Personal freedom levelling the playing field and contributing to data economics

Data governance and data protection go hand in hand. Seeing that personal data is mostly held within platforms as part of their stakeholder value, quantity of accounts and interactions. The reuse of personal data and account details (1), the user’s interactions linked to their accounts, thanks to usage of related media identifying the user in the physical interactions (2), as well as the profile of the user based upon their transactions and behavioural patterns (3) is impeded by the ironclad curtains of platforms, limiting the (international) free flow of data. Secondly, possible mis-contextualising leads to digital imagery which do not reflect the actual situation in which certain actions were made, affecting the individuals future behaviour.

You get the card. This card is you in ‘the system’. Everything you do is retraceable. Being monitored by a system, in philosophical terms means your under the looking glass of the Panopticon. In an explicit situation, rumour or hear say makes people feel insecure. What was said specifically, by whom, to who, when, where. Unsure about the facts and merely reflecting only parts or a specific moment in the eyes of a certain beholder. Highlighting any kind of imperfection affects people. The tacit effect of the ‘Panopticon’ will cause people to adapt their behaviour (image of the observations) to match an presumingly desirable pattern. Where in fact, people can never live up to being unaware of the actual use or reference framework. Relevant to this topic: to avoid this, it is necessary have a clear understanding of the actual data processing activities, the input required for the planned output. This knowledge puts people more ar ease. To quote Maslow (1966), "If the only tool you have is a hammer, it is tempting to treat everything as if it were a nail”. Is what you see not derived from your own reference models? This entails that making assumptions based upon only partial observations could lead you astray, with possible negative or positive conclusions and the consequences thereof. In business the numbers have become more important to shareholders opinions of their investment than the actual added value for ‘the user’. In establishing any model, pattern or image of ‘the user’, persona’s are being fabricated in order to strategise on potential interest for the platform. Not the actual value, but the lock-in of people and businesses, the number of accounts and interactions to validate the platform and the shareholder strategy. In the name of convenience, but essentially for the exploitation of individuals for financial benefit either by guiding their choices or simply convincing them to purchase goods or services which they don’t really need, through consumerism.?

Proprietary schemes with their proprietary, self certified technologies, see another opportunity: Not the transaction itself, but the closed audit trail of interactions, which enables reuse of this information in multiple domains as an identifier at high costs. More worrisome is the registration of this use, outside the citizen’s reach, even without them knowing this. Again information that in combination, in context or as pseudonyms tells a lot about the citizen. The convenience of reuse is evident. The relationship between e.g. financial institutions and this information is not. The additional relation and the expanding desire to understand our patterns of spending have the same effect as we fear that commercial platforms have on our freedom of choice. Open source identification solutions are less cost heavy and do not mix up information, that in hindsight could have been prevented. As the Commission seems to hold our personal freedom in high regard, they should be more decisive. Proprietary schemes and privacy simply do not sit as well as those open source ones with communities improving and mastering security and operational ease.

Having reached one end of the spectrum, the citizen. The complexity of the combined digital, payment and physical services each executed by different designated stakeholders requires a different and relevant concept of the individual within the context of the interaction represented by the (minimally) required personal data. Ideally, the window of presentation of this personal data is limited to the actual processing thereof within the specific activity of the context of the transaction as a whole. In order to be freed from third parties interests in my choices, I would like the combination of data governance and data protection to serve me as follows. I would like to be assured on the Member State level that my intermediary can be trusted. This entails I am in control. Placing me in a central position to have ‘ownership’ over all the account details and account related media, as well as the transactional history. And due to a high risk of having both in one place, I would like to have a clear division between personal data and transactional data. To feel confident I would like to expressly authorise those designated stakeholders (identifiable) to process my (non) personal data with regards to input-output specified (and verifiable) activities as a whole or a part of a series of digital and/or physical activities (including payment) in a transaction process. My accounts and account related media are gradually fading out, reduced to open source identifiers and validators, to reduce the number of cards and tokens. Seeing that they are merely secondary as a means of identification as part of data processing activities in a transaction process, under control of the citizen and backed by GDPR. This transaction reflecting the value exchange based on mutual consent/agreement. By which comparison it is a contract as described in art. 6.1b GDPR. Finally, I want all these designated stakeholders contributing to the (activities) of the process to interact in a secure, interoperable and speedy fashion. Last but not least I want to have access? to and reuse of the future, ongoing and past transactions, the transactional details and state of activities thereof including the provenance, of the reuse of pre authorised (non) personal and transactional data by designated stakeholders of the transaction activity in the context of the transaction process as a whole. E.g. I want to have an overview handy of what I have done in their my career, not the job titles but the actual hands on work/activities which will help others to prove my value. To assure my work with the certificates and diploma’s that stress my skills and theoretical backgrounds adding to my value as the return of my investments. Finally, the number of hours I put in improving on my skills advancing and coherent seniority. How much easier would it be to find a next job or gig based on that.

The other end of the spectrum being the economic value on a meso and macro level. Besides the obvious reduction of risks and liabilities coming from the GDPR. Organising the data for federation for specific input-output related activities of transaction processes will place the security and other mitigation outside the platform operators scope. It allows the provider of physical services to interact with the same set of personal data equally, freed of securing the personal and transactional data. By decentralising a multitude of roles as specified in the International Data Spaces reference architecture model (‘IDS-RAM’) the platform limitations can be lifted, ensuring a common language, decentralising identity provision to be reused throughout all interactions of legal entities, data clearing mechanisms as part of the platform to platform interaction or decentralised if required. Even the alignment of the physical, payment and digital services can be transformed in a intermediary role to support the data governance and the collaboration in a transparent and trusted (DGA) fashion. By organising the activities of a unique transaction and communicating the state of play to all concerned, another platform feature transforms to evolve from a platform one-to-many to an ecosystem many-to-many. Using a non proprietary decentralised transaction ‘broker’ the authorisation of personal data reuse within the platform can become fully compliant with DGA and GDPR. As the holder of personal data, using only relevant data for a specific activity quantifies the impact of the processing to a minimum. By aligning the different digital/data processing activities and physical services by the designated stakeholders in overarching transaction processes, all of them can contribute independently to the straight through processing in a trusted fashion. The purpose of their contribution would follow the services and price in the mutually agreed value exchange between the consumer and the supplier(s). On a macro or ecosystem level authorities and Member States individually and collectively could reuse partial information of those inter-/transactions to comply regulations and allocate resources in a educated fashion, using the effect of the combination of insights in line with 6.1e GDPR: ‘the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’. Taking charge in order to facilitate the emerging value of these economics should be a no brainer.

With a background in law, business economics and philosophy, Ferdinand, is looking for the balance of the economic possibilities versus personal freedom in appreciation of regulation.

Ferdinand, your mentor/coach in the digital transformation.