Why so much debate about personal data misses the point
Ten years ago, when we were setting up Mydex we published a White Paper — The Case for Information Empowerment the rise of Personal Data Stores — which set out our raison d’etre and vision. A lot has happened since then: the rise of the Silicon Valley giants, the Snowden affair, a love affair with ‘Big Data’, the new European General Data Protection Regulations (GDPR), the Cambridge Analytica scandal — and all the while the issue of personal data has been rising further and further up the economic, social and political agenda.
Looking back at that White Paper there is very little we would change. But there’s a lot that we have learned — learnings we’ll share with you over the next four or five blogs.
One of our biggest learnings is that there is (in our opinion) widespread misunderstanding and confusion about the nature of ‘the problem’ of personal data and therefore what appropriate solutions might look like.
The dominant mindset today reflects a status quo that is overwhelmingly organisation-centric. That is, it is simply assumed that the entities collecting and using data are (mainly large) organisations and therefore:
- any problems that arise, arise because of these organisations’ policies and practices
- The solution lies in changing or reforming these organisations’ policies and practices
This is true, but only to a degree. The real problem in today’s digital economy goes much deeper. It’s structural, arising from the very fact that the only entities collecting and using individuals’ data are large organisations. Which means that individuals cannot access their data or use it for their own purposes. And that these individuals’ data is dispersed around a range of different organisational silos, making it well-nigh impossible for individuals to build a rounded, complete set of data about their lives and restricts their ability to get things done through increased effort, friction and duplication.
This structural flaw:
- Builds extreme imbalances of power and opportunity into the very way the digital economy works, making the abuses that follow almost inevitable.
- Massively restricts who can use individuals’ data and what they can use this data for, therefore acting as a significant break on innovation and value creation.
- Reduces individuals (citizens, consumers) to a role of ‘data subjects’ (as GDPR calls them) rather than providing them agency, empowering them to participate fully in the emerging digital.
- The resulting abuses and sense of unfairness is creating a debilitating crisis of trust.
In short, today’s organisation-centric status quo is bad for individuals, for the economy, and for the long-term health of an information age society. It’s even bad for the organisations who believe they are benefitting from this status quo.
Other widespread assumptions only serve to reinforce this restrictive status quo. There are those, for example, who see today’s personal data issues from the consumer perspective, arguing that consumers need to be informed, educated to take action to protect themselves and assert their rights. The problem with this approach is that it simply re-creates the organisation-centric assumption, focusing on consumers/citizens being educated about what organisations do with their data and asserting their rights in relation to what these companies do. In this way, this ‘consumerist’ approach to personal data helps keep the idea of empowering individuals with their own data off the agenda.
There are also those who see today’s personal data issues as a market problem. They argue that the scale, power and reach of Silicon Valley giants like Google and Facebook has grown so extreme that the market as a whole is now dangerously out of balance, and has resulted in excessive concentrations of data power. So what we need to do, they suggest, is to break up the new monopolies and reinstate healthy competition. Which may be an excellent idea, but for one thing. It also assumes that the healthy competition will be between organisations collecting and using individuals’ data and does nothing to positively individuals with their own data.
Now, of course we are not against organisations adopting and implementing the right personal data policies — policies that focus on genuine value creation via trustworthy processes and practices. And of course we think educating consumers and helping them assert their rights is a good idea. And of course we think excessive imbalances in the market need to be addressed.
But we are also very clear that even if all these good things happened, the fundamental structural flaw at the heart of today’s digital economy would remain unchanged.
Providing individuals with a personal data store — a data service that makes it really easy and safe for individuals to collect, store, share and use their own data for their own purposes:
- builds checks and balances into the way the personal data ecosystem operates via a ‘separation of powers’ between individuals and organisations
- enables individuals to use their own data for their own purposes — i.e. the creation of new services provided by new service providers, as well asorganisations continuing to use data to provide existing services. It therefore has the potential to turbocharge innovation and economic growth
- Gives individuals genuine control over their own data, thereby helping to restore a climate of trust.
But the key point is this. If we misunderstand the nature of the problem we are dealing, it’s almost impossible for us to alight on the right solution. Solutions which focus on changing organisations’ policies, educating consumers and correcting market imbalances are all dealing with the symptoms of the underlying structural flaw at the heart of today’s digital economy.
To make progress we have to address this structural flaw at root, by empowering individuals with their own data. Nothing else will do.
That is why, ten years on, Mydex’s mission and purpose is even more relevant and important than it was back then.
David Alexander FRSA | F.APS
CEO | Platform Architect | Co-Founder | CISO