This event, as all present agreed, broke new ground in the conversation about how a world of open, free-flowing data might be structured, and threw up many more questions than answers! The verdict: much more work is needed to ensure the UK seizes the opportunities of data.
To kick off, Liz Brandt, of Ctrl-Shift outlined her report, ‘Data Mobility, the personal data portability growth opportunity‘, commissioned by DCMS and based on in-depth market research and economic analysis. Currently, most personal data is held in private company silos; it is exchanged between companies, often without the consent of the consumer. The GDPR alters this situation by making consumer consent mandatory, but still mainly envisages simple bilateral data shifts from company A to company B. It does not provide structure for secure data sharing and we cannot expect consumers to shoulder the burden of managing myriad consents.
What we must aim for, to make the most of the economic opportunities of data, is an ecosystem where data is shared much more widely, still with the consumer as consent giver, but with a ‘data facilitator’ as manager in the centre of a data-sharing infrastructure. To allow this to happen we will need to design such an infrastructure, its standards, its governance and use adaptive regulation both to maximise the opportunities for business and to ensure the interests of consumers are protected.
The report outlines 18 key challenges and 5 core issues: infrastructure and standards, business care, adaptive regulation, consumer know-how and consumer products and applications.
It then recommends that the UK create a Personal Data Mobility Coordinating Entity, modeled on the open banking structures, to kick start and oversee work on these core issues. Ctrl-shift is already working with a number of key industry players in a sandbox to explore possible design models.
Liz's slides are attached at the bottom of this article.
In the panel discussion, moderated by Louise Beaumont, a number of key points emerged:
Consumers must be at the heart of innovation
The panel was united in saying that consumers do not understand what is being done with their data or what to do if things go wrong. Maha El Dimachki, Financial Conduct Authority pointed to the findings of the Financial Services Consumer Panel that consumers will give their consent immediately, without regard to terms and conditions if they want the service offered.
Liz Coll, Consumer International, felt that in creating a digital world, consumer organisations should be involved from the outset and privacy by design should be at the heart of innovation. The implications of widespread sharing of data are unknown and we must be alert to possible problems.
Business must mitigate the complexities for the consumer:
Gavin Littlejohn of FDATA painted a picture of the impossibility for the individual to manage the complexities technology brings – business must step in to help out. This must be done in a co-ordinated way: there must be consumer consent, a robust liability model, and a connected directory of all ‘third party providers’ (TPPs) across markets. We cannot approach this in a sector-based way and there must be some governance oversight across markets.
Gavin Ray of digi.me outlined their model, which allows consumers to store their data in an encrypted format on a personal cloud, to manage it, and to share it securely with companies of their choice. Each company enters a contract with digi.me, which sets out duties and liabilities. The cross-fertilization this allows has seen the emergence of new uses for combinations of data and is stimulating innovation.
The GDPR has limitations
Stephen Deadman from Facebook had concerns about how the GDPR rights will work in practice, as data can be transferred from company A to B at the consumer’s request but there is no framework to enable this and no safeguards or liability standards. Stephen would like to see regulators, consumer organisations and businesses working together to address these issues.
Simon McDougall, Information Commissioner’s Office ,noted that the GDPR needs time to mature before its implications are fully understood. In addition, post-Brexit, the UK will have to preserve its access to EU data by applying for ‘adequacy’ – to get this, we will have to maintain strong compliance to GDPR. The ICO is committed to the innovation agenda through its sandbox activities, designed to understand what innovators require to make the most of the opportunities of data.
We should learn from open banking
Bill Roberts, Competition and Markets Authority, gave an update on the progress of open banking which has had a patchy start, with a number of technical issues. But the basis is there and 200 TPPs are waiting to join. March 2019 will see biometric authentication coming online, which to date has the best use cases: mobile phone +location+ biometric authentication of payment. He acknowledged that, to date, work on open data has not been well coordinated, but BEIS is endeavouring to bring them together.
Gavin Littlejohn stressed the difficulties of managing complex chains of data activity. Open Banking has shown that it is very difficult to pinpoint where a problem has occurred, who should compensate the consumer and, in the case of data, how any loss should be quantified. Strong and easy-to access dispute resolution processes are therefore key.
We must operate cross-markets
All the panelists agreed that we need to look at ‘data’ outside of traditional sector boundaries to make the most of its opportunities. Maha from the FCA noted also that regulators must work to understand ‘adaptive regulation’ and to work in alignment to ensure operational resilience and consumer protection.
Ruth Brougham of British Gas outlined a whole range of possibilities. British gas is looking at using data to design simpler ways to pay, personalize services to customer needs, and enter partnerships (e.g. when customers move house). She also noted the huge benefits of tapping into ecosystems such as the peer-to-peer trading of energy.
Digital identity is a must
A number of the audience members raised the point that digital ID will be essential for consumers to access the online services which will emerge and as a key to managing their own personal data. techUK’s Digital Identity White Paper, Feb 2019, elaborates on this theme.
Ethics as the basis for innovation
In closing, panelists and audience agreed that we must be aware of the ‘morality’ of how we use technology and data and the need to ensure benefits are shared equitably. For example personalized pricing may be good for some but very bad for others. Liz Coll noted that many consumers simply assume that there is a duty on businesses to behave responsibly and that there is a ‘regulator’ to protect consumer interests. This is not always the case when oversight is tied to specific regulations and technology is constantly pushing ahead. Much more open and widespread public discussion is needed.