Philip Sheldrake 3 January 2018 at 15:05
To: Oxymoron? I wonder, is "personal data company" an oxymoron? It isn't if I abdicate domain over my personal data to a company that seeks to monetize the application of its platform to 'my' personal data. It is if we consider "personal data" in the same vein as self-sovereign technology, for how can the technology in question be both self-sovereign and not? It's an oxymoron if, as Floridi [2005] puts it, “you are your information”, with “no difference between one’s informational sphere and one’s personal identity.” Personal data management / stores There are hundreds of personal data store projects. A store “collates, curates, and mediates access to an individual’s personal data by verified and audited third party applications and services.” (ref.) I believe such projects are pursuing a dead end. Value flows when data flows and combines. Static, uncombined facsimile is then redundant. And facsimile will by definition never be master. We do not need personal data stores but rather insight into where personal data is flowing and for what purposes, requiring an interface into and onto the flows and corresponding permissions. ... At least that's a core focus for my work this year. The open ecosystem map Doc, you are right to refer to the map's goal as broad, but then the sociotechnical mix supporting or denying personal agency is broad. A taxonomy is easily applied. We did not wish to develop one fait accompli when we pulled this together, but would rather respond, as now, when the need arises. If you want a "personal data" tag, or indeed greater granularity within that category, we can turn that round in a day or two. Just let me know :-) Cheers. _ From: Julian Ranger Philip, Addressing your two points (acknowledging that my business digi.me does both of the things I highlight below): Personal data company an oxymoron – perhaps if company holds your data for you, not if they enable you to own, hold and control your data yourself on your own infrastructure.
If data was simply stored then no value flows you are correct. The purpose of you owning your data is for you to have the best picture of you which you can use yourself AND which you can share with others with your consent (and they’ll ask you because you have the best, most accurate information about you – and because its the right thing to do) Cheers, Jules Julian Ranger
Founder & Chairman, digi.me _ From: T.Rob Hi Philip, I wholeheartedly agree with the second part, vehemently object to the first. The two things are not mutually exclusive and both have value. It is impossible today to move about in the developed world without leaving a digital footprint either in the purely digital space (social media activity for example) or by observation of our activities in physical space (GPS, face/gait detection, biometric, LPRS, etc.). We *absolutely* need to get better at knowing where this data goes and how it is used for and against us. I’m thrilled that someone is working on this and that it is your core focus. But we need personal data stores, and I submit to you that we always have. My mom still has drawings I gave her 50 years ago. Most of us have a file cabinet or ten full of personal records. This stuff isn’t going away but as long as it remains constrained to paper it also isn’t getting much more useful to us. Scanning it to PDF improves the storage, search, and retrieval situation but doesn’t make relationships between the data available. The areas in which we are seeing the most benefit of personal data are the ones born digital. Fitness trackers present our data back to us in a pretty UI, but they also give us transactional line item data as well. We can further benefit from data relationships between the fitness tracker and other things by pushing that data through IFTTT. Services like Mint give us all our financial accounts under a single pane of glass. We are using more and more of our own personal data to our own personal benefit. But what to do when Google shuts down Revolv home automation, Health, and PowerMeter? Toss it all in the landfill and start over with new IoT devices? Vow to buy only from startups who can’t afford to casually shutter a product but nonetheless have a high failure rate? Painstakingly port our data to a new and incompatible data store? Throw our hands up in exasperation and claim we don’t need personal data stores? If the latter, is that really because we don’t need them, or is it because they aren’t yet reliable enough to depend on them? The actual business requirement of the personal data store is to deliver stability, longevity, and continuity of functions we already rely on that are underpinned by personal data. Sovereignty and in some cases physical custody are merely implementation details. That we often talk of them as the end and not the means is probably somewhat detrimental to our cause and I suspect often at the heart of claims that personal data stores are not needed. Similarly, focusing on the things personal data makes possible in the future can be detrimental. The requirement for personal data stores isn’t about inventing new and magical unicorns but rather it’s about making the functionality we already have reliable enough to depend on as users and to build on as innovators. That’s not as exciting as unicorns but it’s the business driver we have and seems, at least to me, to be clearly needed. – T.Rob
T.Robert Wyatt, Managing partner
IoPT Consulting, LLC _ From: Paul F Fraser Hi, I have been working on a project for 10 years+ which I initially called a "Personal Data Locker". I found over that period that peoples eyes glaze over when you use the term and they are not interested. The same is probably the case for VRM and Customertech terminology, although Customertech is much closer to the mark. GDPR, a similar problem, could possibly become similar to the "Click Through" situation with terms and conditions and security warnings. Some suggestions from UX people require a user to respond to many questions during a web session about GDPR matters. Most should, but in general, do not care! The conclusion I have come to is you need to talk about advantages, and meeting the needs of an unsophisticated user. Keep the complications away from the user. Some background on my project is available in a couple of Medium articles I have published. https://twitter.com/qnenet/status/947580369779548160
https://twitter.com/qnenet/status/947579015031869442
Regards Paul Fraser _ From: Adrian Gropper T.Rob, I agree with everything you say but I also think Philip's position is much closer to what we need. Personal data stores, whether they are operated by a service provider like Amazon or built from source hardware and software hosted in my closet, depend on standards to be substitutable and to migrate over a lifetime. That means that the protocols such as UMA and DID are much more important than the instances that implement the protocols. Companies that want to originate, process, or store my personal data must all support the protocols for connecting to my authorization server(s) wherever I choose to host them. The HIE of One project is one example of the self-sovereign protocol stack that fits Philip's vision by combining UMA and DID. There may be other protocol stacks that are essential to self-sovereignty or alternatives to UMA and DID but I haven't found any yet. Adrian _ From: T.Rob Hi Adrian, Perhaps it is. I was just making the case that the two things are not mutually exclusive, as “we do not need personal data stores” might suggest. And I think we are actually on the same page since all the examples you provide below are personal data stores. That we absolutely need a personal data store is a foundational premise of HIE of One, after all. You mention interoperability and lifetime durability, both of which are on my list of requirements. Part of the disconnect may be my focus on selling into large enterprises the idea that the customer data they have is valuable to their customers. That discussion is not at all about protocols and almost entirely making the case that “we need personal data stores.” For example, I did some work with a large grocery chain whose multi-million dollar “digital customer” initiative was mostly about getting coupons in front of the customer and had no provision to give the customer greater access to their own data. Perhaps this group sees the nuance in the phrase but in my consulting “we do not need personal data stores” is the very thing I’m working so hard to disprove. – T.Rob _ From: Doc I’ve added Jeremie Miller to the CCs, in case he’s not tuned in to the list here. Jeremie, who brought the world Jabber and XMPP, had a thing called the Locker Project, which (as you can see on github https://github.com/quartzjer/Locker) has been idle for awhile. Way ahead of its time. But a crew of first-rate and right-thinking hackers were behind it, and may have some constructive things to offer here. Closer, but nowhere if nobody talks about it. FWIW, people still talk about VRM. Not in a huge way, but more than customertech, or any of the other labels we’ve come up with. My assumption right now that, unless a fix is found, is that the GDPR will in effect require an agreement gauntlet for users to pass through when entering every website in the EU, and perhaps the world (since the GDPR protects EU citizens everywhere they go). I’m thinking something like the current “This site uses cookies…” banners, only much worse. Do I have that wrong? Either way, it’s not a certainty—not if the sites agree to OUR terms, rather than us to theirs. That’s the fix we’ve already found. We just need to bring it into the world. This is more than just thinkable. It is totally do-able. And making it happen is focusing all my energies until it does. How about getting those insights from apps (or whatever) that manage personal data? There are dozens of developers on this list offering (or at least supporting) that, or something like it. (I’ll let them step up rather than calling them out.) _ From: Adrian I understand that you're using "we need personal data stores" as a metaphor for enterprises but I still think it's fraught as an approach because enterprises (including in healthcare) will balk at the loss of provenance and engineers will balk at the loss of selective streaming (random access) when data is unnecessarily copied from the source to some online proxy. Furthermore, and this gets to some of the comments about GDPR implementations, enterprises will unfortunately balk at recognizing a person'a right to a self-sovereign authorization server because the enterprise does not want to have to "ask for authorization" each time they use data internally. Introducing UMA makes it relatively easy to eliminate _prior consent_ and insist on _contemporaneous authorization_ for all data uses, not just sharing. This gets tangled up in definitions of controller vs. processor when the only controller is self-sovereign, or at least fiduciary, to the human subject. Regardless of how we "sell it", the key to the self-sovereign protocol stack is a standardized self-sovereign authorization server. To Doc's question, I have no idea if JLINC is essential to self-sovereignty or not and I don't know if it's on a standards track already. Adrian _ From: David Alexander Wise words from T. Rob At the most basic level the simple right of an individual to receive, collect, organise, store and redistribute the data about their lives and be an active participant is no different than many other forms of asset and memory management that we all accept are needed, photos, money, memories, physical assets and personal records. The only person interested in your whole life for your whole life is you. Having the ability to manage the data that underpins it is a basic right. Phil I hope the right of individual to determine what they need and want is something you can accept Mydex CIC was created to protect those rights and provide a secure person centred solution for every person who wants one with no consequence except empowerment, freedom, choice and independence Regards David Alexander FRSA | F.APS
CEO | Platform Architect | Co-Founder | CISO
MYDEX CIC _ From: Iain Henderson Yes, for me your point below [Doc] is key right now. You are right, that’s what’s going to happen. The quote below from a recent JLINC white paper spells that out in no uncertain terms. Organisations, by default, can only fix this from their own perspective, and with the tools available. We badly need to have user submitted terms to point to as an alternate model, and have almost no time now to make that happen. So we will undoubtedly get the ‘car crash’ referred to below, and can only hope to be part of the cure for that post May 25. _ From: Tony Fish I should probably have said personal data companies that are probably involved in one or more of the following : Creating data about you, collecting/ collating data about you, receiving/ passing on data about you, storing your data, help you to organise your data, provide tools for the analysis of your data, providing consent control or the ability to distribute your data. One aspect still outside of much of GDPR thinking is that you can only get back the data given by you or public data gathered. Companies can still hold on to the analysis of your data and what that data tells them about you - and indeed the entire law is yet to be tested in court. @tonyfish _ From: Philip Sheldrake I’d like to explain what I mean in a little more detail, if only to try and explain it to myself :-) Actually, it’s not a short email. Apologies. I hope it repays any attention you might give it. And if it teaches anyone here to suck eggs (is that international English?!), please read it as me laying out my own thinking rather than being patronizing. WHAT IS DATA? The GDPR is not the only context in which data and information are confused for synonyms. The regulation defines personal data as “any information relating to …” And for our purposes here (but not in all related matters I think) the distinction between the two doesn’t much help push things forward, so I will use them synonymously. Bateson noted that information is a difference that makes a difference (1972). This is then recursive – the difference made is information. This quality has no pre-digital precedent. Nor does the fact that it can be replicated almost instantly at effectively zero incremental cost. We should then be really wary of thinking in terms of non-digital analogies. And yet that’s our default mode … our computing paradigm contains such concepts as files, folders, and desktops when none of these was otherwise ordained. References to file cabinets and (physical?) personal records in this thread here, and indeed the analogical rather than merely metaphorical use of lexicon such as stores and lockers betrays the irresistibility of this mode of thinking. WHAT IS PERSONAL DATA? The following statement exemplifies two significant problems of personal data: “You used 400kWh of electricity last month.” The first problem relates to the pronoun; is that you Alice, or you Alice’s household? Much data we consider personal is actually data we share with others, merely reflecting our social nature. Your lunch appointment is data shared with your lunch companion. Mortgage payments may be shared with a spouse. Some rights over a video you’re in may be shared with others featured similarly. It might be your bus journey but the bus company will want to know how many are aboard for its ongoing capacity planning. It might be your immunization, but those responsible for public health will want to ascertain herd immunity. It might then be more accurate to talk of personally and socially material data. The second problem relates to the datapoint insomuch as it’s unclear exactly what anyone might do with it; for the example of household energy use, perhaps one might compare it to the previous month or the same month in previous years if the seasons have any bearing on energy use. Even when a difference is determined, is this a change in household energy efficiency, or the weather, or your weekly schedule? Personal data must be allowed to breathe for it to be of most value to the individual and society, by which I mean (a) the context of similar datasets is needed for the useful transformation of personal data into personal information to assist Alice’s comprehension and sense-making, and (b) there may be societal value in Alice’s data aiding our collective comprehension and sense-making of populations, whilst preserving personal privacy. WHAT IS THE QUESTION? We’re not grappling here with a question of personal data storage. Or VRM in fact. But rather, as Doc observes, personal agency. Personal data – our relationship to and domain over it (if we don’t yet regard it as part and parcel of ourselves), and its availability to others – is a core component of agency today. It sufficed for a time to define privacy as “the right to be let alone” (Warren and Brandeis, 1890). It endured for as long as it seemed that any individual might maintain some detachment from society’s gaze, an isolation constructed and construed from spatial and physical concepts by which one’s aloneness might be adjudged. My home. My room. My books. My letters. My car. My body and my personal space. Then new media added new dimensions for information flow and the ‘space’ was no longer so readily perceivable. This systemic change has catalyzed deep and wide interest in defining privacy if only so we might articulate how it is altered by new technologies and applications, how it might or should be degraded, protected, or enhanced, and how we might qualify and substantiate any change as for better or worse. Given that “personal” data isn’t so personal in every respect, and that spatial concepts fall very short of serving us well, the question is more generic: how do we enhance personal agency (or at least return it to pre-digital levels, if the two can be equated)? Agency is unevenly distributed and tricky to quantify. I find I work mostly in terms of heuristics and relativity. This thread contains phrases such as “owning your data”, “physical custody”, and “physical assets”. These are I think presuming ownership to be an appropriately portable concept too. It is not, imho, as you will detect from my general suspicion of the application of pre-digital concepts. Agency is the locus here, under which privacy. But not ownership per se. Ownership is a #f00 herring. SELF-SOVEREIGN TECHNOLOGY Several of you here attended the April 2016 Internet Identity Workshop, with its focus on self-sovereign technology. Adrian shared his notes with me, here fyi (the “self-“ prefix was a later addition). When I’m asked for a short explanation, I describe self-sovereign tech as: - Executable: stores and asserts the owner’s policies - Extensible: across all roles in / facets of life - Expressive: ‘talks the same language’ as the person it serves / represents (/ is) - Extricable: not reliant on any specific third party for its operation. Adrian is spot on, imho, when he observes “Companies that want to originate, process, or store my personal data must all support the protocols for connecting to my authorization server(s) wherever I choose to host them.” WE DO NOT NEED PERSONAL DATA STORES Clarification: I’m talking here in terms of the GDPR’s regard for personal data, ie, data disclosed and created in relationships with organizations. I think we can look at this in terms of business as normal, and disruption. For the first of these, Adrian again: “enterprises (including in healthcare) will balk at the loss of provenance.” Quite right. As in fact we all should. As I noted in my first email in this thread, a facsimile will always be nothing but a facsimile. The question of disruption rightly cropped up (T.Rob). And in this respect, I tend to qualify my assertion … we do not need personal data stores for much for too long. The “for much” is the discontinuation of a service. Given that firms increasingly value their reputation, viable businesses choosing to discontinue a service do so gracefully; customers are offered the facility to download a copy of their data. When firms go bust, receivers move in. As more firms just sit on AWS or GCloud or Azure of similar, receivers may be instructed to provide this facility (I don’t believe this is covered by the GDPR?) Nevertheless, there will remain some instances where such recovery is impossible. By “for too long” then I refer to the reliance on a data store to maintain a facsimile for just such an outcome. This won’t be the only technical resolution to this challenge in future (part of my research). Besides, if it’s hard to persuade the public to adopt personal data store services generally, then it will be harder still for just this limited application … WHAT IS A “PERSONAL DATA COMPANY”? The first party is the customer. The second party is the vendor. The third party is vendor-driven, and on the vendor’s side. The fourth party is customer-driven, and on the customer’s side. There is a reason most every “personal data company” is a third rather than fourth party … the first party won’t pay for it. Paul provided very telling testament here. “I found over that period that peoples eyes glaze over when you use the term and they are not interested.” A fourth party is sovereign and agentic in ways the business model of any third party simply precludes. OURTECH The next three paragraphs summarize part of a previous post to this list (13 Oct 2017) … Their tech is, obviously, out of our control. As we’ve seen, there’s no reason to trust it and every reason not to. My tech is the form that many reactions to their tech take, but it soon becomes apparent that its usefulness is very limited. Ourtech entails us coming together as we each determine for our shared benefit. Under our direct / sovereign supervision. Interoperable. Personal. Mutual. Co-operative. Trusted. Second and third parties offer their tech. The (future) fourth party will be ourtech. Interestingly etymologically, I suggest that fourth party technology is self-sovereign technology and will only be conceived as ourtech. It will be distributed. It will be co-operative. And it’s core to the Digital Life Collective’s mission. My co-member Joachim Stroh describes it with this diagram. ... I’ve written enough here! There is no proof per se, just ideas. Needless to say, the more co-operation the more progress the more co-operation the more progress … If you have any questions about joining our co-operative, please do ask me or Adrian. Best regards, Philip.