HUMAN-CENTRIC CONTROL OF PERSONAL DATA
How can we support individuals to effectively manage who has access to their data and how it is used and shared? :
Lack of clarity around who can do what with our data
Evaluate systems that can implement the above. Most likely coordinated combination of technology and legal systems are required.
click to edit
The licence defines:
-permission (e.g. the third party can read and transfer)
-intention (e.g. for cancer research)
-time (e.g. until this date X)
-territory (e.g. within the UK, because I live in the UK and I am subject to its laws)
Designers need to find ways to communicate the contents of the licences effectively
Lack of literacy about what those licences could look like
Idea: create public registers of personal data licences, to be used as a reference and for enforcement
Allow organisations to define licence templates, so that their “followers” - by trusting the organisations - will trust the specifications of the licence. E.g. if I trust Cancer Research (the charity) in the UK, I can release my personal data for cancer research (the intention) using the template they publish.
Citizens may actually have a “duty to share” for the social good, e.g. intuitively, countries that provide a free national health service may be entitled to access your data for research purposes.
Risk of focusing too much on the user
Being user-centred is good but is not the silver bullet. The data sharing ecosystem is more complex than that.
Moreover “design is always political” and the designer always designs for the kind of “human” she has in mind. What works for someone may not work for someone else.
click to edit
Cater for diversity, do not assume we are all the same.
Minimisation should not be a standard practice. We don’t know what data will become useful in the future, perhaps because of new insight or new tools (e.g. more powerful computing). It is wasteful to let data go to waste just to keep it to a minimum per se.
We can educate the public to understand how modern statistical methods can benefits from accessing data whose usefulness cannot be proven.
And, if we accept that we don’t know what will be useful in the future, perhaps we should also accept that data is stored that may not be justified.
Focus should be on what is useful, not on “volume”.
Enforcement of control, and punishing violations (fines etc.) cannot capture the value of the data to the user
Recognise that there is no general rule about what data point is more sensitive and what is less.
Moreover after data is out, there is no way to make it private again. Fines / compensation may not be able to fix the damage.
INDIVIDUAL AS THE POINT 2 OF INTEGRATION
How can we enable individuals to become the “hubs” for their own data?? :
Having an overview of your data requires an incentive
Approach from life events or Maslow needs perspectiv, so that MyData can be used for controlling and planning your life course
Think of feedback systems and AI that informs you of possibilities
Being able to customize amount of control
User should be able to leave aspects of dataflow to automation and choose also hands-on aspects
General question: who has control over the system? Is it neutral (public good) or priate (service)?
INDIVIDUAL EMPOWERMENT
How can we help individuals using their data for their own ends? :
Different language used by professionals and individuals, thus leading to potential miscommunication
Peer-support and peer-help
Knowledge portals integrated to any system
Redistributing the power between individuals and other stakeholders through access to data
Access to data
Ensuring individual is taken part of any decisions about him/her
PORTABILITY: ACCESS AND RE-USE
How can we enable individuals to obtain and re-use their personal data ? :
Pivot 1: The responsibility for implementation doesn't fall to individuals.
TRANSPARENCY AND ACCOUNTABILITY
How can we support organisations in the communication of what data they collect and for what purpose? :
Analyze stakeholder map and discuss motivations of each.
We changed the question from focusing on motivating individuals, to companies embracing data portability.
Pivot 2: Portability needs to emerge organically, with real commercial need over the legal requirements (which are avoidable due to technical feasibility clause)
Dark horse concepting, scope narrowing.
In order to better define the problem, we inverted the problem: what’s stopping businesses from embracing data portability
Insight: High perceived cost for low ROI
We need a standard approach or platform to adopt would reduce the cost of implementing data portability
Foster support and collaboration between industry partners and intermediary data mgmt platforms.
Insight: The biggest use of data online is advertising (creating new business). If advertising is only as good as the big data behind it, how does it benefit smaller companies pulling in low volumes of data
We need to convince them to move beyond advertising as a business model, and that data portability generates business opportunities in other, non-traditional ways.
Show them that having access to interrelated data/breaking the silos in which data are into allow companies to create better services.
Insight: Data is all over the place, scattered (both internally and externally)
Alleviate businesses from the need to deal with all the data.
Target only data that is relevant and in context for users, to limit scope of the problem and prioritize user satisfaction.
Collaboration between industries to test & prioritize relevant sources.
Insight: Data is an important, critical asset for companies
We need to show them that data does not necessarily need to be hosted inside the company to be useful and worthy
Show them that companies who have given up data have not lost customers. Record these use cases
Insight: Nobody ever made successful use cases around giving data
Clear narrative of the emergence of the new data economy
Communication between all different stakeholder (see photo), specially companies culture, internal politics and fears.
Already done #legal design = visual communication
- Grading the companies according to the way they make their ToS readable
- Having icons or comic book to explain the ToS
= has not become mainstream… kindda of failed... Because only low budget community driven (Wiki, NGO etc)?
Clear rules and disclosure on data sources. Algorithm and data.
Complexity: finding balance between the organisation point of view and the individual rights - designing new models and not just “cover it up” with pictures etc.
- Watchdog explaining.
- Gatekeepers providing tools.
- External but also internal to the organisation for design.
= intermediaries that reduce the complexity of it all.
Innovation within organisations = experimenting, R&D.
Scaling the design response according to the business type of organisations and how much data is important regarding the org. core business (from local shop to car rental to Google)
Having the individual as the starter point. He should not be the one doing the work of managing its consent.
Privacy by design: He can have a description (that can be changed anytime) of what he agrees on (ok to share that kind of data for this purpose but don’t use it for that or that) and the companies will adapt to that description.
Draw the templates for those descriptions.
Then people can personalize it. “I’m ok to share this data with research project, but only the ones that are related to …. ”
Replan processes to be user-centric
click to edit
Support and develop social interaction
Support simplification of data
Assure that the entire data ecosystem is studied and that systems, laws etc. work across all levels
Evaluate systems that can implement the registers. Most likely coordinated combination of technology and legal systems are required.
click to edit
Always remember that - in the case of privacy protection - fines and compensation are just a deterrent and can’t fix the damage. Shift focus on prevention.
Moreover, for rich organisation, there may be a business case to pay the fine =:-(
Centrality of contracts / licences to enable a party to re-use another party’s data
Legend
Design issues
Approaches, concepts, ideas and best practices
Future steps