A wide range of issues - from the proliferation of data breaches, scams, and increased fraud & identity theft, to growing concerns about the balance of power and value creation - continue to focus public and private sector minds on personal data.
There are two main questions at the heart of the data debate which are inherently linked:
- Why do organisations persist with the over collection of personal data; and
- What do viable alternatives look like?
If we put aside the collection of data for regulated services with Know Your Customer (KYC) requirements, it seems that in many instances it’s simply force of habit, and an apparent lack of viable alternatives. Of course, there’s the well-worn practice of monetising personal data too, but thankfully that is slowly and surely being challenged by a combination of regulation and consumer action. So, what are the alternatives?
An initiative in Europe - the International Data Spaces Association (IDSA)- is making significant inroads answering this question.
Sovereign Data Sharing
The work of the IDSA is set against the backdrop of the European Data Governance Act (DGA) which seeks to “facilitate data sharing across sectors and EU countries, in order to leverage the potential of data for the benefit of EU citizens and businesses”. Using the DGA as a springboard, the IDSA is very practically focused on implementation.
Through a series of workshops, the IDSA is creating soft infrastructure to ensure that “people and businesses have the ability to set the rules that put them back in control of their own data”. This soft infrastructure consists of “the rules of data exchange and the ability to certify the identity of your partners in a data space”. Importantly, personal data spaces put the users’ needs at the core of the design and prioritise convenience and privacy. And squarely focused on usability and implementation, semantic interoperability is front of mind for the IDSA.
At the recent Data Space Symposium, organisations that have been awarded MyData Operator status were recognised as champions of this rapidly emerging space. The MyData Award is the “gold standard for ethical use and sharing of personal data” and Meeco is pleased to have been awarded for the fourth year in a row. Congratulations to the other awardees!
As well as establishing the groundwork for the creation of data spaces, the DGA outlines a new category of service provider – a Data Intermediary – that has a fiduciary duty to act in the interests of data subjects. The Data Intermediary will enable Data Holders (such as financial institutions) and a Data using Service (for example an insurance provider) to engage in the compliant exchange of data, always acting in the best interest of the data subject (customer/citizen).
The DGA provides a set of rules for data intermediation which Meeco is implementing. Let us know if you you’d like to discuss how we can help your enterprise benefit from data intermediary services.
Privacy by Design
Going beyond the EU, the DGA’s approach endorses Privacy by Design (PbD) principles which have been central to Meeco’s ethos from the start and which also now form the basis of a new ISO standard. Released in February this year, ISO 31700 “establishes high-level requirements for privacy by design to protect privacy throughout the lifecycle of a consumer product, including data processed by the consumer”.
Credited with the creation of Privacy by Design, Dr Ann Cavoukian discusses the importance of this new standard with Meeco’s Founder and CEO Katryna Dow in a Ubisecure podcast. Listen in for practical guidance on how this standard and Privacy by Design more generally can help enterprises protect their customers’ personal data and comply with data protection regulations.
Trustworthy Digital Society
Echoing this concept of ethical use, in Australia UNSW Sydney and the University of Technology Sydney have launched the Trustworthy Digital Society Hub designed to lead research and insights in citizen-centric digital platforms.
The Hub, which is led by former NSW government minister Victor Dominello (pioneer of NSW digital ID) is specifically aimed at “supporting individuals, businesses and governments seeking to build a trustworthy digital society”.
The focus is very much aligned to the objectives of the EU Data Governance Act and the IDSA:
Get in touch if you’d like to discuss viable alternatives to collecting personal data. In addition to improving your customers’ experience, you’ll lower compliance costs and reduce your risk of exposure to data breaches.