This is a read only archive of pad.okfn.org. See the
1) VIDEOSTRIIMI http://bit.ly/mydata0704 varastream http://bambuser.com/v/4514136 (keynotet) ja http://bambuser.com/v/4514310 (paneeli)
2) OSALLISTUMINEN SEMINAARIN AIKANA http://screen.io/mydata
3) TWITTER #mydata ja suomeksi kirjoitettaessa #omadata
4) Eventbrite: https://www.eventbrite.com/e/my-data-ja-tietosuojasaantely-uhka-vai-mahdollisuus-tickets-10648200053
5) William Heathin kalvot http://fi.okfn.org/2014/04/07/my-data-seminaari-ja-verkkolahetys-7-4-2014/
Notes (in English)
Updated by Juuso Parkkinen, but everyone is of course welcome to participate!
[ kiitos muistiinpanoista :) thanks for the annotations :) ]
Opening: Jouni Lähteenmäki (OP Pohjola)
- notable digital change taking place
- how does this affect how we create value for our customers
- financial servies are digital by nature => opportunities and challenges
- three underlying factors
- EU regulation (more competition, consumer rights)
- consumers demand better digital service
- new kinds of agile companies have emerged
- new ecosystems emerge, OP wants to take a leading role
- another sponsor: ministry of transport and communication
OKF Finland (Antti Poikola)
- My Data -working group in Finland http://okf.fi/my-data/ and internationally http://personal-data.okfn.org/
- Open data vs. My data http://blog.okfn.org/2013/02/22/open-data-my-data/
- There is an obvious translation here of key Open Data principles ( http://opendefinition.org/ ) to MyData. Where the Open Definition states that material should be freely available for use, reuse and redistribution by anyone, we could think that my data should freely available for use, reuse and redistribution by me.
- OKF started to promote open data and open knowledge in all ways
- Has expanded to cover mydata issues as well
- A lot of interesting data for businesses is related to people
- => Hard to define a strict line between open and mydata, similarity in underlying philosophies
- Open data: legally and technically and freely available for anyone for any use
- Mydata: legally and technically reusable for ME for my purposes
- My data working group: http://fi.okfn.org/wg/my-data/
- EU data privacy? (tietosuoja) in a key role here => Nils Torvalds
- UK is one of the most advanced countries
Ossi Kuittinen (OKF Finland)
- "My data romantic" =) "open data and mydata will save the world"
- Risk that we lose humanity due to technologization
- William Heath's presentation in OKFestival: the most valuable data is my data
- What kind of business models will emerge?
- Currently: those who have a lot of customers will get even more
- Finnish companies do not have big global customer bases (except Rovio and Supercell)
- => Need for a new strategy for Finland
- Getting businesses involved is the next step
- Poll: What is my data (operated by Kai Kuikkaniemi)
- Top: Human-centric way to distribute and organize personal data
- Chance to create global standard for mydata (think about telcom standards by Nokia etc.)
- Huge business, 7 billion customers
- Needs co-operation across boundaries, government, public and private sector
KEYNOTE 1: Nils Torvalds
- (no slides)
- Key role of European Parliament's Data Protection File (SOMEONE CAN ADD DETAILS)
- Current regulation is from year 1995
- => The existing regulation is written in the world of the 1990's, most people did not have Internet access
- 25 years of extremely fast development, digital revolution
- The rest of the society has not been able to follow
- Finland can be considered a developed country from the Internet point of view
- Some countries in Europe are far behind => the change will not be easy
- => Huge challengies for finishing the Data Protection File
- How much do the MEPs actually understand about the content of the file (a justified concern!)
- The price tag has too many zeroes => MEPs step back
- Huge problems in the parliament
- Problems in the Data Protection File
- Case NSA - the current EU legislation does already set an objective responsibility to protect EU citizens, but there are no means to actually do this
- Our starting point: data can be moved to a system only by an "informed consent"
- but how many consumers actually read the Terms of Service etc. and know what they have authorized
- Informed consent vs. public interest - drawing the line between these will be extremely difficult
- Healtchare example: transfer of knowledge related to heritable diseases would be highly useful
- Age distribution of MEPs: on average even older than national politics
- "Cultural lag", Decisions are not following latest development
- Questions to Nils
- Is there anyway legisliation can follow tech development
- Same in any type of legislation, cultural lag will always be there
- Have the MEPS understood how central role they have in protecting citizen rights
- Snowden discussions in liberty (valiokunta), they had to vote whether they can ask questions to Snowden (?)
- Political scales differ, e.g. a Finnish "conservative" is not really conservative in EU scale
- Government makes the decisions- this is what many EU political parties say
- Have Finnish companies been in touch with you regarding the Data Protection File
- Some have, e.g. Nokia: how is the map and traffic data anonymized
- In Finland people trust government a lot more than in some other countries
- Informed consent
- Concerns about retaining usability
- Nils: Terms of Services are really binding => you MUST read them carefully
- Has there been lobbying by the global companies?
- Not towards individual MEPs
- But the Comission is really under heavy lobbying
- Nils: Lobbying in Parliament is not the biggest problem anyway
- Who owns your DNA (analyzed with public money)?
- Nils: I own my DNA, decide to give to use with certain conditions
- Ownership is a hard concept => better to use "right to your data", e.g. healtcare organizations have right to own the data they have collected
- Nils: There still has to be the informed consent when transferring data ownership
- What kind of political pressure is needed to get the File forward?
- Humane pressure :) "Honey pot" procedure should be brought to politics => creates the right kind of pressure
- Jyrki Kasvi: Is it a problem that people could ask for their personal information to be omitted from public databases (open data) and hence reduce the quality of the data?
- There's always a chance to use the data in a wrong way
- A very hard problem
Ossi Kuittinen (OKF) again
- Digitalite, Fraternite, Liberte
- Mydata operator who promotes trust between organizations => William
KEYNOTE 2: William Heath
(partly from William's own notes directly)
- we have a lot of respect for work of OKF in the UK; pleased to see healthy chapter in Finland since OK Fest in Helsinki 2012 great to see the business interest here and that the Finnish government is engaging with civil society on My Data
- good to see a lot of business and government interest
- aim is to start discussion about mydata in Finland
- What do we mean by My Data; intense discussion with Jogi
- 1. the personal data about individuals held by organisations (business and government)
- or 2. a policy or programme designed to bring transparency and access, eventually to transfer control over that data to the individual, so it becomes “my data”. In this sense, “My Data” is a fundamental dimension of a personal data ecosystem based on participation of and consent by the individual.
- I’ll just use “personal data “ to describe the data, so when I speak of “My Data” I mean a policy or programme to make that data transparent, accessible and in due course to hand over control and transfer the data itself back to the individual.
- A “My Data” programme can be but does not have to be a government driven or government-sponsored; what it does require is Government participation & support
- US Smart Disclosure sponsored by the White House http://www.whitehouse.gov/blog/2013/05/30/empowering-consumers-through-smart-disclosure-data
- MesInfos in France arose from industry think tank FING thought France might get left behind
- UK political programme - BIS with cajoling and legislation
- ...but also live interaction with govt: ID assurance; transport, health, education, justice employment
- In France, mobile companies have given the users their location data
- "Gov is multi headed hydra" in UK one ministry was regulating the companies to hand over data to customers and other ministry was lobbying against it in Brussels (EU data protection)
- my data is wholly dependent on the participation of businesses
- treating your customers as adults, and working with them in a robust way,
- Also requires the willing participation of business. But my case is that this is a matter of enlightened self-interest: working with your customers to make customer data support the relationship you need (as opposed to jealously guarding your customers’ data however wrong or incomplete the version you hold is) provides an opportunity for huge efficiency, for innovative new services, and it averts a major competitie threat.
- My Data is every bit as important as open data on which Finland & other countries have made good progress, indeed considerably more important for reasons I’ll explain.
- I’m WH, a social entrepreneur, chairman of Mydex CIC
- sat on UK Midata strategy board, participated in the workshop where French MesInfos was first conceived. Mydex CIC is one of HMG’s ID assurance providers, based on premiss ind controls data
- You cannot make sense of a programme like My Data without some additional infrastructure, ie without something like Mydex.
- So I’m going to explain what Mydex does and the problem is was designed to solve.
MyDex slides: http://fi.okfn.org/files/2014/04/WH-for-OKF-Finland-Apr-2014-reduced.pdf
- mydex offers a personal data storage in the cloud
- digitalization only matters if it is done right, currently it is deeply flawed
- simple infrastructure idea: individual in the center
- What Mydex does
- exec overview
- Midata in UK: now closed and officially declared a success; what next - inside CDEC; also - proposed Turing Institute
- ≠ about switching ((Midata hackathon)
- value lies in cross-sector datasets, ie holistic integration around the individual
- givebacks not just of account and transaction data, but proofs of claim
- esp from Government (ie MyGovData)
- context of European DP regs
What is the relationship
- open data - anonymised data - personal data
- open data ecosystem: publishing according to rules
- personal data ecosystem: standard simple API economy with trust frameworks, based on standards
What we should all do next
- together accept the desirability of personal control over personal data
- establish that it is a win-win all round
- include in your thinking something like Mydex in Finland. If anybody here wants to sell low-cost connections into the Finnish market please see me afterwards.
- For now companies and developers can just use th Mydex API and sandbox, and experiement with it in Finland for free, eg for My Data hackathons
- make data givebacks happen both from business and from government: experiment, implement
- be creative and vigilant. This is done better when civil society and entrepreneurial developers are actively involved, as well as government and business; we need them all
- present realistic My Data principles and way ahead at OKFest Berlin in July and a strong Finnish My Data policy in September
Questions to WH (from online discussion)
» Is Quantified Self community and My Data community collaborating in UK?
I think safe answer is no. It's not intended as a criticism to say that the QS community is temperamentally ill-suited to a patient process of engagement with government.
- » Followup: is the QS community using Mydex services?
- WH: MyDex is straightforward data store; is happy to store data from QS companies/services
- QS clearly important information source for the individual. But what people decide is within scope of a "My Data" programme is up to the programme (mainly about data held by business, government, app providers)
» Any examples of the actual users of the MyDex service currently?
- WH: MyDex has seven contracts, but these organisations have not implemented connections yet, therefore not large number of users yet
» Why do you think that storing services and providing authentication should be within the same service. Wouldn't decouple of these be good idea and allow even more flexibility? Bank authentication and Mydex or F-Secure My Data management service?
- Different level of government trust from the people in UK and Finland
- Sorry - I missed this question in the live session. To be honest we didnt anticipate it. We set out to provide trusted personal data service, enabling the individual to acquire nd redeploy any sort of data in a trusted framework (including but not limited to proofs of claim). Turns out this architecture met the needs of ID assurance as envisaged by Uk government very neatly and cost-effectively.
» Can there be multiple copies of the MyDex data? Can another company host and run compatible service?
- MyDex works towards interoperability with other actors. You can download your data.
- The diversity/interoperability agenda and work towards any standardisation is done by overarching bodies such as Open Identity Exchange ( http://openidentityexchange.org/ ),
- Personal Data Ecosystem Consortium (see MyDex slides for others)
- pragmatically this may still need new technical standards and innovations
» How much will it cost for smaller service providers to integrate MyDex to their services? Are there readymade API integration kits? Is the documentation openly distributed on the web?
- Standard API, can develop interface and test in sandbox for free
- For live service there are some costs (10,000 pounds + 15p/individual in batches of 1000 (yr 1); thereafter 25% of the year 1 fee while service is maintained
- 10,000 pounds + 15k for 20,000 users is painfully large amount of money for any indie developer. They might have 1,000,000 users in first 2 months… so currently MyDex does not sound viable for startups.
- The alternative is small % of any transaction fee. If you've got a specific proposition, contact us.
» Is voluntary data generation / explicit profiles enabled by trusted relationship the silver bullet for My Data program? Sounds great, but how to take the first step?
- Have not seen yet, hope to see this year [This answer refers to the "personal RFP" ie the discoverable request for service issued by the individual. See https://cyber.law.harvard.edu/projectvrm/Personal_RFP]
- [I heard this question differently...could the person who asked it repeat here please?]
- Ecosystem of data operatores vs. a single operator
Other online questions, let's ask William to respond to these!
15:42 » Is Mydex using a procol or client that you would consider mobile-compatible and still secure?
It's a web based service using secure APIs. We did a community prototype with a downloadable client; but changed the architecture as a result. We recognise the challenge of mobile security; of course most use will be on mobile devices. (UK GDS forecasts mobile will overtake PC based use of public service no Christmas Day 2014.
15:42 » 7 contracts are not anything in the scale of Internet. You would need tens of thousands or millions of large scale inputs to get commercially viable data storage. Current version of the MyDex sounds technically interesting, but sadly not yet viable alternative.
Of course this is one of several beginnings. We think a personal data ecosystem based on personal control over persoal data is desirable and inevitable outcome. Just which player will help deliver that at what scale remains to be seen.
15:40 » My old dear aunt as an individual data controller, c'mon guys - show me the service and utility.
Even auntie, bless her, is entitled to services which are better designed, safer and easier to use than the digital services offered at present. We recognise from the outset that safer digital services have to be designed with the neediest in society in mind, not those who are most digitally adept. But also any sensible universal service provision committed to "digital by default" has to make provision for an "assisted digital" alternative channel. I dont believe this has been thought through carefully enough or articulated clearly enough, but that's a wider issue.
15:39 » Technology without actual users is not a solution. Most of the USA-based companies mostly don't care about protection of the personal data, since it's the thing they create services from. We can't change history.
You make three valid points. Mydex serves its community purpose only when the community uses it at scale; quite agree. The US-based companies lobbying Nils over data protection are indeed committed to a model based on an often unwarranted level of exploitation of personal data. The obvious rejoinder to We can't change history is let us try in the present to affect the future :-)
15:35 » It might be wrong to think that no country is an island, but has Mydex considered scaling across Europe?
This is a global problem, It requires a diversity of interoperable global solutions. That said, you have to start somewhere. We've researched some European markets; we'd be very happy to have a representative to sell connections in Finland.
15:34 » How do you handle requests from government(s) to see the data?
Mydex can't see the data, so we're unable to help.
15:33 » What about personal information that is not permitted to be stored outside of Finland (or another country of creation)?
Hm. Is there such? Is it not an EU-wide thing?
15:33 » When you authorise someone to download yourdata from MyDex, do you just give them your password or is there any log on how they are using your data?
The Mydex member (ie the individual who holds the account) makes a connection to a service or app. They can then see what data is being shared and whether one-off or enduring. They can switch fields on and off. Of course, if you dont share the data required by the service provider then the service provider may not provide the service. There's ano technical oslution for that, but you can bring control and transparency to the process.
15:32 » Legal protection to data is good thing, but creation of the service might not mean that commercial or gov service providers would start to use it.
15:32 » What do you think about the Estonian government driven Data Exchange programme known as "X-Road"?
It's a very advanced country, much admired in the UK (and there's a formal e-government collaboration in place) with a culture and hinterland that is very different from the UK.
15:31 » Does currently any service provider report customer transaction data to the MyDex-profile?
As I said we are at the early stage of having contracted connections (some potentially at population scale) but these are not yet implemented by the organisations in question.
15:31 » Isn't trust about transparency and establishing options? Can I easily change Mydex to some other service?
Yes of course .
15:29 » How to get data from Google/Facebook/Apple/etc. to MyDex? And should it be for that kind of storage?
Google, Facebook and Twitter offer "download my data" or "data liberation: options. So it's straightforward.
15:29 » In Finland, the ID could be provided by the State (service bus). How do you see this?
Finland has a far higher level of trust than the UK. Processes are different, eg you do registration and have eg a register-based census. The UK is very different. I think the best position is to have a very competent government and a supicious population. Finland seems to me to have the first, and the UK has the second.
15:28 » Everyday we give our data to Goole, Faebook, Apple, Microsoft, Amazon etc. to recieve handy services. Does it benefit our GDP? How to grow from users to producers?
Indeed (rhetorical question I take it?)
15:17 » Personal Data = Data, My Data = Policy / Program
Ossi again, aplauds
Participants with short introductions
- What's happening in Finland
- Reijo Paananen, Digile - National innovation system point of view
- business focus, great growth opportunities
- wild west environment, challenging for creating sustainable businesses
- need for standards, such as GSM earlier
- Pekka Pere, serial entrepreneur, investor - Business point of view
- likes open society (democracy, privacy, freedom of speech)
- democracy can not work if we do not own our data
- internet can give a lot for democracy, but it is also a Pandora's box and can give tools for totalitarism
- Internet of things => Internet of behaviours (Göte Nyman)
- privace is bunch of behaviors - some ar public, some are private, we should be in control of that
- Samuel Rinnetmäki, OKF - Digicitizen point of view
- Open data hobbyist and developer
- It seems that many independent groups have very similar vision of the future of My data "when it is all ready", but when the qustion comes to the next steps the ideas are very different.
- Taru Rastas, Ministry of Transport and Communications - Publich administration developer point of view
- Brought open data to the agenda of Finnish government
- Open data and My data are not the same but they are interlinked, mydata is a natural next step to take forward in Finland
- Nils Torvalds, MEP - EU citizen and her rights point of view
Public vote of the discussion topics
My data opportunities, top 6
- Personalized services, finding relevant information, even actionable information
- Enables better and smarter services
- Quantified self data enables solving healthcare problems on a whole new level
- Service independent of service-providers, for example following and managing personal economy/spending
- Raise Finland as a pioneer in mydata business development. We have an excellent starting point based on government trust and social support
- Making data management simpler
Data quality (Reijo Paananen)
- Current costs of data quality (e.g. badly targeted ads) are huge => mydata can become a burden for individuals and the society
- => Need different types of actors that ensure data quality, mydata-thinking has some important benefits here
- Ministry of transport and communication has a transport-lab with a pilot program related to mydata
- How do people learn to manage their mydata, how to educate people?
- Samuel Rinnetmäki: Simply make it so easy that everyone can do it (e.g. Facebook), consumer services have already solved this and provided examples of user interfaces etc.
- Human centric data structure?
- Only those services get users that are easier to use than others - for example if street designer designs a extra curve to a footpath people will not use it, they will use the shortcut - best way to design a footpath is to observe where people actually walk
- In general the trust is good in Finland, but we can not build everything on this, there are different types of trust relationships between people
- Example systems are out there already: Trust network, respect network, = networks between trusted people
- Example: driving license, what kind of informatin is there: time and place of birth, what you need for driving (eye glasses for example) etc.
- Different types of information have very different values
- What kind of information are we ready to share?
- What happens if you have given some information out and decide that you "want it back"?
- There has to be ways to avoid leaving digital tracks, for example using cash instead of credit cards
- Early adopters are not role models, the big masses act differently
- Internet is the Constitution of the mankind
- Have to separate when I am at home (private) and when at the marketplace (public)
- Reijo P: Internet should be able to forget!
- Samuel R: Ethical development will happen in Internet along other development
- E.g. social networks can execute justice for things that people consider bad
- Cultular lag
- Europe is badly lagging behind
- Economy-legislation is going fast forward, but everything else is lagging behind (see the book of Kaarlo & Klaus Tuori http://www.booky.fi/kirjailija/Tuori#!product_id=9781107056558)
- Hopeful that new culture and way to do things will emerge
- Creativity and innovation will drive these
Ossi: How can we use the publich sector to drive mydata development
- Taru Rastas: TACT -principle (transparency, access, control, transfer)
- Pilot programs, trial and error
- Samuel: Public sector can create principles and even technical solution to promote mydata, but will it be as easy as in best services, and will it generalize to private services
(noteskeeper is getting tired...)
Ossi: The Internet of people, can we create this in Finland (like Linux)
- Pekka: In Finland data is still (currently) safe, can attract businesses
- Samuel: Finland ranked on top in trust (as William pointed out), we have a lot of good stuff going on, e.g. AaltoES, Startup Sauna => There are good chances that Finland will become a pioneer for mydata and show others the way forward
- However, for example in Estonia some things are way further than in Finland (there the decision makers, e.g. Ilves, are much more capable and interested in tech and Internet)
- Things to avoid (William)
- Excessive gov control (but NB full government participation is essential
- Presenting Mydata as "all about switching". It isnt. (*None* of the apps developed at Midata hackathons were about switching. All about valuable re-use of data sets in a wider context)
- Mydata makes possible much richer set of services than earlier was possible
- Does not share Euro-skepticism, Europe has some unique strengths
CHALLENGES IN MYDATA
Crowdsourced online, top X:
- Lack of standards
- Only nerds wants to make the effort to manage their own data
- Who will pay the inital costs?
- How to get the critical mass
- Challenging the American giants (Google, Facebook)
- Managing your own data is hard, there's a long way to go before we have easy-to-use consumer services
- Make your own standard will improve things => will get comments and alternative suggestions from elsewhere
- World functions throuhg making things and putting them on the open to be tested
- The easier the services become, the more users they will attract
17.30 COFFEE AND DISCUSSION
18.30 AFTER PARTY!?!