Recent research suggests that Americans are more concerned about not knowing how their personal information collected online is used than losing their principal source of income. Another report found that privacy and security fears are “shutting down” IoT use, with some consumers seeing the risks of IoT devices as outweighing the rewards.
In the digital world, products and services are delivered via a complex chain of partners – the whole value fabric is only as strong as its weakest link. If we collectively fail to address security and privacy issues, they could slow or prevent us all reaping the benefits of new virtual technology.
These aren’t issues that you can take or leave, depending on your appetite for risk. Regulators are introducing new laws and rules for data protection and security assurance. Failure to comply could be costly, and not just in reputational terms: Breaching of the European Union’s new General Data Protection Regulation, for example, could result in a fine equivalent to 4 percent of global turnover.
TM Forum and the Qiy Foundation are both working to help businesses tackle these challenges through approaches based firmly on giving consumers control of their data.
- TM Forum’s Privacy Dashboard gives all parties easy-to-use control and transparency regarding personally identifiable information (PII). It is focused on clearly identifiable digital transactions – ‘as a customer I want a service but place the following constraints on the use of my personal data (my ‘privacy profile’)’. Similarly, the service provider will have a list of personal data they require to provide the service. Both parties can modify their profile to establish a mutually acceptable, enforceable position.
- The Qiy Foundation, also a non-profit independent organization, is building the Qiy Scheme which is about “trying to give people their own position in the digital network”, says Marcel van Galen, Founder and Executive Director of the foundation. He describes it as “like a GSM or a credit card scheme – but our scheme is about personal data. It’s a personal data ecosystem.”
I caught up with TM Forum President and CEO, Peter Sany (PS), and Marcel van Galen (MvG) to find out about their views on privacy and personal data in the digital world.
How big is the gap between what companies need to do to manage personal data properly and where they are now?
MvG: What we experience is that the gap is huge.
Most companies see the issues, but they think about the technology, the size of the task – that sometimes makes them so scared that they don’t do anything. But now with the European Union’s GDPR legislation, they have to do something.
A lot of companies are really struggling with how to be compliant and they often see it as a problem, not as a chance. We see it as a chance – a new business opportunity.
PS: The gap is quite big but it is often vastly misunderstood or not understood at all.
And it’s not just businesses; most of the end users are not sufficiently educated about the impact of their own behaviors around personal data.
What needs to change?
PS: Walled garden approaches will not work. People need to be able to determine in a much more granular, object/value-oriented way what can or can’t be released, in what context, and over what timeframe as well. We need modern systems that ensure these contexts remain tied to their origin.
MvG: I agree. Telcos, insurance companies, banks, cities…they need to implement their thinking based on the Qiy Scheme and what we call a ‘node’ – the Qiy node. You as an individual become a node in the system. This means that as an individual, you have direct access to your data and you can reveal data for a specific purpose and timeframe. The Qiy Scheme consists of three layers: an organizational, legal and technological layer. Compliance with the Qiy Scheme means being compliant with the GDPR.
You’ve also both mentioned seeing data privacy as an opportunity not a burden?
MvG: Look at the benefit of the traditional CRM [customer relationship management]system – turn it around to ‘customer-managed relationship’. Based on trusted connections I can reveal self-declared information or validated information by routing this information from a source.
Take the example of a mortgage – if you apply for a mortgage now, you need to download a lot of papers, payment slips etc. In the customer-managed scenario, you’d have access to your data at parties like banks, insurance companies and the government and you are able to route it to the mortgage provider – it’s connecting, while maintaining the validation, instead of uploading, downloading and controlling again.
You could act totally differently marketing-wise because you can ask people to publish their interests and profile, anonymously if they want. You don’t have to spend a lot of time and money trying to figure it out if people are able to tell you what they want based on a trust connection.
It also makes sense ecologically because now we are copying data, photos and documents. This isn’t necessary because if data lives once, in favor of data minimization, you can share it and give others access to it.
PS: There are currently a lot of assumptions, based on IP address or email, for example, which could lead to completely wrong conclusions that are detrimental. If you have a system that can aggregate data, and give control of the data and information to the person who owns and originated it, and authenticate that [ownership], you can also drive customer experience in a much more concise way.
What are you proposing as the next steps?
PS: These considerations around privacy and security are essential in the digital world. Our best practices and standards must have the elements that support security and privacy authentication. As this is also a key focus for the Qiy Foundation, it would be great to join together to drive the adoption of standards and practices which are open and modern, and support the digital world.
At the same time, I think we should also work to influence policy towards a global set of standards that are compatible with each other.
MvG: The Qiy Foundation’s mission is ‘digital self-determination for everyone’. To achieve this we need the knowledge and the execution power of the networked parties, collaborating on developing and implementing the Qiy Scheme. With our worldwide ambition, I think the mutual benefit can be great. There is large potential in terms of discovering the business potential of the Qiy Scheme for TM Forum members.
Watch this space.