In the wake of GDPR legislation, discovering a way to encourage people to share their personal data more widely is crucial to enabling the service breakthroughs the public wants. But there is a level of trust that needs to be built before that can happen, says J Cromack of Consentric
Much of the potential of smart city initiatives relies on unparalleled sharing of data amid different parties – from council departments and transport/infrastructure managers to the app organisations coordinating innovative new products and services.
A portion of this data will come from the people passing through and interacting with these cities – only some of it will be aggregated, anonmysed population data. Take Southhampton, for instance, local residents can now carry a single City Council ‘smart’ card which can be purposed interchangeably as a bus pass, donor card, library card, leisure card, and toll card for crossing the Itchen Bridge. Such things would unachievable without the council and affiliated service providers being able to share citizens’ data.
Yet, in the wake of Facebook/Cambridge Analytica, and as the new EU General Data Protection Regulation (GDPR) comes in, personal data sharing has become a thorny subject. And plans for smarter cities, improved public health and other digital service innovations could be at risk if the public stop consenting to relevant businesses being in on the secret. So it’s imperative we don’t reach that point.
That means giving individuals fresh, attractive reasons to share their personal data in the wake of GDPR – based on what they stand to get in return. It also means rebuilding trust; that people’s personal data will be solely used with an individual’s express permission for the intended purpose, and that new permissions will be sought as needed.
Getting out what you put in
In the public sector a wide range of advances, from personalised, pre-emptive health advice to smarter transport services, rely on citizens allowing different organisations to understand more about who they are and what they are doing. As well as improving their own experience, the shared information could be used for the greater good – such as an increased understand of diabetes or heart-attack triggers, or how to make cities a safer place to live.
It’s a theme that’s explored in a recent extensive report, which notes that when the purpose of data sharing is clearly and transparently defined, contributors are generally readier to accept new use cases. At an administrative level, this could be something as simple yet easy-to-appreciate as lessening the need for citizens to repeatedly give their address and other identifying data when applying for passports, driving licences, Blue Badges and so on.
‘Help us to help you’
Lateral data sharing is not just a public-sector imperative, either. Other markets, such as financial services, could deliver a more innovative and impactful experience for consumers who are adequately confident to share their data with more than one organisation at a time.
I could empower my independent financial adviser to do a better job for me, for example, if I allowed him to understand more about fluctuations in my wealth and cash flow. But that would mean giving permission to access certain information from my bank accounts, credit cards and so on, in support of specified activities.
It all comes back to balance, however. If the IFA’s algorithm means my default high-risk investment category is reviewed immediately if my income drops below a certain threshold, that’s valuable to me. If someone later tries to sell me home insurance because they’ve bought my financial profile, I’m going to look on the situation less kindly.
Similarly, I am more likely to give consent for data captured by my Fitbit device to be shared if I think it could save my life by preventing a stroke – because my readings trigger an alert, based on correlations in shared health data. But if there is a chance my medical information could fall into the wrong hands, I may make a different judgement call about how far my data’s use may be extended.
Regaining trust by giving back control
Although GDPR might seem to suggest it, rebuilding consumer confidence doesn’t necessarily mean that organisations themselves must put in place rigid new controls over what happens to people’s data. Rather it may be more efficient – and confidence-inspiring – to put these controls into the hands of the public, so that individuals can view, edit and determine their own data permissions. Think of it as giving people access to their own personal data ‘strongboxes’ – which can be linked to particular use cases and applications as new options present themselves.
As consumers are increasingly asked to connect to everything from smart meters in the home to health-monitoring or finance-management apps to help them manage their health and their lives, giving them a voice in what happens to their information is an important first step in getting them to open up. Being more transparent about the intentions for data, spelling out the benefits they stand to gain, and putting the individual in continuous control of consent, is surely the way forward.
Data for Public Benefit: Balancing the risks and benefits of data sharing, a paper by Understanding Patient Data, Involve, CarnegieUK Trust, April 2018