Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015

Citizen-consumer permission based data sharingDr Matt StroudHead of Personal Data & Trust

2Where and who?Where we are:

National Catapult Centre – Euston Road – opened Nov 14

3 initial Local Centres – Brighton, Bradford and Sunderland

National Virtual Incubator

Who we work with:

Universities and Research community

Central and local government

Big Businesses – cross sector – interested in data innovation

SME Clusters, SME Channels and SMEs

Our four challenge areas in data innovation

Sharing closed or proprietary data in better and more trusted ways:

•Sharing creative content •Copyright Hub.

•Sharing Personal data - trust and privacy.•Best practice ecosystem and capability hub / Mi-Data projects / industry guidelines and kite marks

•Sharing closed organisational data•Data Catalyser / UK Environmental Hub / Manchester Synchronisation

•Sharing IoT data •Sharing Personal and Closed data / Test Beds / 5G SAB

Personal Data & Trust program 

Personal Data & Trust Innovators Network: A members based organisation, drawing together SME’s, Corporates and Academics who are actively working on the topics.

Living Data Labs:Is a facility created by the Catapult and it’s partners to “industrialise” the experimentation and development of new products based on permissioned consumer data.

Data Sharing & Trust Frameworks:Is the focus of the Catapults drive to help an ecosystem emerge, which gives the consumer control over their data, businesses to reduced costs and develop new services.  

Eng

age

Acc

eler

ate

Unl

ock

If y

ou’d

like

to

part

icip

ate

e-m

ail m

e:

Mat

t.S

trou

d@cd

e.ca

tapu

lt.or

g.uk

What’s the size of the UK data sharing opportunity?

9% of UK adult pop were

victim of ID fraud in 2013

(source: National Fraud Authority)

60%

Potential uplift in retailers operating

margins(Source: McKinsey 2011)

30%

of Amazon’s sales came from their recommendation

engine(Source: McKinsey 2011)

£46Bn

public sector fraud in 2013 in the UK

(source: hear say:-)

£750M

Giftaid unclaimed by UK charities in 2013

(source: HMRC)

+£75Bn

on to UK GDP in 2020

(source: mean of McK, WEF, BCG)

It’s all about trust….

• Citizen-consumers will not sustainably permit their personal data to be used unless they trust those using it.

• The system must be designed around the consumer to build trust, not imposed on them with mitigations.

• Trust is context and personality dependent. One size doesn’t fit all. The “trust deal” has to be struck locally with the individual and in context.

• Can only be done by putting the controls in the hands of the citizen-consumer – for EVERY transaction. Tech makes this possible.

Only works with the consumers trust: The customer is in control, only exchanging data with their express

permission

3. Why will it be exchanged

• The purpose for which the data will be used will be described at the point of asking for permission

• This will be based on a common permissions ontology

1. What data is to be exchanged

• A brief description is given at the point the permission is sort, with the option of the customer reviewing a more detailed description before giving permission.

• Detailed user research is being undertaken as part of the alpha project

2. With whom will it be exchanged

• The customer will be told specifically with whom they are being asked to share their data. Those parties will undertake contractual obligations to respect the customers wishes

• Mechanisms are envisaged to allow the customer to subsequently revoke any permissions that they have previously given4. For how long will they

hold it• The duration for which the data will be held by the

3rd party will also be defined at the point of asking for permission

• This may indicate for one transaction only, or an extended but finite period of time.

A permission is comprised of 4 elements

An illustrative use case

8

Attribute API’sCustomer profile data base

Identity provider ID Trust Framework

Customer information control dashboard

Relying party website

1. Customer sets who can see what personal data

2. Customer logs on to website with a confederated ID

3. ID Validated

4. Permitted attributes returned

Data Sharing & Trust Frameworks

The Exchange

Customers digital broker

The relying party

The Attribute provider

The Scheme(rules)

Auditors

Its in the interests of all local parties

• Create an ethical club, which is trusted to do more:• Trust underpinned by putting the customer in control

• Common minimum customer promise

• Technical & legal inter-operability

• Common infrastructure to facilitate exchange & compliance

• More data in the club than available to any single party outside

• Inverts the internet players information based competitive advantage

• Finite window of opportunity in the face of:• Emergence of fragmented local systems

• and risk of over regulation

Public and private sector schemes need to interwork: either be the same scheme or varying flavors

• The public sector holds a lot of information that is useful to the private sector and vice versa. Having different data sharing schemes in the public and private sectors builds a wall between that stops data flowing => halves the data available to each and halves the use cases

=> only ¼ of the possible value is left (aprox )

• Public sector needs to use tech to put the citizens in control of there data or there will ultimately be a backlash. The private sector is inventing the tech, the public sector should not re-invent the wheel.

Creates value

Sustainable

Invitation: Hot off the press….

The Digital Catapult would like to invite 15 or so LA’s to a 3 day Personal Data and Trust “Pitstop” in late March.

The event will do three things:• Seminars on personal data topics in an LA context

• Consultations with experts to help address your particular problems/opportunities

• Group working with subject matter experts to address communal problems/opportunities

It’s free of charge to LA’s (our thanks to BIS).

For more information or to register, please e-mail:

[email protected]

Thank youDigital Catapult Centre

101 Euston Road

London

NW1 2RA

Tel: 07957 148 553

Email: [email protected]

www.digitalcatapultcentre.org.uk