BLOG

Models for personal data protection

This article explores the characteristics of the main models of data exploitation: the APIS model that arises through the different organizations and companies that provide services and that take advantage of the data they have of their users, the Aggregation model of the platforms based on offering free services of high added value for the users in exchange for collecting and exploiting the data obtained for the development of businesses based on the personalization and finally the PIMS model centered in the user that allows that he is the one who has the control of his personal data.

This article explores the characteristics of the main models of data exploitation: the APIS model that arises through the different organizations and companies that provide services and that take advantage of the data they have of their users, the Aggregation model of the platforms based on offering free services of high added value for the users in exchange for collecting and exploiting the data obtained for the development of businesses based on the personalization and finally the PIMS model centered in the user that allows that he is the one who has the control of his personal data.

Personal Information Management Systems (or PIMS) are systems that help give individuals more control over their personal data. PIMS allow individuals to manage their personal data in secure, local or online storage systems and share them when and with whom they choose. Providers of online services and advertisers will need to interact with the PIMS if they plan to process individuals’ data. This can enable a human centric approach to personal information and new business models.

Figure: In the API ecosystem model (left), if the number of services increases, the number of connections will increase even faster. Centralising data management to platforms (middle) facilitates application development, but there is no incentive for different platform players to seek interoperability between platforms. Compared to the platform model, the PIMS operators infrastructure (right) is robust and scalable because it is not dependent on any one organisation providing the infrastructure.

The API ecosystem model

Application programming interfaces (APIs) allow connecting different individual services in an agile manner. The resulting ecosystem promotes the flow of information, creates new business and accelerates digital service development. Generally, the motive for organizations to develop public APIs is to position their own service as central to the broader service portfolio as possible. However, the features and technologies of interfaces vary greatly, which makes the integration of APIs between different individual service providers time-consuming and tedious.

The ease of integrating different APIs will certainly improve over time. From the point of view of human-centric control of personal data, the problem with this kind of an ecosystem is the large number of services, the mesh of connections be-tween them, and the following difficulty for people to understand how data about them is used. The only way to get a complete picture on how data about you flows between services is to log in to each service individually and look for a settings view that shows which other services have been granted permission to read data through the interface. Separate management of a few services is still possible, but with in-creasing digitalisation, every brand and service wants to establish its own digital customer relationship with the consumer, involving the collection and sharing of data. Suddenly people are involved in hundreds or thousands of managed relation-ships, and the need for infrastructure to manage data flows and digital relationships becomes evident.

Platform model

In the absence of infrastructure for managing and transmitting personal data based on open standards, individual companies operating globally are expanding their own personal data ecosystems and are seeking to become de facto standards through their sheer user volume. Common to the organization centric ecosystems created by these platform economy giants is that the data flows seamlessly within the ecosystem built around the central enterprise platform and the user identity it provides, but only to a limited extent outside of that ecosystem. There is a risk that new players will be prevented from entering the market altogether.

The platform model is also utilized in some sectors to enable the sharing of data collected by multiple actors. The health sector has many examples of this in various countries. In such a structure, companies or public authorities establish a common platform for the transmission of data. Centralization promotes the pooling of data and speeds up the development of new use cases for data, but at the same time the system becomes dependent on a single actor who defines the objectives and ways of doing things.

People’s access to and control of the data about them may not be realized with platforms which are primarily designed to support the business models of the central organization or to facilitate exchange data between organizations within a single sector. For example, online advertising companies operate in networks where few aggregator companies facilitate the movement of personal data, but with the objec-ive is not to meet people’s needs, but rather the needs of the ad tech companies in the network.

The PIMCity operator model

In the human-centric PIMS operator model, a person acts as the point of integration regarding the data about them. In this model, a person can control the use of personal data about them across services by granting or denying access to data or by assigning services to act on their data. Some people could run the necessary technology in a secure way themselves, but most will want to rely on external service providers. These service providers offer tools for people and organizations to manage multiple types of personal data coming from multiple sources.

The key difference with the platform model is that, in the PIMS model, there are many service providers that together form ecosystems in which personal data is shared with high levels of trust. The infrastructure is not based on centralizing user information to a single service, as in the platform model. Instead, the participants in the ecosystems have common standards, policies, and governance that enable interoperability and data portability. This could be compared to, say, a network of banks. Instead of being able to transfer payments only between its own customers, the banks form an international network where payments can be made between customers of different banks.