Personal Data Portability; Key Elements No Direction

Fuelled by the ubiquity of personal digital devices and, increasingly the Internet of Things, the growth in personal data is explosive.  The scope and scale of this personal data revolution mean that the intelligent use of the data can offer an unprecedented new opportunity for business growth, consumer value, and public good in a fast-evolving digital economy.

To date, however, the bulk of personal data has been locked in organizational silos where only a single organization can access it – limiting the scope of what the data can be used for, and by whom.  Guarding data jealously, organizations have learned to see exclusive access to the personal data they collect as a key strategic asset and source of competitive advantage.

Since the GDPR legislation came into force this year, personal data portability has become law in Europe.  This means that all organizations holding personal data are legally obliged to provide, on demand, an electronic copy of the data, to the individual it concerns, or to any third party they nominate.  Unshackling personal data in this way, with open consented access, is a vital step toward the realization of entirely new levels of innovation, productivity, and competition.

With the GDPR, on 25th May 2018, the keys to a powerful new vehicle were very publicly removed from the corporate vault and placed somewhat apprehensively on the counter.  But who will pick them up?  And why?

By enshrining personal data portability rights of the individual, the GDPR has created a firm legal basis for wider economic and societal use of personal data.  But what it does not do is create the structures to enable the safe and easy sharing of personal data or, therefore, value generation.  What’s more, the lack of a secure environment to share data opens up major new hazards.

As things stand, there are no mechanisms to protect users who chose to exercise their new rights to personal data portability.  Neither does the GDPR do much to protect the data controllers (currently, the organizations that have collected the personal data) when data portability goes wrong or gets abused.  In the absence of a safe and secure environment for the sharing of personal data, the new rights that individuals have over their personal data introduce serious risks to both them and the organizations with which they interact.

The recent Cambridge Analytica debacle starkly illustrates the kind of ‘pile-up’ that can happen when users transfer their data from one company to another without a clear understanding of the purpose and consequences.

Rookie drivers of the new data portability vehicle are setting off without a highway code, or the protection of its enforcement.

As if these risks, and the user reticence they engender, weren’t enough to throttle progress, there’s the more fundamental issue of motivation.  One’s reminded of the old chestnut: if, a hundred years ago, you’d asked someone who had never seen a car what would improve their journey, the answer might well be a faster horse’.

Consumers lack know-how and understanding of the digital market and have limited knowledge about their data, how it is used, or how they could use it.  Because of this, and because of the innate fear of unknown risk and responsibility, there is a limited appreciation of the value to be gained from new personal-data-enabled digital services.

Unsurprisingly, ignorance of the vehicle’s capabilities, and the absence of driving instructions, means that demand is sparse and incoherent. 

Patchy demand makes it all the more difficult for organizations (both incumbents and new entrants) to build convincing business cases for innovative new services, particularly as those business cases must, today factor in scaling the barriers of safe data sharing and security, and inadequate interoperability and infrastructure.

Consumers and businesses alike are stuck in the slow lane of data portability, held up by roadworks, and lacking a compelling roadmap to new destinations.

Clearly, a new strategic initiative is needed to avert gridlock and get the economic wheels rolling.

A recent Ctrl-Shift global study https://www.ctrl-shift.co.uk/reports/DCMS_Ctrl-Shift_Data_mobility_report_summary.pdf, commissioned by UK Government, focuses on a vision for personal Data Mobility that goes far beyond data portability as specified by the GDPR – to unlock the greater economic potential of personal data.

The Ctrl-Shift study has, for the first time, codified the core issues that lie at the heart of the complex web of challenges to personal data mobility.  These encompass standards and infrastructure, new services and applications, consumer know-how, and adaptive regulation.

Untangling these complex interdependencies clears the path for coordinated action by industry, consumers, and Government toward the delivery of a data mobile future – removing roadblocks, reducing friction, and accelerating adoption.