How can we make MyData principles a reality?
All of us agree on the principles of us being the central controllers of our data. And even the lawmakers in the EU (GDPR), California (CCPA) and many other jurisdictions agree. With us! We all want us to be in control, and the companies to give us access to our data, and for us to easily transfer this data to where we want to.
So if we all agree, how come these principles are not yet a reality and what can we do to bring about this reality? Making the MyData principles a reality is hard because a lot of change is needed and many actors do not like this change.
My Own Background in the Fight for Data Privacy
My name is Eike and I myself since 2007 was working on a project called ¨Applicant passport¨ which was about giving CV data ownership to applicants and employees. The project wanted to solve two problems: Entering application data into applicant tracking systems over and over again, helping the HR managers receiving thousands of applicants to know how to handle these in a data privacy compliant way.
The need was clearly there, but bringing about the change was hard, so the project failed.
In March 2018 a friend of mine and investor in Cambridge Analytica, asked me to take over a new project Cambridge Analytica was working on, Pangea, a data locker that wanted to give control of data back to the data subjects. While the project was stopped due the bankruptcy of Cambridge Analytica and the downfall of ICO fundraising, I have since then wondered how we could bring about meaningful change towards the MyData principles.
While most of you are experts on MyData, I am trained as a lawyer and have built several successful companies, some with millions of users, and I have talked to many of you especially to founders of MyData operators, trying to find ways to bring about this needed change. In those discussions several things became apparent that I quickly wanted to discuss with you.
Ways to bring about change
The first realization is that change is difficult, as it requires a behavior change by many millions of people. There are three general ways to bring about this change:
- Government legislation
- Persuading the big actors like Facebook and Google
- Change from the ground up
Government legislation is already there, but so far it still requires action from the data subjects. This makes it ineffective as 99% of the population are too lazy to change their behavior.
Legislation that would in my opinion bring about real change would be as follows:
- Requiring that every company that handles data make all that data available in an easily understandable way and let the user be able to edit or delete this data themselves.
- Requiring that every company that handles data provides an API that gives access to all the data subjects’ data as well as observed data, and gives this access LIVE.
As I think this legislation is not going to come soon, I want to focus on creating change from the ground up.
Bringing about change from the ground up by the data operators
As change from the ¨ground up¨ I see the change coming from MyData operators, that aim data economy based on the MyData principles.
Here are some of the operators, that are trying to bring about change in this area:
The more I analyzed these companies the more disappointed I became: despite the huge effort none of the companies had been able to achieve any significant change.
What I mean by significant change, is a change that convinces the big data controllers like Google, Facebook and Amazon to embrace MyData principles or to change the behavior of the public. That means a data operator would not only need several thousand, but several million if not a billion users, before any real change could happen. But most of these above companies achieved less than 50,000 users.
How can data operators become more successful?
So what can these companies, or what can we as a community do, to bring about change from the bottom up?
First of all, let’s be clear on what we want. Because in some of the discussions I had with operators, the final objectives were slightly different from mine.
- Some operators feel it is important to store data on your own hardware. Similarly, some feel it has to be stored on a decentralized blockchain controlled system where no one has access to. For that reason some of the data operators spent their resources on building storage technology rather than acquiring users.
- For some, the focus is on ensuring a basic income from the sale of our own data. For that reason some spent their resources on building a marketplace, rather than acquiring users.
- Some seem to have focused only on raising money via an ICO, with a concept, data privacy, that many ICO investors cared about. But as soon as they had raised their money, they spent very little on furthering the MyData principles and rather took that money for their own private pleasures.
For me personally it is OK that many companies have my data. In fact, I often prefer this because they can provide me a better service. And although, it is nice to earn additional money, by being paid for my own data, this is not important to me. So the key things for me personally are:
Data Control (Knowing):
- Who has my data?
- What data they have? and
- How do they use it?
Data Control (Action): Being able to delete the data or parts of the data at any point in time.
Data Portability: Being able to transfer all the data, also the data collected by the company about me, to another data controller, thus ensuring competition and countreacting monopolies.
For this to happen I do not need to assemble all my data in one place, it is totally OK if the companies continue to store my data. But what I do need is:
- A dashboard showing me every company that has my data, and giving me the possibility to edit this data or to revoke permission.
- an API that allows me to give consent to transfer data to another data controller. Basically, the same as Facebook already provides with the public API, but for potentially ALL the data they store about me.
Many of the above operators agree with these objectives and are working on it. And many data subjects want to know what is happening with their data. So why has nobody been able to get it done?
Success principles for data operators
I have analyzed almost every data operator above and there are different reasons for the lack of success for each one. This analysis I would be happy to share in private a conversation. What I want to focus on now is the way forward, meaning what data operators have to do in order to bring the MyData principles to the mass public.
I strongly believe that mass success can only be achieved by the following:
- Raise money
- Use the legal rights of GDPR,
- Focus on getting users and data
- Make it super simple for users
- Achieve virality
- Piggyback on companies
- Focus on consumption data
I myself have raised money several times, as well as bootstrapped companies. Bootstrapping companies is really hard and it is a slow process. So if we want to gain a billion users, and do so fast, we have to raise money.
To raise big money we got to have a big vision on how the company could in the future become a unicorn.
Use the legal rights of GDPR
- You can let the user input data but this data is less than 1% of what you could get from companies like Facebook, Google and Amazon.
- I myself have a user database of over 20 million users in my company. All these users have taken several tests, so the data is interesting and can be monetized; but nothing compared to the data that the big guys have.
- Also, focusing on getting data via the publicly available API is not enough, because the most interesting data is currently not available via that API.
- That means that we have to focus on demanding data on behalf of the user via Art. 15 (data request) and Art. 20 (data portability) GDPR.
Focus on getting users and data
Building a data storage or a data marketplace is nice but neither brings users.
So the entire focus at first has to be to get several million users to use the service to get their data. Only once that has been accomplished can we think about data storage or data marketplace.
Make it super simple for users
For users to come and get their data it has to be super simple. Sure, some nerds are willing to spend hours typing in information and writing to companies in order to get their data. But for the majority of users the act of getting their data has to be done by just a click of a button.
Getting billions of users without virality is almost impossible. Let’s say you spend 5 USD per acquired user, are you going to spend 5 billion to get your first billion users???
I myself was able to generate over 20 million users virally. So it is possible! But UI and UX have to be very slick and you have to offer something very cool. Just offering insights into your personal data or even earning a few dollars is not cool enough, as the experience of some of the companies above shows.
But I am sure we can find some hacks to make the product go viral.
Piggyback on companies
Alternatively, we can piggyback on large companies that are attracting a large amount of users. There are two potential ways to do this:
- for existing users of the company, or
- for new users the company wants to attract.
For example, HR departments of large companies sometimes have over 100.000 records of resumes and they do not know what to do with this data. We could offer the company to store the data on its behalf and write every data subject to give his consent and access to that data.
Alternatively, we could create a widget to be used in the registration process of companies, for example a dating app. The widget comes in the registration process and asks to link multiple services like Facebook, Google, Amazon etc. by the click of a button. Then we get the data by a legal request according to Art. 15 or Art. 20 GDPR, and give that data to the data app as well as to the user.
Both ways could lead to millions of records in a short amount of time.
Focus on consumption data
I do believe it can make sense to focus first on certain kinds of data, ideally data that can easily be monetized. The most monetizable data seems to be consumption data from credit cards or loyalty programs like PayBack. If our service is first focused on getting consumption data, we might actually be able to invest the 5 USD marketing per acquired user and thus rapidly scale on advertisements.
I would love to discuss with everyone the ideas for how we can scale a service fast, so as to bring about real change.
Please get in touch: firstname.lastname@example.org.