone could work on reducing to the new language. For example, we could take our Consent Access Contracts and Consent Receipts and outline the individual items that make them up, then try to explain each as simply as possible and finally assign a word as a shortcut to it.

—

Thank you to a very large community who helped in building this into a story that had to be told. Doc, Kalyia H, Emma L, Iain Henderson, Danny G, Phil W, Drummond, Martin G, Dexter, Dave B, Nicky H, Kim C, Philip S, Robin W, Lubna, Jamie S, Liz B, Robbie, Ben L, Annti, StJohn, Leda, Ross D, David A, Alan M, Teemu, Antti, Fred D, Fabian V, Sandy P. Lily C, Tabbathia, Charlie M, Saniel A, Steve P, PVan, Peter H and many more

Data is Data was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

I have been working towards officially establishing MyData Scotland with help from Thomas Presslie, Iain Henderson and others. We recently went through our peer acceptance interview. It got us thinking and talking about what MyData means to us and why we wanted to establish MyData Scotland.

I will share some of those thoughts as well our rough objectives for the hub in the following year.

We are all passionate about MyData but had differing reasons for wanting to form a hub. For Thomas it is more about education and outreach, Iain is interested in running PoCs and attempting to do tangible things to empower people with their data. We have a good balance of differing viewpoints and I believe between us we should be able to form an active, sustainable hub.

We are all concerned about the current state of data management today and believe the time is right for a human-centric approach to data. We want to spread the MyData vision throughout Scotland. By forming MyData Scotland we hope to get people talking about data, about user consent and user control. Not as a means of restricting data flow but enabling more considered and directed flows of data. I think of it as giving citizens another way of expressing their support.

Just like we have the economic power to decide what we spend our money on, I would like to build towards a future where people have data power. We should get to decide where to contribute our data and influence how that data is used. Giving individuals a say could help bring much-needed accountability and transparency to the world of data.

All of us involved in setting up the hub expressed our excitement and optimism over the prospects of the hub. While we are currently in a foundation phase, with few active members there is a clear focus on data in Scotland. Edinburgh is aiming to become the data capital of Europe, they have established a Data-Driven Innovation centre. We believe there needs to be a strong focus on how data is obtained and who is in control of it. Being a part of the MyData community can only be a positive thing if organisations want to show they are taking the current concerns around data seriously.

We want to ensure that within the Scottish data community and beyond there is an open discussion about data ethics, control, privacy and most importantly empowerment. As a hub, we hope to foster collaboration across organisations, there is a huge opportunity for us to work together to build out the human-centric applications of tomorrow.

MyData is a global movement and organisation. The strength of that network is something the Scottish hub can both contribute to and learn from. This is just the beginning.

In line the MyData Global requirements we worked together to outline some objectives for the following year.

Our primary objective is to achieve sustainability. By this I mean hold regular meetings with active MyData Scotland members who share the responsibilities of running a hub. We have a long way to go and recognise that to achieve our other goals we will need more members, we all have time constraints on our effort towards the hub. We need to ensure that effort is maintainable.

To that end our key results are:

• Sign up 20 MyData global members
• Sign up 2 organisations to be part of MyData
• Regularly hold meetings (monthly) with active members to discuss and plan how to move our hub forward

We have a more general objective which is spreading the MyData ideas throughout Scotland. As MyData Scotland we hope to foster discussion and communities throughout Scotland who are interested in the MyData ideas.

Our Key Results are:

• Host a sold-out Data Fest Fringe event
• Host 4 large MyData public engagements with at least two being outside of Edinburgh

There is also more specific MyData action we want to focus on:

• Education, particularly to younger children. Educating them about the risks of the current state of data management.
• Proof of concepts that build on the MyData ideas to create tangible applications empowering people with their data.

I believe the key results of these objectives need to be further refined. However, as what we can achieve depends greatly on who we can get involved I think we should revisit these later.

Our focus currently is on building momentum for the Data Fest fringe event and making arrangements to host the MyData Global general meeting at the same time. Once we have momentum, interest and support we can look to our more ambitious goals.

In a years time, we would like to be a firmly established hub that is well known throughout Scotland. Regularly hosting meetups attended by a diverse variety of interested parties. We want to start a discussion on data and believe everyone should be involved. We hope to have sparked that discussion over the course of the next year.

Then next year things can really get started. Get involved and help us shape the conversation around data. Join us on slack, we have our own channel #hub-scotland. Or just drop us an email — scotland@mydata.org.

Originally published at misterwip.uk.

Establishing MyData Scotland was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.

Authors Michele Nati, PhD and Crt Ahlin

Three months after the enforcement of the EU General Data Protection Regulation (GDPR), we spent 2 hours co-chairing a participatory session on the current state of implementation of the Data Portability Right.

The session was part of a larger track of events at the MyData conference (https://mydata2018.org/programme/), focusing on this fundamental GDPR right and spanning from panels exploring the risks and opportunities of it, to talks covering more technical aspects and currently available tools.

Instead of listening to service providers talk about their implementation of the data portability, the session was intended to make participants talk and share their experience as beneficiaries of such right.

To drive the discussions of the participants who joined us we framed the session around three main questions:

1. Which services are you aware of, which are offering data portability?
2. Have you executed your data portability right? What was your experience?
3. How would your perfect data portability service look like?

Below is the main conclusion of our discussions.

“What we got so far, it’s data portability 1.0.”

All the major social platforms are offering data portability functions. This includes Google Takeouts, Facebook, Twitter, Instagram, Snapchat, Viber and Whatsapp.

Some of these functions were always there or at least since before the GDPR enforcement. Nevertheless, in some case they still remain hidden, unknown to the users, difficult to find.

At the same time, some third party tools have emerged. Synchronos offers a commercial tool and cloud space to save your ported data. Differently from Synchronos, two other projects: the Data Access and Fair&Smart are instead trying to lower the barriers for the users to execute their portability rights, acting as agents helping them to find data portability functions within their services or to fire data portability requests when these tools are not available. When portability requests are satisfied they provide cloud space to host the users ported data.

Beyond the existing landscape, when it was time to evaluate how data portability is currently implemented by the major internet providers, consensus was that these tools are still hidden or not existent and that so far their perceived value, beyond compliance, remains small. From an end-user perspective, portability involves raw data, which are not meaningful, difficult to understand or re-use.

Taking it from there, we asked the participants what the reason could be for such an approach to data portability, from a service provider perspective. Among others, we concluded that data portability, if made too easy, beyond simple compliance, can lead to customer churn. A risk more than an opportunity.

We agreed that we are living in the era of Data Portability 1.0 or more properly data download-ability. As a result, users feel they got control of their data if the can download them, but still they don’t perceive any additional empowerment if they can’t easily re-use them.

“Users now urge to have access to Data Portability 2.0.”

This requires the possibility to seamlessly move their data from one service to another. This shouldn’t only make it easier to onboard users on new competitive services, but rather help in creating a better knowledge of the given subject to other complementary services. This will not only stimulates current businesses to acquire customers from competitors, but rather offer them the opportunity to create enhanced services, identify new markets and make efficient re-use of existing data.

While achieving this requires to first identify new business models around compliant re-use of data for new purposes, from a technology point of view, it requires interoperable interfaces.

This is indeed something that the Google Transfer Project is aiming to build. Open source tools and interface that if implemented, allow businesses to provide data portability in a way that their customers can not only move their data out seamlessly, but also transfer it into another service.

We agree that this could be the main driver for organizations to simplify data portability, not for the sake of making it easier to export the data they have, but rather to import those data that their customers have on other platforms. This way data portability finally becomes an opportunity rather than a threat.

After we understood what the real meaning of data portability should be, we concluded our discussion by exploring what desirable features any Data Portability 2.0 tools should have from a user perspective.

“Data Portability 2.0 must build on simple to understand and simple to use User Interfaces.”

Users demand for interfaces where services from and to which to port their data (including also personal data stores) could be easily selected and connected. A dashboard should allow users to track and record previous data portability requests (IMO DLTs and Personal Data Receipts can indeed play a role here too in order to increase transparency), and in future also allow to manage erasure of data.

But most importantly, Data Portability 2.0 (DP 2.0) should offer granularity. Users should be able to select at the level of single data category, which data to port and where and not only be offered the full bundle of data or nothing.

We hope that this user perspective on data portability will open up new innovation opportunities. If you share the same or different opinions on this topic and are interested in discussing it more, do get in touch with us.

Data Portability 2.0 is yet to come was originally published in MyData Journal on Medium, where people are continuing the conversation by highlighting and responding to this story.