The mass collation of data that we’ve seen recently has not only drawn criticism from privacy campaigners, but also the attention of regulators attempting to strike a balance between organizations wanting to better target and sell to their customers, and consumers worried about losing control of their data and privacy.
It was hard to miss the barrage of emails from companies updating their privacy policies when the General Data Protection Regulation (GDPR) was introduced in May 2018. The fact that most organizations seemed to send out their updated privacy policies a few days before the deadline, indicated that not only had they underestimated the scale of work involved in complying, but also, that they had not considered the GDPR strategically. Between the announcement of the regulation in April 2016 and its implementation in May 2018, most companies were so focussed on compliance – making sure they had the right consent to use their customers’ data, and bolstering their cyber security – that they missed the fundamental opportunities that the GDPR could create. Ultimately, the regulation was designed to give consumers more control over their data by allowing them to access, delete, change, or port it to other organizations. The consequence of this, intended or otherwise, was the potential to facilitate the creation of new products and services, not to mention a whole new economy – the Personal Data Economy.
Open Banking… Open Energy, Open Media, Open Telco?
One sector where we’re already seeing the introduction of new products and services due to regulation (Open Banking and PSD2), is financial services. In fact, Open Banking was a big first step towards wide-scale data sharing by allowing customers to share their current account information securely with third parties.
After initial skepticism and resistance, we’re seeing a wave of innovation powered by Open Banking from both Fintechs and traditional banks. For example, we’ve seen retail banks develop apps that allow their customers to view all their bank accounts – including those with rivals – in one place. We’ve also seen a start-up create an app that compares household bills and cancels unwanted subscriptions, demonstrating that regulation can be a catalyst for innovation.
Could the GDPR also be a catalyst for innovation? What if consumers had greater control over not just their banking data, but alltheir data, in a transparent way? Could this result in Open Energy or Open Telco ecosystems? What if they were interoperable across sectors? What new services could be created?
Safe data sharing
This concept of an individual allowing their personal data to flow safely and securely between multilateral parties has become known as ‘data mobility. This presents a huge opportunity to create personal, social, and economic benefits which are distributed more fairly than current bilateral flows of data. That’s why BT is participating in a cross-sector initiative, devised by Ctrl-Shift, along with British Gas, Barclays, BBC, and Facebook, and facilitated by Digi.me, to better understand the possibility and potential of safe data sharing in a Data Mobility Infrastructure Sandbox. The aim of this is to test hypotheses around data mobility, namely, can it create greater value for consumers than existing data sharing models, and can data be shared safely? The report on the first phase of Sandbox’s research can be found here.
Safe data sharing will be achieved when individuals can confidently and transparently share data whilst retaining their data protection rights. At the same time, organizations need to maximize safety and privacy through technical design and implementation that meets globally agreed standards. Individuals should easily be able to assess the trustworthiness of organizations and revoke permission for them to use their data. The data flow between organizations has to be done in a trusted and lawful manner – one that protects and respects the data protection rights of individuals. Clearly, trust is crucial to safe data sharing, which is why the sandbox is also being observed by third-party specialists including the Centre for Data Ethics and Innovation (CDEI).
In order for this ecosystem to be successful, organizations need to work together. The sandbox highlighted the benefits of being open with each other about our aspirations, as well as our concerns – many corporates may feel uneasy about the prospect of data portability and data mobility. But the reality is that by working together we have the opportunity to create real value for consumers.
The initiative highlighted some fascinating areas where real benefits could materialize. For instance, data mobility could help consumers manage and control their household budget, or even pre-empt well-bring issues enabling earlier intervention. It’s also exciting to imagine all of the new services that we haven’t even thought of yet.
However, there are still some technical challenges around the integration and standardization of technology that need to be solved. Equally, companies will need to communicate the value of their service, articulate how the data is being used, who’s liable if something goes awry and how a consumer can revoke permission to use their data. Finally, this ecosystem hinges on organizations gaining and retaining the trust of consumers.
As Open Banking has shown, regulation can catalyze innovation. The GDPR and subsequent regulations will continue to unsettle incumbents, but, by embracing regulation and finding new ways to innovate, they are just as well placed as new entrants to invent products and services that generate even more value for their customers.