Posted on: Tuesday 9th of October 2012
Just back from the World Economic Forum workshop in Brussels on ‘Unlocking the Value of Personal Data: Balancing Growth and Protection’.
The gist of WEF’s argument goes like this. Personal data is emerging as a hugely valuable economic asset – ‘the new oil’. Just like oil, if the value of this asset is to be realized it needs to flow, not remain stuck where it was created. If personal data is flow, there must be trust and that means treating individuals less as passive data ‘subjects’ – the subject of organisations’ data gathering activities – and more as active participants exercising more control over how their data is used and sharing in the some of the economic benefits.
My particular contribution was to suggest the very title of the workshop might be misleading. The massive potential of Personal Information Management Services (PIMS) means that really, we should be talking about ‘Unleashing growth via protection’. That comes from Ctrl-Shift’s own analysis of the situation, which is slightly different to WEF’s (see footnote below).
But, for the moment at least, we’re all focused on the same things: the need for robust, workable trust frameworks and the infrastructure, business models and processes needed to help individuals assert more control and share the benefits.
This particular workshop – attended by an impressive mix or European and national regulators, businesses, personal data innovators and privacy activists – wrestled with a number of thorny issues which have to be resolved if a workable ‘trust framework’ for permission-based sharing of personal data is to emerge.
Some of the ‘biggies’ include:
- Trust frameworks that recognize individuals’ roles as both consumers and producers of information.
- Issues relating to shared rights: if I buy something from a retailer, we both have rights to the record of that transaction. What are our relative rights to the use of this information?
- The critical importance of context. ‘One size fits all’ rules tend to founder on the fact that the same piece of data means different things with different implications depending on who is going to use it for what purposes.
- This means issues relating to consent and to notice (organisations explaining clearly and simply what they intend to do with the data) need revisiting. Current approaches to consent which, for example, deem a consumer’s consent to certain data practices by the mere fact that they are using a web site, are not tenable. Ultimately consent has to be a personal setting (limited of course by law). But establishing easy-to-use processes for consent or privacy as a personal setting remains a challenge.
Most important take out for me was the palpable shift in organisations’ thinking over the last two to three years – from a basic assumption that ‘the data is ours, hands off!’ to a new realization that it’s actually better for everybody if individuals have more control over and get demonstrable value from the data sharing process. That doesn’t mean we’re out of the woods yet. But it does mean we are travelling in the right direction.
The workshop also began to address the economic case. Here, WEF has recognised the need to build a better evidence base for the economic and social potential of permission-based data sharing.
WEF identifies the main status quo benefits for companies as cost efficiencies, revenue gains and prevention. There’s the social value of epidemiological data (e.g. for heatlh and disaster relief). For individuals there is the ‘consumer surplus’ generated by personalization of services and realizing the monetary value of personal data (though in my view that isn’t really happening yet).
Looking to the future it identifies the value of ‘shared data commons’, of new data-based products and services, better identification and authorization processes, of VPI (Volunteered Personal Information) and VRM (i.e. Vendor Relationship Management) services.
The big challenge is to put numbers to these opportunities. We’ve made a start with our estimate of the value of VPI in the UK over the next ten years. But, on both fronts, of trust frameworks and evidence there’s an awful lot more to do!
Footnote on key drivers
WEF’s starting point is the status quo: the potential value of personal data to organizations and society as a whole. In contrast, our starting point is underlying drivers of change – the plummeting costs of information processing which means that, inexorably, what was once the privilege of the very rich (the ability to gather and use information as a tool in your own hands) is becoming democratized.
Once this happens, individuals become ‘data factories’ in their own right, generating new, previously unavailable, data – what we call Volunteered Personal Information – which has the potential to act like the yeast in the dough: transforming. That is why we are so interested in personal data stores and PIMS – because we see them as inevitable catalysts of change.
That’s not the same as enabling the sharing of data that organizations have already collected. But for the moment it doesn’t really matter. Either way, we still need robust trust frameworks and the infrastructure needed for permission-based information sharing.