Personal Data Commons

Personal Data Commons This is the first draft of a reverse brief that outlines a vision for a personal data commons.

The objective is to develop a data sharing platform capable of enabling citizens to engage with the various entities that use their data on a reciprocal basis of value, inclusion, trust and control. This will deliver more and better quality data to the communities of interest such as NGOS, service providers, business, innovators and government, whilst also affording unprecedented opportunities for individual citizens to manage and control the data they generate, and derive value from it for themselves.

Data about people In describing the data sharing platform we propose, we’ve used the term ‘personal’ data to mean ‘data about people and their engagement with the world’. A distinction is often attempted between “personal” and “non-personal” data, but this is artificial; it is more helpful to think of personal and non-personal uses of data about people. In other words, it’s better to think of data about people and their engagement with the world in terms of the purpose it is being used for, rather than the subject of the data itself. There are plenty of non-personal uses for data about people.

Thinking about this data in terms of its use, rather than its subject, aligns better with the NZDFF principles of value, inclusion, trust and control. Personal use of data about people means using a person’s data to target them specifically with a product or service, or create a bespoke solution for them based upon what is known about them. In this sense, personal use of data is the operational use of data about people. When data about people is used non-personally, it is used in an anonymised way to learn about a population and make decisions at a higher level; in other words, the non-operational use of data.

In order to fulfil the NZDFF principles, the Personal Data Commons needs to be designed so that the individual has some control over what the data about their person is used for, and by whom.

Personal uses of data about people Data about an individual, their home, their travel, their interaction with other people, the services they use, their health, their behaviours and their preferences can be integrated to generate incredibly powerful insights. These insights can be used to develop personalized services, products and experiences, which might be commercial or public services. It’s important that individuals have control over whom they allow to use their data in a personal way, as data could otherwise be used coercively to identify and target a person against their wishes.

Non-personal uses of data about people Individual case-level data about people and their engagement with the world can also be used in non-personal ways. Appropriately anonymized, it can be used to answer research questions, measure the effectiveness of social services, monitor social service providers, identify improvement opportunities for government etc. Individual data about people can be aggregated to produce useful statistics about groups, but it can also be used at the individual case level to understand as much as possible about people, not in order to do anything for or to them, but to answer some other kind of question. It is never necessary to identify the individual person, and the individual person is not necessarily affected by non-personal uses of their individual data.

What this illustrates is that the difference between personal and non-personal data is the use to which it is put. Data about people can be used for personal purposes, such as curating a personalized service portfolio for an individual person, but can also be used in a non-personal way by NGOs, scientists, social investors, entrepreneurs and others to make decisions based on quality, multidimensional data. The personal data sharing platform needs to be capable of enabling both these purposes in a way that is safe and trusted.

Data sharing and data integration are two different, but related things Data ‘sharing’ and data ‘integration’ are two different things, but the terminology is sometimes confusingly used interchangably. The data commons aims to enable both data sharing and data integration.

Data sharing is the transfer of data between actors to be used and re-used elsewhere. This is the market aspect of the data commons; the ability to transfer value by giving consent to share and use data.

Data integration is the linking of one person’s data, and data about their engagement with the environment together with other data sets to form a more complete picture of that person. Examples of data that could be linked together at the level of the individual include:

• The genome
• Financial data
• Health data
• Government interaction and engagement
• Physical exercise
• Purchasing history
• Diet
• Geospatial data
• Energy use

Integration of disparate sources of data about people and how they move through the world is what drives the value of the data commons. Integrated data drives economies of scope; this means that when two pieces of information about you are added together, a much wider range of questions can be answered and the information put to a broader variety of uses.

__

Communities of interest and a personal data Commons.

A data commons that facilitates the sharing and integration of data about people has value for multiple communities of interest.

The primary community of interest for a data market transacting data about people is, of course, the people whose data is being traded. However, there are multiple groups and communities with an interest in the safe sharing of data about people. These groups include Iwi, service providers and NGOs, central government, businesses, marketers, philanthropists; just about any public or private entity for whom quality information about people is valuable.

The primary objective of a personal data commons is maximise the value that can be derived from data about people, return some of that value to the people who are the subjects of the data, and enable individuals to engage effectively and safely with the entities who are using data about them. In creating a platform for information exchange that empowers people whilst also delivering more value for business and public interests, we can make the distribution of value derived from data about people more equitable whilst also creating a stronger and more prosperous civil society.

One key point to note before beginning to consider the value proposition for different interest groups is that data about people are usually recorded by entities other than the people who are the subject of the data. For example, financial transaction data is created by people as they operate their finances day to day, but recorded and stored by the bank. To contribute this data to the commons requires that a value proposition be offered to the bank, not the individual person. Therefore, even though it is individual people who are the primary community of interest that needs to be considered in the design and execution of the personal data commons project, they are unlikely to be the primary market for the concept in its initial stages. The data commons will only generate value in response to input, so large entities in possession of large data sets will need be the first customers in order to kick-start the process of generating value and attracting more participants.

The group with the most to gain in the short term from the creation of a data commons for transacting data about people are NGOs and service providers. This is the community for whom the initial cost of participation will yield tangible value the fastest, and therefore it is the community whose interests ought to come first in the design process. It is helpful that NGOs objectives are well aligned with the public interest, and not driven by a profit motive, as this means that they are an ethical proxy for the primary community of interest in devising the initial pitch for participation.

Value for individuals Individuals can benefit from directly and indirectly from the integration and sharing of their data. Direct value might come in the form of personalised financial, fitness, health or internet services. Indirect value comes from the non-personal use of data, in the form of improved public services, a stronger civil society, and scientific and technological benefits for all society.

Much of the technology around big data has grown out of the opportunity to monetise internet and social network data by selling it to marketing companies. Google, Facebook, and many other high tech companies both in New Zealand and overseas integrate personal data to develop new marketing methods; Flybuys is a familiar example of this. Marketers profit from the integrated personal information that allows them to target services that inform consumers about products. The people whose data is being used receive a free service such as email, a social media platform or rewards points, and some better-targeted advertising, but the real value is sold off for shareholder profit.

None of this is high-trust, high-value to the individual; the people whose data is being used and sold have no access to their own data, and they have no control over what it is used for. They are excluded from the value chain; in most cases there is little to no transparency around the use and re-use of their data.

There is plenty of scope for value to be returned to the individual in exchange for their data. There have been recent attempts to build services which give more control to the data provider. Personal Information Management Systems (PIMS) such as MyWave here in New Zealand are being developed; these systems allow people to capture and derive value from their own data. Users can upload high-quality data about themselves to a PIMS and create a consent-based relationship with marketing companies; a direct relationship that returns value back to the individual, often in the form of loyalty schemes, discounts and bonuses. Making this relationship direct so that transaction takes place between the individual and the marketing company in a transparent setting gives the person generating the data more control, and includes them in the transaction. These relationships are an improvement on traditional loyalty schemes for both parties. Marketing companies can simply ask for the data they want, and use it with its subject’s consent, which means they can derive more value from it. Individuals have control over who uses their data, have a transparent relationship with the company using it, and receive benefits in exchange.

This is not an example of a data commons; it’s a centralised network that connects users with client organisations who wish to use their data. But it is a good example of how individual people might wish to trade upon their data assets in future, and of a data market concept that generates value and does so in line with the NZDFF principles. It’s an example of how consent, control and trust drive greater value than an extractive model, and strengthens the case for a personal data commons that scales these high-trust, consent-based relationships to a larger sharing platform.

NGOs, iwi and service provider networks

Any group who has an interest in understanding and integrating data about their member individuals to mobilise and orient community-based activities can benefit from access to a peer-to-peer market for data exchange and sharing. The exchange of data facilitated by a commons platform would support activities such as advocating for policy, or monitoring the health of the community. There are opportunities for both non-personal uses of shared data in this space, such as research into housing needs for informing an advocacy programme, and personal uses, if individuals within a community consented to their data being used to solve particular problems.

Examples of organisations who would benefit from using data in this way include the Platform Trust and Te Pou, who are mobilising around mental health and addiction, education entrepreneurs such as the Next Foundation, the Manaiakalani Trust, Tuhoi, and the Canterbury health alliance network. Low-cost data sharing and integration, and interoperability across communities of interest on a high trust data Commons that is in the control of the participants will improve the ability of communities to mobilise the value of their own data and community.

At present, the information landscape of the NGO sector is a patchwork quilt of information systems that would yield enormous benefits for their owners if they could be joined up for easy sharing and access. There is a great willingness to share information amongst NGOs, as it’s widely acknowledged that service delivery could be improved for clients with more and better access to data. There is also scope for operational effectiveness gains, the development of new and better commissioning and funding models, innovation and collective action.

There are two key obstacles for data sharing in the NGO sector; disparity in information-gathering systems developed in isolation of one another, and control over who can see the data, both for protection of clients’ privacy, and NGOs’ business interests in a competitive contracting environment.

A data commons solution for the sharing and integration of data about people would address both these issues.

Disparate data – both in terms of content and format – is an obstacle to sharing and integration, as NGOs have a wide range of data entry and storage processes. Many reporting metrics are of little to no value in assessing service performance or individuals’ outcomes, particularly in isolation. By sharing and integrating data about people, a data commons would provide NGOs with opportunities to improve their services, become more responsive, learn about their clients, take a more holistic approach to clients’ wellbeing, and collaborate with one another using shared measurement systems to work towards common goals.

The control principle that would be applied to the data commons is of particular relevance for the NGO sector, as NGOs’ sharing of data with one another would need to be a controlled transaction to protect the privacy of the individuals’ whose data is being shared. Additionally, NGOs are unlikely to want to share their data without direct control over who can see it, and what they can see. With a decentralised network model that enables direct peer-to-peer sharing, NGOs could be confident in their control over who can access their data, and secure in the safety of a sharing system that does not depend on a vulnerable central hub. With a guarantee of control over the sharing of NGO data, the personal data commons can enable the creation of enormous value for NGOs, and for the public who use their services.

Business, innovators The market for personalised services is growing, with products such as Apple Health beginning to respond to demand for a high-trust, personalised health service. There are two components to this business model, representing both personal and non-personal use of users’ data; the first is that Apple’s hardware products provide an information and networking opportunity for the integration of medical records, test results and personalised health information, integrating heart rate data and third party data for a bespoke service that caters to the individual. The second, non-personal use of the data is the opportunity for users to donate their personal health data for scientific research, should they consent. This non-personal use of personal data yields more indirect benefits to users and their communities, whilst protecting their privacy.

This is a great example of a fledgling data commons that offers different levels of access to different parties based on users’ consent, delivers value for individuals and yields a profit for business.

A personal data commons would deliver many of the same opportunities in terms of product and service development and monetisation for profit, but without the need for a single centralised repository placing control of the data in the hands of a single corporate entity. A peer-to-peer data sharing platform that facilitates the integration of personal data from multiple sources would offer New Zealand businesses most of the same opportunities that Apple is capitalising on with Apple Health, but in a more democratised, low-risk fashion. By decentralising the network and keeping data ownership in the hands of those who generate it, the commons-based structure will keep individual peoples’ data safer and provide more opportunities for multiple businesses to innovate off the back of the insights the integration of such data might generate. A data commons that is owned by its participants, rather than by a single provider such as Apple, is more inclusive and therefore offers more value to all participants.

Scientists and researchers Both traditional and big data based science, such as the precision health work being done in the United States and by Orion health here in New Zealand, receive a huge amount of value from individual life pathways in high-quality data. A personal data commons would also give scientists and researchers the ability to integrate their own research data with existing data on the commons.

Government The government uses data about people to make policy and spending decisions. At the present, government is committed to the adoption of an Investment Approach at a high level; this is a methodology for the treatment of public service spending as an investment that yields ongoing value throughout a person’s life, and as such requires the support of rich, integrated, longitudinal data about people to fuel the analytic tools that are being developed to assess the effectiveness of government investment.

Analysts in central government use the Statistics New Zealand Integrated Data Infrastructure (IDI) to understand life trajectories and provider performance, using a high supervision model over integrated data about individuals that is de-identified and may not be put to personal uses. This means it can’t be used to target services to individuals, because the data contained in the IDI was obtained coercively, that is, without consent. The IDI is high trust; Statistics New Zealand rightfully protects the data from misuse, and permission to access the resource is granted only after a thorough vetting process. But this trust comes at a high opportunity cost. The resource is not inclusive, its use is limited to government and the few researchers that qualify for access. It is not under the control of the people whose data it contains; not only do individual New Zealanders not know what data about them is kept in the IDI, prospective users within government have difficulty finding out what is in there. The security restrictions placed on the IDI are not the only way in which is value is limited; it only represents a small proportion of the total amount of data that is collected by a wider range of operators with the potential to add further dimensions and value. The IDI is a niche service for government interests that is useful in the short term - it will quickly become irrelevant as more (reliable) data is collected outside of government.

[Initial thoughts, needs plenty more thought. Do we think the solution means we don't have to build a data commons here in New Zealand, that the market will provide this kind of service? ]

Orion Precision Health and the US government Precision health programs [Can somebody review these - also look promising].

Where to start? - kickstarting the commons

Although individuals about whom data is collected are the primary community of interest for a personal data commons, a first customer is needed to kick start the project and attract participants, beginning the virtuous cycle of an expanding network effect and attracting further participants so that data donators receive value in exchange for their data.

The ideal first customer for a personal data commons is the NGO community, for several reasons:

• NGOs want to share data to improve their services, learn about their performance, and coordinate mutually reinforcing activities in pursuit of shared goals
• The current data landscape of the NGO sector is fragmented, and this is recognised as a problem
• Significant benefits could be delivered very quickly, by making more data accessible, with a standardised process for gaining access and a watertight mandate for use based on the consent of data subjects.
• NGOs report that their front line staff and clients must collect the same data over and over again, a process that is time consuming and expensive for the organisation, and tiring and humiliating for the client. The ability to access a client’s data through a data commons network would save money, time and dignity, and make NGOs’ service delivery more consistent and responsive.

The market is already producing various manifestations of a personal data commons; Apple Health and PIMSs are just two examples of private enterprise capitalising on the potential to derive value from integrated data about people.

The main challenge for founding a personal data commons that adheres to the NZDFF principles of value, inclusion, trust and control isn’t the technology, it’s stimulating the involvement of the first tranche of participants. The best way to create an incentive for communities to invest in demonstrating the value is to set about solving one specific challenge that is of high value to those first participants, but ensure that the methodology is accessible, adaptable and scalable so that it can be expanded to accommodate other solutions for other communities. The challenge is in ensuring that the initial point solution can be scaled into a generalised solution that offers a diverse spectrum of value to multiple parties.

There are already communities of interest in the social sector who are building the trust and shared vision required to coordinate their efforts around a common objective. Some examples are:

• The Manaiakalani Trust mobilising around housing and education needs
• Platform Trust, Te Pou and the four big PHOs for mental health and addiction services
• Canterbury Health Alliance network mobilising around the wider health system in Canterbury, with further interests in education and other social needs.

These alliances would benefit enormously from the ability to exchange data safety and efficiently, whilst maintaining the trust of the people they are working for. The key advantage of beginning with these groups as a first customer is that they have high trust with their clients, clear objectives, and an articulated need for efficient data sharing and interoperability.

However: the challenge is that whatever we do here has to be of direct value to the people who are donating their data. They can be motivated by a safe harbour, but to get real traction will require demonstrable personal value I think. Any thoughts?

Leverage the value of the social investment approach.

The government is interested in place based funding models which focus on outcomes. To do this they need access to high-quality individual data. But therein lies the government's problem. People won't trust the government with this kind of micro level data. So the data commons solution provides an effective way to bridge the gap between government interests and individual and community interests and micro level data. Rather than seeing this as a place to start, I would provide the service to the community of interest then use this as a value add opportunity to engage the government about datasharing from a position of strength. If we go to government to early, the interests at the centre are likely to erode trust as well as the bargaining power of the community who have self mobilise around their own data interests.

Funding Model.

After initial kickstarting, a personalised data Commons would easily be self funding. Sources of revenue include:

• access by entrepreneurs and users who need to pay a fee for service
• licensed extra access for analysts and scientists, including attracting philanthropic and large science interests from the likes of Harvard and MIT who have to work with New Zealand interests to get access to high-quality micro level data.

There is an inclusivity challenge however for low income users. How do these people gain genuine access and what if people cannot afford the apps even if they have the phone? I suspect, for some services, governments and NGOs may have to subsidise specific solutions for the tail of high needs. At least if there is a commons based high trust access, then the user still has the power to remove their data and break the relationship.