Close ☰
Menu ☰

Personal Data Portability – Keys to the car. But no highway code, no driving lessons, and no road map

Posted on: Monday 10th of December 2018

Fuelled by the ubiquity of personal digital devices and, increasingly the Internet of Things, the growth in personal data is explosive.  The scope and scale of this personal data revolution mean that the intelligent use of the data can offer an unprecedented new opportunity for business growth, consumer value, and public good in a fast-evolving digital economy.

To date, however, the bulk of personal data has been locked in organisational silos where only a single organisation can access it – limiting the scope of what the data can be used for, and by whom.  Guarding data jealously, organisations have learned to see exclusive access to the personal data they collect as a key strategic asset and source of competitive advantage.

Since the GDPR legislation came into force this year, personal data portability has become law in Europe.  This means that all organisations holding personal data are legally obliged to provide, on demand, an electronic copy of the data, to the individual it concerns, or to any third party they nominate.  Unshackling personal data in this way, with open consented access, is a vital step towards the realisation of entirely new levels of innovation, productivity and competition.

With the GDPR, on 25th May 2018, the keys to a powerful new vehicle were very publicly removed from the corporate vault and placed somewhat apprehensively on the counter.  But who will pick them up?  And why?

By enshrining personal data portability rights of the individual, the GDPR has created a firm legal basis for wider economic and societal use of personal data.  But what it does not do is create the structures to enable the safe and easy sharing of personal data or, therefore, value generation.  What’s more, the lack of a secure environment to share data opens up major new hazards.

As things stand, there are no mechanisms to protect users who chose to exercise their new rights to personal data portability.  Neither does the GDPR do much to protect the data controllers (currently, the organisations that have collected the personal data) when data portability goes wrong or gets abused.  In the absence of a safe and secure environment for the sharing of personal data, the new rights that individuals have over their personal data introduce serious risks both them and the organisations with which they interact.

The recent Cambridge Analytica debacle starkly illustrates the kind of ‘pile-up’ that can happen when users transfer their data from one company to another without a clear understanding of the purpose and consequences.

Rookie drivers of the new data portability vehicle are setting off without a highway code, or the protection of its enforcement.

As if these risks, and the user reticence they engender, weren’t enough to throttle progress, there’s the more fundamental issue of motivation.  One’s reminded of the old chestnut: if, a hundred years ago, you’d asked someone who had never seen a car what would improve their journey, the answer might well be ‘a faster horse’.

Consumers lack know-how and understanding of the digital market, and have limited knowledge about their data, how it is used, or how they could use it.  Because of this, and because of the innate fear of unknown risk and responsibility, there is a limited appreciation of the value to be gained from new personal-data-enabled digital services.

Unsurprisingly, ignorance of the vehicle’s capabilities, and the absence of driving instructions, means that demand is sparse and incoherent. 

Patchy demand makes it all the more difficult for organisations (both incumbents and new entrants) to build convincing business cases for innovative new services, particularly as those business cases must, today factor-in scaling the barriers of safe data sharing and security, and inadequate interoperability and infrastructure.

Consumers and businesses alike are stuck in the slow lane of data portability, held up by roadworks, and lacking a compelling roadmap to new destinations.

Clearly, a new strategic initiative is needed to avert gridlock, and to get the economic wheels rolling.

A recent Ctrl-Shift global study, commissioned by UK Government, focuses on a vision for personal Data Mobility that goes far beyond data portability as specified by the GDPR – to unlock the greater economic potential of personal data.

The Ctrl-Shift study has, for the first time, codified the core issues that lie at the heart of the complex web of challenges to personal data mobility.  These encompass standards and infrastructure, new services and applications, consumer know-how, and adaptive regulation.

Untangling these complex interdependencies clears the path for coordinated action by industry, consumers and Government towards the delivery of a data mobile future – removing roadblocks, reducing friction and accelerating adoption.

David Pickering is a Director at Ctrl-Shift, the business innovation consultancy that specialises in the strategic value of trusted personal data. 

Ctrl-Shift helps organisations realise the unprecedented growth opportunity in personal data by creating strategic, sustainable and practical solutions that deliver new value in peoples’ lives.