As we know there are moves to help us have more control over our personal data through GDPR. But, having taken control of this data, what then?
Let’s say we manage to collect all of our private data (Trisent is working on technology to enable you to do this automatically), and we successfully deny the likes of Google access to data such as our browser history, what then? What do we do with our data that we now hold. Well, we can look at it, analyse it and search is in a variety of ways (and Trisent also has technology to help you do that), but what other benefits might we be able to get from owning our own data.
One of the common suggestion is that we monetise our data by selling it on a personal data exchange. Datacoup have developed one of the first data exchanges, but there is an understandable reluctance to sell data directly. The danger, of course, is that our data is not used for the purpose that it was sold for, that it is sold on to others or even used for criminal activities. So, trust is a big part of this potential economy and even if we trust the marketplace operator, such as Datacoup, can we trust those that buy our data. Another option is to sell our data as part of a large aggregated dataset where there is apparently no directly attributable data – but that has dangers too. Famously, Netflix release a large dataset where the subscriber’s details were removed, however some academics quickly managed to de-anonymise this data. To quote from their paper “Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.”
Perhaps the solution to monetising our data, is not actually to sell the data directly. If you think about the services provided by large data brokers such as Experion. They only give information you need, and do not give you a dataset to process for yourself. They provide minimal information in the form of an answer which is sufficient for you to complete a task. They avoid giving a full dataset because then they would reveal their data assets – which you could reuse for other purposes, or even sell. Instead companies, like Experion, reuse the data many times themselves to sell more answers to many customers – typically a credit score to see if you are worthy of a loan, or maybe a more detailed report if it is for a mortgage. They can reprocess and re-monetise this same data many times.
So, having observed how the ‘big boys’ monetise their data, how could this be achieved on an individual basis? Perhaps the answer is the same, simply by selling answers rather than datasets. This can be done on an aggregated data basis where you contribute to a data pool that can be queried for answers but the data itself is never handed over. It can also be done on an individual basis where questions can be asked of your personal data. As an example, let’s say that a local Asda superstore was trying to understand their local customers and these customers owned their personal data which includes activity and movement data from their phones. They could then ask – ‘how many people in the KY1 postal area visit Asda each week compared to Tesco?’ and if they know that Mary Gallacher is a local customer they could ask “how many times has Mary Gallacher been to Asda this month and how many times has she been to Tesco?” When Mary’s data is used to answer a question she will receive a credit. For security she could set the type of questions she is willing to contribute answers too, and for transparency she could see a ledger of questions and who has asked them. Note, that Mary did not have to reveal her location data, only the fact that she had been to Asda or Tesco, which she was comfortable to do in exchange for some form of credit.
This method of using personal data allows it to be monetised and provides good levels of security. The Open PDS project at MIT has been pioneering the technology that will allow personal data to be queried safely through what they have termed ‘Safe Answers’.
So, I would conclude that you don’t need to sell your data. To maximise the monetisation and security of your personal data we should simply sell answers to specific questions.