In an identity-based transaction world, what are the best strategies businesses should apply in order to protect data?
I think it's clear that the internet has ushered in a very different way of connecting with each other. Many of our interactions are becoming 'transactions' – often underpinned by data – and every transaction is becoming part of an economic value exchange.
But these new digital transactions carry higher risk. For example, if we buy something online, the payment and delivery don't usually happen immediately. So we need ways to manage this risk, and this is why the creation of trust is so essential in the digital realm. Well-known platforms have stepped in to provide trust and manage our transactions, but are platforms really the best guarantors of digital trust?
Over time we start to learn the downside of the platform economy; it’s a winner takes all game: the huge disbalance in power of the user versus the platform, and the fragmentation it actually causes.
My view is that the crucial factor in protecting data is not to find in discussions on data ownership, but in what rights the user has over their data, and how these rights can be managed in practical way. Regulation such as GDPR gives us already rights, but not the means to express those rights.
Data sovereignty is about giving people the control to manage their data, and to decide who has access to it, and under which conditions. So implementing data sovereignty in the right way is the essential ingredient in building genuine trust. Moreover, implementing data sovereignty will help to genuinely protect the use of your data, and in the end that’s what it is really about.
We urgently need to enable organisations and individuals to manage access to their data in effective and empowering ways. This will build trust. And only trust will encourage us all to provide consent: the vital oil in the machinery of the digital transactions ecosystem.
What are the risks the data provider and the receiver are exposed to when data is shared?
The lack of control over our data affects not only consumers, but also organisations. Because there is no way organisations can provide access to their data in a controlled, standard, and easy way, many of them decide not to share data at all. In the Dutch healthcare sector, for example, organisations stopped sharing data about the results of mental health treatment due to new regulations that were actually meant to protect user rights. Regulation turns into an excuse to not share data. This has prevented health institutions from gathering essential data on the effectiveness of mental health treatment for the past three years.
So instead of the risks of sharing data, I’d like to draw strong focus to the risks of not sharing data.
The lack of focus on data access is hampering innovation. Just imagine how much more could be achieved in sectors such as healthcare, logistics, and energy if data sharing could be made seamless and secure.
Considering the rise of sharing economy and digital platforms, how can trust be maintained when data is shared?
I truly believe that we need to build 'soft infrastructures' to share data, with data sovereignty as the basic design principle. This will give organisations and individuals control over their own data. Infrastructures like roads and public amenities have been at the heart of economic growth for millennia. In the last few years, new types of infrastructures for data and common communication have emerged. But unlike the more traditional infrastructures, governance is often concentrated in private hands. By making identity and data control a public/private-controlled trust infrastructure, we can build solid and sustainable foundations for the next growth cycle of the digital economy.
Organisations can and will need to contribute to envision data sovereignty, by including control over data in their strategy, in their processes, in their way of working, in the alliances they make.
Companies working alone, jealously controlling access to data, will not win. We need to work collaboratively to create soft infrastructures that allow us to share data as freely as possible, whilst also maintaining an appropriate level of control.
And individual organisations can already start themselves and prepare – Take the initial steps to get ready: begin planning things like your internal capabilities, your data organisation, and who will be the key partners in your ecosystem.
What is iSHARE, how does it fit into the concept of data sovereignty?
iSHARE is a scheme, or set of agreements, that enables safe data sharing across the logistics sector. The scheme includes Functional, Technical, Legal, and Operational agreements, co-created by the sector itself. Because all parties adhere to the same agreements, signing a contract with the iSHARE Foundation, iSHARE’s significantly lowers barriers to new data sharing relationships.
By agreeing to use the same technical standards to identify, authenticate, and authorise each other, and by agreeing to only use shared data for the purposes they specified, adhering parties reduce the time spent to integrate software solutions and to get to know and trust each other. Above all iSHARE enables the data owner to stay in control over his data. He decides with whom he shares his data and under which conditions. That is what we call data sovereignty.
The co-creation process of iSHARE relied heavily on creating an atmosphere of trust and collaboration, and that is not always easy. Organisations need to gather around what I call a 'peace table' and learn to work together in new ways. But iSHARE has already shown that this is achievable.
If we really want to build a thriving data economy – which is also people-centric, and allows organisations and people to manage their own data – then we need to work together to build these soft infrastructures.
We are ready to go now. Let's not just talk about this. Let's use data sovereignty to unlock the great potential of data before others take over control of your data assets.
For more information on data sovereignty, please join the Data Sharing Days 2020 event in The Hague, Netherlands, on 27-28 January.
About Mariane ter Veen
Mariane ter Veen is Director Data Sharing Lead of INNOPAY, an international consulting firm specialised in digital transactions. Mariane has a wealth of experience in the domain of data sharing, and recently spearheaded the development of the logistics data sharing scheme iSHARE, an initiative of the Dutch Top Sector Logistics.
About INNOPAY
INNOPAY has a strong international track record as innovation expert in digital transactions space. Our aim is to help companies anywhere in the world to harness the full potential of the digital transactions era.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now