The document summarizes the emerging opportunities and challenges around personal data as a new asset class. It outlines how personal data is being generated at unprecedented scales from various sources. However, the current personal data ecosystem remains fragmented without common standards or principles. The summary identifies key stakeholders in the ecosystem, including individuals, private sector companies, and governments, and notes they each have different and sometimes conflicting needs and interests. It argues a balanced ecosystem can be achieved by adopting an end-user centric approach that empowers individuals and aligns all stakeholders around common goals of trust, transparency and value creation.

1. Personal Data:
The Emergence of a New Asset Class

2. An Initiative of the World Economic Forum
January 2011
In Collaboration with Bain & Company, Inc.
The views expressed in this publication do not necessarily reflect those of the
World Economic Forum or the contributing companies or organisations.
Copyright 2011 by the World Economic Forum.
All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted
in any form or by any means, electronic, mechanical, photocopying or otherwise without
the prior permission of the World Economic Forum.
Title picture by frog design inc.

3. Acknowledgements
This document was prepared by the World Economic Forum, in partnership with the individuals and
organisations listed below.
World Economic Forum
Professor Klaus Schwab Executive Chairman
Alan Marcus Senior Director, IT & Telecommunications Industries
Justin Rico Oyola Associate Director and Project Lead, Telecommunications Industry
William Hoffman Head, Telecommunications Industry
Bain & company, inc.
Michele Luzi Director
The following experts contributed substantial research and interviews throughout the “Rethinking Personal
Data” project. We extend our sincere gratitude to all of them.
Julius Akinyemi MIT
Alberto Calero France Telecom
Ron Carpinella Equifax
Chris Conley ACLU
Douglas Dabérius Nokia Siemens Networks
Timothy Edgar Office of the Director of National Intelligence, USA
Jamie Ferguson Kaiser Permanente
Michael Fertik ReputationDefender
Tal Givoly Amdocs
Kaliya Hamlin Personal Data Ecosystem
William Heath Mydex
Trevor Hughes International Association of Privacy Professionals
Betsy Masiello Google
Mita Mitra BT Group
Drummond Reed Information Card Foundation
Nasrin Rezai Cisco
Natsuhiko Sakimura OpenID Foundation
Kevin Stanton MasterCard Advisors
Pamela Warren McAfee
Von Wright AT&T
projEct StEEring Board
This work would also not have been possible without the commitment of:
John Clippinger Berkman Center for Internet and Society, Harvard University
Scott David K&L Gates
Marc Davis Microsoft
Robert Fabricant frog design
Philip Laidler STL Partners
Alexander (Sandy) Pentland MIT
Fabio Sergio frog design
Simon Torrance STL Partners

4. Table of Content
IntroductIon 5
ExEcutIvESummary 7
SEctIon1:
PErSonaldataEcoSyStEm:ovErvIEw 13
SEctIon2:
StakEholdErtruStandtruStFramEworkS 27
SEctIon3:
concluSIonS 32
GloSSaryoFtErmS 37

5. Introduction
We are moving towards a “Web of the world” in which mobile communications, social
technologies and sensors are connecting people, the Internet and the physical world into
one interconnected network.1 Data records are collected on who we are, who we know,
where we are, where we have been and where we plan to go. Mining and analysing this
data give us the ability to understand and even predict where humans focus their atten-
tion and activity at the individual, group and global level.
This personal data – digital data created by and about “Personal data is the new
people – is generating a new wave of opportunity for oil of the Internet and the
economic and societal value creation. The types, quan- new currency of the digital
tity and value of personal data being collected are vast: world. ”
our profiles and demographic data from bank accounts to
Meglena Kuneva, European
medical records to employment data. Our Web searches Consumer Commissioner,
and sites visited, including our likes and dislikes and pur- March 2009
chase histories. Our tweets, texts, emails, phone calls,
photos and videos as well as the coordinates of our real-world locations. The list con-
tinues to grow. Firms collect and use this data to support individualised service-delivery
business models that can be monetised. Governments employ personal data to provide
critical public services more efficiently and effectively. Researchers accelerate the devel-
opment of new drugs and treatment protocols. End users benefit from free, personalised
consumer experiences such as Internet search, social networking or buying recommen-
dations.
And that is just the beginning. Increasing the control that individuals have over the man-
ner in which their personal data is collected, managed and shared will spur a host of new
services and applications. As some put it, personal data will be the new “oil” – a valuable
resource of the 21st century. It will emerge as a new asset class touching all aspects of
society.
At its core, personal data represents a post-industrial opportunity. It has unprecedented
complexity, velocity and global reach. Utilising a ubiquitous communications infrastruc-
ture, the personal data opportunity will emerge in a world where nearly everyone and
everything are connected in real time. That will require a highly reliable, secure and avail-
able infrastructure at its core and robust innovation at the edge. Stakeholders will need
to embrace the uncertainty, ambiguity and risk of an emerging ecosystem. In many ways,
this opportunity will resemble a living entity and will require new ways of adapting and
responding. Most importantly, it will demand a new way of thinking about individuals.
1
Many of these concepts and background information have been introduced in: Davis, Marc, Ron Martinez
and Chris Kalaboukis. “Rethinking Personal Information – Workshop Pre-read.” Invention Arts and World
Economic Forum, June 2010.
5

6. Indeed, rethinking the central importance of the individual is fundamental to the transfor-
mational nature of this opportunity because that will spur solutions and insights.
As personal data increasingly becomes a critical source of innovation and value, busi-
ness boundaries are being redrawn. Profit pools, too, are shifting towards companies that
automate and mine the vast amounts of data we continue to generate.2 Far from certain,
however, is how much value will ultimately be created, and who will gain from it. The un-
derlying regulatory, business and technological issues are highly complex, interdepend-
ent and ever changing.
But further advances are at risk. The rapid rate of technological change and commerciali-
sation in using personal data is undermining end user confidence and trust. Tensions are
rising. Concerns about the misuse of personal data continue to grow. Also mounting is a
general public unease about what “they” know about us.3 Fundamental questions about
privacy, property, global governance, human rights – essentially around who should ben-
efit from the products and services built upon personal data – are major uncertainties
shaping the opportunity. Yet, we can’t just hit the “pause button” and let these issues sort
themselves out. Building the legal, cultural, technological and economic infrastructure to
enable the development of a balanced personal data ecosystem is vitally important to
improving the state of the world.
It is in this context that the World Economic Forum launched a project entitled “Rethinking
Personal Data” in 2010. The intent of this multiyear project is to bring together a diverse
set of stakeholders – private companies, public sector representatives, end user privacy
and rights groups, academics and topic experts. The aim is to deepen the collective un-
derstanding of how a principled, collaborative and balanced personal data ecosystem
can evolve. In particular, this initiative aims to:
• Establish a user-centric framework for identifying the opportunities, risks and collabo-
rative responses in the use of personal data;
• Foster a rich and collaborative exchange of knowledge in the development of cases
and pilot studies;
• Develop a guiding set of global principles to help in the evolution of a balanced per-
sonal data ecosystem.
2
Bain Company Industry Brief. “Using Data as a Hidden Asset.” August 16, 2010.
3
Angwin, Julia. “The Web’s New Gold Mine: Your Secrets.” Wall Street Journal. July 30, 2010. http://online.
wsj.com/article/SB10001424052748703940904575395073512989404.html
6

7. Executive Summary
pErSonal data: untappEd From a private sector perspective, some
opportunitiES For SocioEconomic of the largest Internet companies such as
groWth Google, Facebook and Twitter clearly show
the importance of collecting, aggregating,
analysing and monetising personal data.
The rate of increase in the amount of data These rapidly growing enterprises are built
generated by today’s digital society is as- on the economics of personal data.
tounding. According to one estimate, by
2020 the global volume of digital data will Governments and public sector institutions
increase more than 40-fold.4 Beyond its are also transforming themselves to use
sheer volume, data is becoming a new data as a public utility. Many governments
type of raw material that’s on par with capi- have successfully launched e-governance
tal and labour.5 As this data revolution era initiatives to improve the efficiency and ef-
begins, the impact on all aspects of society fectiveness of communication among vari-
– business, science, government and en- ous public organisations – and with citizens.
tertainment – will be profound.
But some of the most profound insights are
coming from understanding how individuals
Personal data – a definition
themselves are creating, sharing and using
For this report personal data is defined personal data. On an average day, users
as data (and metadata) created by and globally send around 47 billion (non-spam)
about people, encompassing: emails6 and submit 95 million “tweets” on
• Volunteered data – created and explic- Twitter. Each month, users share about 30
itly shared by individuals, e.g., social billion pieces of content on Facebook.7 The
network profiles. impact of this “empowered individual” is
just beginning to be felt.
• Observed data – captured by record-
ing the actions of individuals, e.g.,
However, the potential of personal data
location data when using cell phones.
goes well beyond these promising begin-
• Inferred data – data about individuals nings to vast untapped wealth creation
based on analysis of volunteered opportunities. But unlocking this value
or observed information, e.g., credit depends on several contingencies. The
scores. underlying regulatory, business and tech-
Source: World Economic Forum, June 2010.
nological issues are highly complex, inter-
dependent and ever changing.
4
IDC. “The Digital Universe Decade – Are You Ready?” May 2010.
5
The Economist. “Data, Data Everywhere.” February 25, 2010.
6
The Radicati Group. “Email Statistics Report, 2009–2013.” May 2009.
7
“Twitter + Ping = Discovering More Music.” Twitter Blog. November 11, 2010; “Statistics.” Facebook Press
Room. January 11, 2011. http://www.facebook.com/press/info.php?statistics
7

8. thE pErSonal data EcoSyStEm – regulators have the mandate to protect the
WhErE WE Stand today data security and privacy rights of citizens.
Therefore, they seek to protect consumers
The current personal data ecosystem is from the potential misuse of their identity.
fragmented and inefficient. For many par- On the other hand, regulators balance this
ticipants, the risks and liabilities exceed the mandate with the need to foster economic
economic returns. Personal privacy con- growth and promote public well-being. Pol-
cerns are inadequately addressed. Regula- icy makers around the world are engaged
tors, advocates and corporations all grapple in discussions to enhance legal and regu-
with complex and outdated regulations. latory frameworks that will increase disclo-
sure rules, maximise end user control over
Current technologies and laws fall short of personal data and penalise non-appropriate
providing the legal and technical infrastruc- usage. Finally, government agencies are us-
ture needed to support a well-functioning ing personal data to deliver an array of serv-
digital economy. Instead, they represent a ices for health, education, welfare and law
patchwork of solutions for collecting and us- enforcement. The public sector is therefore
ing personal data in support of different in- not just an active player in the personal data
stitutional aims, and subject to different juris- universe, but also a stimulator and shaper
dictional rules and regulatory contexts (e.g., of the ecosystem – and potentially, the crea-
personal data systems related to banking tor of tremendous value for individuals, busi-
have different purposes and applicable laws nesses and economies.
than those developed for the telecom and
healthcare sectors). individuals
Behaviours and attitudes towards personal
Consider some of the needs and interests of data are highly fragmented. Demographi-
stakeholders: cally, individuals differ in their need for trans-
parency, control and the ability to extract val-
Private sector ue from the various types of personal data
Private enterprises use personal data to
create new efficiencies, stimulate demand,
build relationships and generate revenue Common needs for all users
and profit from their services. But in this • Reliability
drive to develop the “attention economy” en-
,
• Predictability
terprises run the risk of violating customer
trust. Overstepping the boundary of what • Interoperability
users consider fair use can unleash a huge • Security
backlash with significant brand implications. • Ease of use
• Cost-effectiveness
Public sector
Governments and regulators play a vital • Risk and liability reduction
role in influencing the size and shape of • Transparency
the personal data ecosystem as well as • Simplicity
the value created by it. On the one hand,
8

9. (see Figure 1). According to the research Individuals are also becoming more aware
firm International Data Corporation (IDC), of the consequences of not having control
individuals’ direct or indirect actions gener- over their digital identity and personal data.
ated about 70 per cent of the digital data In 2010 the number of reported incidents of
created in 2010. Activities such as sending identity theft skyrocketed by 12 per cent.9
an email, taking a digital picture, turning on
a mobile phone or posting content online a way forward: the Personal data
made up this huge volume of data. Younger ecosystem
individuals are more comfortable sharing One viable response to this fragmenta-
their data with third parties and social net- tion is to align key stakeholders (people,
works – though it remains to be seen wheth- private firms and the public sector) in sup-
er their behaviours will remain the same or port of one another. Indeed, “win-win-win”
become more risk averse as they age. Older outcomes will come from creating mutually
consumers appear to be more sceptical, supportive incentives, reducing collective
and demand demonstrably higher security inefficiencies and innovating in such a way
levels from service providers.8 that collective risks are reduced.
FigurE 1: individual End uSErS arE at thE cEntEr oF divErSE typES oF pErSonal
data
Searches
Social graph Calendars
The
individual
Interests Location
Purchases
Source: Davis, Marc, Ron Martinez and Chris Kalaboukis. “Rethinking Personal Information – Workshop
Pre-read.” Invention Arts and World Economic Forum, June 2010.
8
Nokia Siemens Networks. “Digital Safety, Putting Trust into the Customer Experience.” Unite Magazine.
Issue 7. http://www.nokiasiemensnetworks.com/news-events/publications/unite-magazine-february-2010/
digital-safety-putting-trust-into-the-customer
9
Javelin Strategy Research. “The 2010 Identity Fraud Survey Report.” February 10, 2010.
9

10. This vision includes a future where: End uSEr-cEntricity: a critical
dEtErminant in Building thE
• Individuals can have greater control pErSonal data EcoSyStEm
over their personal data, digital identity
and online privacy, and they would be A key element for aligning stakeholder inter-
better compensated for providing others ests and realising the vision of the personal
with access to their personal data; data ecosystem is the concept of end user-
centricity. This is a holistic approach that
• Disparate silos of personal data held recognises that end users are vital and inde-
in corporations and government agen- pendent stakeholders in the co-creation and
cies will more easily be exchanged to value exchange of services and experienc-
increase utility and trust among people, es. A construct designed for the information
private firms and the public sector; economy, it breaks from the industrial-age
model of the “consumer” – where relation-
• Government’s need to maintain stabil- ships are captured, developed and owned.
ity, security and individual rights will
be met in a more flexible, holistic and Instead, end user-centricity represents a
adaptive manner. transformational opportunity. It seeks to
integrate diverse types of personal data in
In practical terms, a person’s data would a way that was never possible before. This
be equivalent to their “money.” It would can only be done by putting the end user at
reside in an account where it would be the centre of four key principles:
controlled, managed, exchanged and
accounted for just like personal banking • Transparency: Individuals expect to know
services operate today. These services what data is being captured about them,
would be interoperable so that the data the manner in which such data is cap-
could be exchanged with other institutions tured or inferred, the uses it will be put to
and individuals globally. As an essential and the parties that have access to it;
requirement, the services would operate
over a technical and legal infrastructure • Trust: Individuals’ confidence that the
that is highly trusted. Maintaining confi- attributes of availability, reliability, integ-
dence in the integrity, confidentiality, trans- rity and security are embraced in the
parency and security of the entire system applications, systems and providers that
would require high levels of monitoring. have access to their personal data;
• Control: The ability of individuals to
effectively manage the extent to which
their personal data is shared;
• Value: Individuals’ understanding of the
value created by the use of their data and
the way in which they are compensated
for it.
10

11. complEx BuSinESS, policy and – are numerous and complex. The choices
tEchnological iSSuES pErSiSt and stakeholders make today will influence the
rEquirE coordinatEd lEadErShip From personal data ecosystem for years to come.
Five key imperatives require action:
FirmS and thE puBlic SEctor
A user-centric ecosystem faces challeng- 1. Innovate around user-centricity and trust.
es almost as big as its promise, however. The personal data ecosystem will be built
Firms, policy makers and governments on the trust and control individuals have in
must resolve a series of critical questions. sharing their data. From a technological,
policy and sociological sense all stake-
For private firms, what are the concrete holders need to embrace this construct.
economic incentives to “empower” indi- One particular area of focus is the contin-
viduals with greater choice and control ued testing and promoting of “trust frame-
over how their data are used? What are works” that explore innovative approaches
the incentives for greater collaboration for identity assurance at Internet scale.
within and across industry sectors? How
can the returns from using personal data 2. Define global principles for using and
begin to outweigh the risks from a techni- sharing personal data. Given the lack of
cal, legal and brand-trust perspective? globally accepted policies governing the
use and exchange of personal data, an
Policy makers are unique in their man- international community of stakehold-
date to collect, manage and store per- ers should articulate and advance core
sonal data for purposes such as national principles of a user-centric personal data
defence, security and public safety. They ecosystem. These pilots should invite real-
face the issue of finding the right balance world input from a diverse group of indi-
between competing priorities: How can viduals who can not only articulate the val-
they ensure the stability and security of ues, needs and desires of end users, but
government even as they create incen- also the complex and contextual nuances
tives for economic investment and inno- involved in revealing one’s digital identity.
vation? How should they define end us-
ers’ rights and permissions concerning 3. Strengthen the dialog between regula-
personal data? How can they more effec- tors and the private sector. Building on
tively clarify the liabilities? How can they a collective sense of fundamental princi-
scale globally the concepts of account- ples for creating a balanced ecosystem,
ability and due process? public and private stakeholders should
actively collaborate as the ecosystem
begins to take shape. Those responsi-
FivE arEaS oF collEctivE action ble for building and deploying the tools
(the technologists) should more closely
The issues surrounding personal data – po- align with those making the rules (regu-
litical, technological and commercial alike lators).10 Establishing the processes to
10
David, Scott. KL Gates and Open Identity Exchange ABA Document. October 20, 2010.
11

12. enable stakeholders to formulate, adopt ies, advocacy groups, think tanks and
and update a standardised set of rules various consortia on the user-centric
will serve to create a basic legal infra- approaches required to scale the value
structure. Additionally, collaborating with of personal data.
policy makers as they update legislation
to address key questions related to iden- 5. Continually share knowledge. It’s a
tity and personal data will be essential.11 huge challenge for entities to keep up
with new research, policies and com-
4. Focus on interoperability and open mercial developments. To stay current,
standards. With the appropriate user stakeholders should share insights and
controls and legal infrastructure in learnings on their relevant activities,
place, innovations in how personal data from both successes as well as fail-
moves throughout the value chain will ures. After all, the ecosystem’s promise
be a key driver for societal and econom- is about the tremendous value created
ic value creation. Enabling a secure, when individuals share information
trusted, reliable and open infrastructure about who they are and what they know.
(both legal and technical) will be vital. Clearly, this principle should also apply
Participants should identify best prac- to practitioners within the development
tises and engage with standards bod- community.
11
In the US, recent developments emerging from the NSTIC, the Federal Trade Commission and the De-
partment of Commerce warrant attention. In the EU, companies should work with the European Commis-
sion’s efforts to revise the EU privacy directive and to synchronise legislation across its member states.
12

13. Section 1:
Personal Data Ecosystem: Overview
pErSonal data iS an Evolving and many wirelessly (see Figure 2).12 Global
multiFacEtEd opportunity traffic on mobile networks is expected to
double each year through 2014.13
In the era of “anywhere, anytime” con- The variety and volume of digital records
nectivity, more people connect to the that can be created, processed and ana-
Internet now in more ways than ever be- lysed will continue to increase dramati-
fore. One recent estimate projects that in cally. By 2020, IDC estimates that the glo-
the next 10 years, more than 50 billion bal amount of digital records will increase
devices may connect to the Internet, more than 40-fold (see Figure 3).14
FigurE 2: By 2020, morE than 50 As these devices and software continue
Billion dEvicES Will BE connEctEd to to come online, they will generate an
thE intErnEt increasing amount of personal data. The
term personal data has several mean-
ings, but we broadly define it as data
Global devices connected to the Internet
relating to an identified or identifiable per-
50B son or persons.15
50B
Think of personal data as the digital
40
record of “everything a person makes and
does online and in the world.”16 The wide
30 variety of forms that such data assumes
for storage and communication evolves
20 constantly, but an initial list of categories
15B
includes:
10
5B • Digital identity (for example, names,
0 email addresses, phone numbers,
2009 2015 2020 physical addresses, demographic in-
formation, social network profile infor-
Sources: Ericsson, Intel mation and the like);
12
Ericsson [press release]. “CEO to Shareholders: 50 Billion Connections 2020.” April 13, 2010.
13
Cisco. “Cisco Visual Networking Index: Global Mobile Data; Traffic Forecast Update, 2009 – 2014.” Febru-
ary 9, 2010.
14
IDC. “The Digital Universe Decade – Are You Ready?” May 2010.
15
Definition based on Directive 95/46/EC of the European Parliament and the Council of 24, October 1995.
16
Davis, Marc, Ron Martinez and Chris Kalaboukis. “Rethinking Personal Information – Workshop Pre-read.”
Invention Arts and World Economic Forum, June 2010.
13

14. FigurE 3: By 2020, digital rEcordS • Health data (medical history, medical
Will BE 44 timES largEr than in 2009 device logs, prescriptions and health
insurance coverage);
Global digital data (in exabytes)
• Institutional data (governmental, aca-
40,000 demic and employer data).
Further, organisations can capture these
30,000 different personal data in a variety of
ways:17
20,000
• Data can be “volunteered” by individuals
when they explicitly share information
10,000 about themselves through electronic me-
dia, for example, when someone creates
a social network profile or enters credit
0 card information for online purchases;
2010 2012 2014 2016 2018 2020
• “Observed” data is captured by record-
Source: IDC ing activities of users (in contrast to data
they volunteer). Examples include Inter-
• Relationships to other people and or- net browsing preferences, location data
ganisations (online profiles and contact when using cell phones or telephone
lists); usage behaviour;
• Real-world and online context, activity, • Organisations can also discern “inferred”
interests and behaviour (records of lo- data from individuals, based on the
cation, time, clicks, searches, browser analysis of personal data. For instance,
histories and calendar data); credit scores can be calculated based
on a number of factors relevant to an in-
• Communications data and logs (emails, dividual’s financial history.
SMS, phone calls, IM and social
network posts); Each type of personal data (see Figure 4),
volunteered, observed or inferred, can be
• Media produced, consumed and shared created by multiple sources (devices, soft-
(in-text, audio, photo, video and other ware applications), stored and aggregated
forms of media); by various providers (Web retailers, Internet
search engines or utility companies) and
• Financial data (transactions, accounts, analysed for a variety of purposes for many
credit scores, physical assets and vir- different users (end users, businesses, public
tual goods); organisations).
17
Ibid.
14

15. FigurE 4: thE pErSonal data EcoSyStEm: a complEx WEB From data crEation to
data conSumption
Regulatory environment
Communication standards
Personal data creation Storage, Analysis,
Personal data aggregation productisation Consumption
Devices Software
Volunteered Mobile phones/ Web retailers Market research
smart phones Apps, OS for PCs data exchanges End users
Declared interests
Internet tracking
Desktop PCs,
Preferences companies
laptops Ad exchanges
Apps, OS for
mobile phones Internet search Government
... Communication engines agencies and
networks Medical records public organisations
Observed Electronic medical exchanges
Apps for medical records providers
Electronic notepads,
Browser history devices
readers
Business intelligence Small
Identity providers
Location Apps for consumer systems enterprises
Smart appliances
devices/ Mobile operators,
... appliances Internet service
Businesses
providers Credit bureaus
Sensors Medium
Inferred Network Financial institutions enterprises
management Public
Credit score software administration
Smart grids
Utility companies
Future consumption Large
... ... enterprises
... ... ...
Source: Bain Company
These stakeholders range from the individual of data will require addressing current uncer-
end users, who are the sources and subjects tainties and points of tension:
of personal data, to the various entities with
which they interact. The latter encompass • Privacy: Individual needs for privacy vary.
businesses and corporations in different in- Policy makers face a complex challenge
dustries to public sector entities like govern- while developing legislation and regula-
ment bodies, NGOs and academia. Personal tions;
data flows through this ecosystem, within the
boundaries of regulation, to result ultimately • Global governance: There is a lack of glo-
in exchanges of monetary and other value. bal legal interoperability, with each coun-
try evolving its own legal and regulatory
frameworks;
pointS oF tEnSion and uncErtainty
• Personal data ownership: The concept of
While tremendous value resides in the data property rights is not easily extended to
generated by different sources, it often re- data, creating challenges in establishing
mains untapped. Unlocking the full potential usage rights;
15

16. • Transparency: Too much transparency too concerns, the ambiguity and uncertainty
soon presents as much a risk to destabil- on multiple dimensions heighten the risks
ising the personal data ecosystem as too that could stall investment and innovation.
little transparency;
Global Governance
• Value distribution: Even before value can Not only are policies and legislation in flux
be shared more equitably, much more within national borders, there is wide varia-
clarity will be required on what truly consti- tion across different countries and regions.
tutes value for each stakeholder. Indeed, there is no global consensus on
two major questions: Which issues relat-
Privacy ed to personal data should be covered by
Privacy continues to be a highly publicised, legal and regulatory frameworks? And how
complex and sensitive issue with multi- should those issues be addressed? While
ple perspectives. some cross-national agreements exist, for
“We need to arrive at an The complexity example, the Safe Harbor agreement be-
acceptable reasonable surrounding how tween the US and the EU,20 the development
expectation of privacy … privacy is con- of a globally acceptable view of the per-
a procedural due proc- ceived and defined sonal data ecosystem may be years away.
ess that has the flexibility creates challenges This fragmentation stands in the way of fully
to address any question for policy makers realising the global impact of the personal
of privacy and institution- as they seek to data opportunity.
alise learnings into the address a myriad
ecosystem to prevent that of issues related Personal data ownershiP
grievance from happening to context, culture “Who owns the data” and “What rights does
again. ” and personal pref- ownership imply” are two of the most com-
erence.18 Adding to plex issues related to personal data. At first
Interviewee,
“Rethinking Personal Data” the complexity is blush, these questions seem simple. Most
project the pace of techno- people would intuitively assert that they own
logical change and data about themselves and that therefore,
a general lack of guidance on how to ac- they should control who can access, use,
commodate and support various perspec- aggregate, edit and share it. However, even
tives on “privacy” robustly, flexibly and at a cursory look at the issue quickly reveals
global scale (for multiple jurisdictions, cul- that the answers are much less clear. Indi-
tures and commercial and social settings).19 viduals do not “own” their criminal records or
Given that many governments are drafting credit history. Medical providers are required
laws and regulations to address privacy to keep certain records about patients, even
18
“Fair Information Practice Principles (FIPP) Comparison Tool, Draft.” Discussion and Development Materi-
als of the OIX Advisory Board and the OIX Legal Policy Group. October 7, 2010.
19
Ibid.
20
In 2000, the US and the European Commission agreed upon a framework that would act as a bridge for
sharing data between the US and EU, while preserving the basic policy principles of both. See, for example,
Thompson, Mozelle W., Peder van Wagonen Magee. “US/EU Safe Harbor Agreement: What It Is and What
It Says About the Future of Cross Border Data Protection.” Privacy Regulation. Federal Trade Commission,
Spring 2003. http://www.ftc.gov/speeches/thompson/thompsonsafeharbor.pdf
16

17. as those patients are allowed to access and concerns end users have; for many organi-
share that information with others. Do com- sations, it often poses a risk to their business
panies such as Google and Amazon, which model. When customers suddenly find out
aggregate search and purchase histories how their trusted brand of product or serv-
across millions of users, own the proprietary ice was gathering and using their personal
algorithms they’ve built upon those click data, they tend to react with outrage, rather
streams? than reward the business for its transpar-
ency. Similarly, citizens fear Big Brother con-
Given the fluid nature of data and the early trol and manipulation in the way government
stages of the personal data ecosystem, many uses their personal information. As long
assert that focusing on the issues of rights as the risk of transparency outweighs the
management, accountability, due process rewards, the personal data ecosystem will re-
and the formation of “interoperable” legal main vulnerable to periodic seismic shocks.
frameworks is more productive. It is unlikely
that there is a one-size-fits-all approach. A value distribution
more likely scenario is that different classes The notion that individuals are producers,
of information (financial, health, government creators and owners of their digital activi-
records, social, etc.) will get varying degrees ties raises the question: How can value be
of protection – as already is the case in the equitably exchanged? The answer depends
“pre-digital” world. All such solutions will on variables like the structure of personal
need to balance individuals’ rights to priva- data markets; the amount of public educa-
cy with practical concerns about legitimate
needs for critical participants (for example,
law enforcement and medical personnel) to
access key information when necessary. In Personal data and developing
addition, practical solutions for issues re- economies
lated to data portability, interoperability and As with many innovations related to
easy-to-implement dashboards for consum- mobile applications, the development of
ers to set and monitor access rights will also personal data exchanges could achieve
need to be developed to overcome the grow- scale in developing economies. The data
ing friction in the current environment. and analytics from the increasing use of
mobile devices – in particular, location
transParency data, images from cell phone cameras
Most end users still remain unaware of just and mobile finance – can help coun-
how much they are tagged, tracked and fol- tries address significant economic and
lowed on the Internet. Few individuals real- health challenges with greater precision
ise how much data they implicitly give away, and adaptability. As the mobile platform
how that data might be used or even what brings the unbanked into the formal
is known about them. Some businesses economy, real-time insights into local
believe the solution lies in “fessing up”: sim- economies could be gained. Utilising the
ply increasing the transparency on how per- analytics of m-Health applications could
sonal data is used. But that approach not also help improve public health.
only fails to address the privacy and trust
17

18. tion required; globally governed regulations the purview of legacy legal restrictions and
needed to ensure fair compensation; and typically innovate at the edges of what can
the legal frameworks that would ensure ac- be legally done with personal data. A grow-
countability and due process. ing concern is the widening chasm between
the regulatory oversight on established
Uncertainty and tension also exist around the business models versus new business ide-
evolution of personal data exchanges and the as. Additionally, there are concerns on how
degree of political empowerment they could current legal and regulatory stakeholders
create. Some governments can perceive can systemically adapt to the velocity of in-
empowered citizens as a disruptive threat to novation, the complexity of the ecosystem
their agenda. Understanding the concept of and the scale of personal impact. Given that
user-centricity in the context of differing social, a single operational or technical change to
cultural and political norms is clearly needed. a networked communications service can
immediately impact hundreds of millions
incumbents and disruPters of individuals (if not billions), the capability
During the last few decades, a regulatory of policy makers and regulators to under-
patchwork has arisen that does not ad- stand a given risk and adapt in real time is
equately reflect the needs of a competitive uncertain. Over time, perceptions of over-
global market or the pace of technology. regulation and inequity on who can use cer-
The personal data ecosystem consists of tain forms of personal data for commercial
established and new participants; often the purposes may create an imbalance among
regulatory framework covers established private sector actors.
business models, but regulation takes time
to catch up with emerging, disruptive mod-
els. From a regulatory perspective, this can thE riSkS oF an imBalancEd
create a fundamentally uneven competitive EcoSyStEm
playing field for creating new personal data
services. Companies with established busi- The key to unlocking the full potential of
ness models – those with large customer data lies in creating equilibrium among the
bases, legacy investments and trusted various stakeholders influencing the per-
brands – typically possess vast amounts of sonal data ecosystem. A lack of balance
customer data but are legally constrained between stakeholder interests – business,
on its use for commercial purposes. Given government and individuals – can desta-
those legal constraints, established players bilise the personal data ecosystem in a
are generally conservative in their approach way that erodes rather than creates value.
to the market and deeply concerned about What follows are just a few possible out-
unclear liabilities and legal inconsistencies. comes that could emerge if any one set
of stakeholders gained too strong a role in
On the other hand, many new services and the ecosystem.
applications are more innovative in their ap-
proach and typically use personal data as a the risk of Private sector imbalance
central component in their business mod- As personal data becomes a primary cur-
els. By definition, they tend to fall outside rency of the digital economy, its use as a
18

19. means to create competitive advantage will represents a challenge – but it can be done.
increase. If little regard is paid to the needs The solution lies in developing policies, in-
of other stakeholders, businesses search- centives and rewards that motivate all stake-
ing for innovative ways to collect, aggregate holders – private firms, policy makers, end
and use data could end up engaging in a users – to participate in the creation, protec-
“race to the bottom” building out ever more
, tion, sharing and value generation from per-
sophisticated “tricks and traps” to capture sonal data. The private and public sectors
personal data.21 This unfettered mining of can bring their interests closer by creating
personal data would alienate end users and an infrastructure that enables the secure
possibly create a backlash.22 and efficient sharing of data across organi-
sations and technologies. End users can be
the risk of Public sector imbalance gathered into the fold of the private-public
As countries revise their legal frameworks, partnership by developing mechanisms that
policies and regulations to catch up with the safeguard personal data, validate their con-
unprecedented surge in data, they could tent and integrity, and protect ownership.
inadvertently stifle value creation by over- When end users begin to get a share of the
regulating. Additionally, individual coun- value created from their personal data, they
tries may seek to act unilaterally to protect will gain more confidence in sharing it.
their own citizens from potential harm. The
resulting lack of clarity and consistency in For such a virtuous cycle to evolve, stake-
policy across countries could slow down holders in the personal data ecosystem will
innovation and investment. need to define new roles and opportunities
for the private and public sectors. Greater
the risk of end user imbalance mutual trust can lead to increased informa-
In the absence of engagement with both tion flows, value creation, and reduced liti-
governments and business, end users could gation and regulatory costs.
self-organise and create non-commercial
alternatives for how their personal data is Over time, all stakeholders should hope-
used. While small groups of dedicated indi- fully recognise that the collective metric
viduals could collaborate on non-commer- of success is the overall growth of the
cial products that have the same impact as ecosystem rather than the success of one
Wikipedia and Linux, the issues of limited specific participant. A defining characteris-
funding, security and lack of governance tic of such a balanced ecosystem would be
would remain. Over time, the challenges of end user choice. With the ability to switch
managing personal data at a global scale easily between vendors, competitive pres-
could become overwhelming. sures would strengthen the control of the
end users and help them differentiate
Aligning the different interests to create a between different trust frameworks and
true “win-win-win” state for all stakeholders service providers.
21
Clippinger, John. Berkman Center for Internet Society at Harvard University.
22
To learn more about how companies are using new and intrusive Internet-tracking technologies, see
“What They Know” (series). Wall Street Journal. 2010. http://online.wsj.com/public/page/what-they-know-
digital-privacy.html
19

20. Future Potential: Scenarios of a
Balanced Personal Data Ecosystem
What Would the personal data ecosystem offer if the needs of
government, private industry and individuals Were appropriately
balanced?
What folloWs are some possibilities for the year 2018.
Dianne is a mother of two teenage daughters and a remote caregiver for her father. She’s
not terribly sophisticated with technology but she uses some social networks to keep up
with her friends and family. But as the hub of family care, Dianne is tied to several services
that keep her family safe, healthy and informed.
putting a nEW Spring in hEr StEp
Dianne recently upgraded her exercise footwear to a wirelessly networked sports
shoe, a product that transforms all of her daily walking into valuable data points. Her
health insurance provider encourages exercise through a certified, earned credit
system. With minimal data breach risk, walking translates directly into discounts on
medications, food and other expenses for not only herself but also her father and
daughters linked to her health savings ac-
count. This lets Dianne take better care of
her loved ones, which is a more powerful mo-
tivator than her own health and wellness. The
initial savings helped convert her children to
regular walking as well. What was routine
is now a game as the family competes in
active walking challenges with one another,
all the while providing better healthcare for
everyone.
Transparency – data usage disclosure
Control – opt-in participation with immediate feedback in rewards balance
Trust – certified by identity consortium across health, finance and other service providers
Value – discounts powered by data collection that can be applied to many different needs
Source: frog design research, 2010
20

21. at EaSE and SEcurE
Dianne’s old anxiety over identity theft has been less of a worry since the Personal Data Pro-
tection and Portability Act went into effect, legislation the government passed in 2014 grant-
ing citizens greater control and transparency over their digital information. Her employer
provides a private, certified Data-Plus Integrity Plan that monitors and ensures the personal
data of her whole family and is portable across jobs. Dianne feels more at ease about her
daughters’ social habits online with the Parent Teachers Association-endorsed TeenSecure.
A comprehensive activity summary and alert system means Dianne no longer feels like a
spy, monitoring her kids and investigating every
new social site. Her daughters’ access is man-
aged, tracked and protected by a trusted socially
acceptable source. Dianne receives simple, con-
venient monthly statements that highlight both
the activity and stored value of her data. As an
added benefit, various retailers offer coupons
and discounts during the holidays, in exchange
for Dianne allowing them to use some of this
activity data as a second currency.
Transparency – single view of all activity
Control – monitoring of dependents
Trust – government and consumer advocacy backed
Value – peace of mind and stored value
tranSForming concErn into EaSE
When Dianne’s father moved into managed care with early-stage symptoms of Alzhe-
imer’s disease, her insurance carrier provided her with control of her father’s medications
and recommended an online dashboard-like tool adapted to his condition. The service is
offered in a partnership with the Alzheimer’s Research Foundation, as well as the Depart-
ment of Public Health, which have connected her father’s information and medical health
records to her Data-Plus Integrity Plan. This
provides Dianne with on-demand monitoring
services, medication compliance tracking and
feedback on how he is feeling. She is also able
to keep tabs on his finances. Dianne hopes
that through the sharing of her father’s medical
condition, they may one day find a cure. In the
meantime, her in-person visits are less about
evaluating his condition and much more about
spending time together.
Transparency – permission of data access
Control – progression of need increases access
Trust – family-centric data safeguards
Value – transferable control
Source: frog design research, 2010
21

22. kEy EnaBlErS oF a BalancEd Globally, there is a growing consensus that
EcoSyStEm there is an urgent need for greater trust
associated with online identities. People
While building a balanced ecosystem find the increasing complexity of manag-
around personal data will require signifi- ing multiple user names and passwords
cant commitment from all stakeholders, across different organisations a major in-
four critical enablers are apparent: convenience. Additionally, as online fraud
and identity theft continue to skyrocket,
• An easy-to-understand user-centric ap- people demand greater assurances about
proach to the design of systems, tools who they are interacting with. As secure
and policies, with an emphasis on and trusted online relationships are estab-
transparency, trust, control and value lished with individuals and various institu-
distribution; tions, silos of information that were previ-
ously unavailable can also become easier
• Mechanisms for enhancing trust among to incorporate into personalised solutions.
all parties in digital transactions;
A market is now taking shape to address
• Greater interoperability among existing these concerns on personal identity. In
data silos; fact, an ecosystem of interoperable identity
service providers offering solutions that are
• An expanded role for government, such secure, easy to use and market based is in
that governments can use their purchas- its early stages of development.23 As more
ing power to help shape commercially services move online (in particular, health
available products and solutions that the and financial services), the infrastructure
private sector can then leverage. costs of ensuring the identity of who can
use a given online offering will continue to
user-centricity escalate. The value of paying a third party
The concept of user-centricity is the central for trusted digital identities will most likely
pivot point of the personal data ecosystem. continue to increase as these services re-
With greater control placed in the hands duce both the cost of fraud as well as the
of individuals, new efficiencies and capa- risk of offering additional value-added serv-
bilities can emerge. Many perceive this ices24 (see sidebar, “End user principles”).
shift in power as highly disruptive. It creates
a diversity of perspectives on if, how and trust enablers
when the “pivot for the people” might occur. Interviews and discussions with leading
In short, the transition to user-centricity is privacy advocates, regulatory experts and
anything but simple. It’s hard collectively to business leaders lead to an overwhelming
frame and act upon it due to the significant consensus: trust is another key ingredient
differences in cultural, geopolitical and in- required for creating value from today’s
stitutional norms. oceans of disparate personal data. Without
23
National Strategy for Trusted Identities in Cyberspace. Draft. June 25, 2010.
24
Reed, Drummond. “Person Data Ecosystem.” Podcast Episode 2, December 2010.
22

23. End user principles
Transparency Trust
What is a meaningful way to understand Which investments in building trust will
transparency, and who provides the help users feel comfortable allowing
lens to the user? others to access their data?
People naturally expect the right to see, Personal data is difficult, if not impossi-
and thus know, the data that is being ble, to un-share. Once shared, it gains
captured about them. If that right is a life of its own. Given the risk of unin-
not respected, they feel deceived and tended consequences, people rely heav-
exploited. Upon seeing this reflection ily on trust to guide their decisions. But
of themselves through their personal how is trust formed? Different thresh-
data, people start to feel a sense of olds of trust exist for different types of
personal connection and ownership, data. While a majority of people accept
leading to the desire for control. How- a certain level of risk, viewing it as an
ever, people struggle to form a mental opportunity cost for gaining something,
model of something that is fragmented the benefits are often coupled with feel-
and abstract in nature. This creates a ings of anxiety and fear. Such concerns
challenge: what is invisible must be will continue to limit the potential value
revealed, made tangible and ultimately of personal data until a comprehensible
be connected across different points of model for creating and certifying trust
access. relationships is adopted on a large scale.
Control Value
What are the primary parameters that What measures must be taken to ensure
influence how users will want to control that data created today is a mutually
their data, and how are they adapted to beneficial asset in the future?
different contexts?
The value of personal data is wildly
People naturally want control over data subjective. Many business models have
that is both about them and often cre- emerged that encourage and capitalise
ated by them. Control can be exercised on the flow of that data. Consumers are
in three ways: becoming increasingly aware of the value
of the data they generate even in mun-
(a) directly through explicit choices; dane interactions like a Google search.
(b) indirectly by defining rules; While direct personal data has an inherent
(c) by proxy. value, secondary inferred data can
often be mined and interpreted to produce
People’s perception of a given situa- new information of equal or greater value.
tion will determine whether they The long-term impact of the aggrega-
choose to exercise control. The more tion and unchecked dissemination of this
subtle qualities of an experience (such information is unknown. Digital behaviour
as feedback, convenience and today may yield positive distributed value
understanding) will determine how across the ecosystem in the near term,
they choose to exercise that but can have detrimental consequences
control. for the end user in the future.
23

24. the establishment of trust, particularly the seen the emergence of digital personal
trust of the end user, a personal data eco- data as a valuable asset. Inadequate
system that benefits all stakeholders will legislation has thus made standards sur-
never coalesce. rounding the use of personal data incon-
sistent.
To use a metaphor, trust is the lubri-
cant that enables a virtuous cycle for Furthermore, many organisations employ
the ecosystem: it legacy technology systems and databas-
“A collective metric of suc- engenders stake- es that were created in proprietary, closed
cess could emerge where holder participa- environments. As a result, personal data
the overall growth of the tion, which, in today is often isolated in silos – bound
ecosystem was the goal – turn, drives the by organisational, data type, regional or
rather than the success of value creation service borders – each focusing on a lim-
one particular institution.” process. For such ited set of data types and services.
a virtuous cycle
“Rethinking Personal Data”
project to evolve, mutual To achieve global scale, technical, se-
trust needs to be mantic and legal infrastructures will need
at the foundation of all relationships. In- to be established that are both resilient
creased trust leads to increased informa- and interoperable. The US National Strat-
tion flows, sharing and value creation and egy for Trusted Identities in Cyberspace
reduces litigation and regulatory costs. notes three types of interoperability for
identity solutions:25
increasinG interoPerability and the
sharinG of Personal data • Technical interoperability – The ability
Promoting solutions that drive the ex- for different technologies to communi-
change and “movement” of personal data cate and exchange data based upon
in a secure, trust- well-defined and widely adopted inter-
“We do not have the data- ed and authenti- face standards;
sharing equivalent of cated manner is
SMTP, but as we develop also essential. To- • Semantic interoperability – The
or achieve real data porta- day, it is difficult ability of each end point to communi-
bility we will have a stand- to share personal cate data and have the receiving party
ardised infrastructure for data across pri- understand the message in the sense
data sharing that does not vate and public intended by the sending party;
require centralisation. ” organisations and
jurisdictions. This • Legal interoperability – Common busi-
Interviewee,
“Rethinking Personal Data” is due to a combi- ness policies and processes (e.g.,
project nation of techno- identity proofing and vetting) related to
logical, regulatory the transmission, receipt and accept-
and business factors. Decades-old priva- ance of data between systems, which
cy laws and policies could not have fore- a legal framework supports.
25
“National Strategy for Trusted Identities.” Draft pages 8–9. June 25, 2010.
24

25. standards, existing pilots and collabora-
US Department of Health Human
tion with industry and advocacy groups,
Services: “Blue Button” initiative26
a functional degree of interoperability can
Personal data also has clear opportuni- be achieved in a shorter time frame.
ties to create value for the public sector.
In October 2010, the US Department of Despite this “need for speed” the levels
,
Health’s Medicare arm launched its “Blue of reliability, integrity and security for
Button” application. It’s a Web-based fea- both the individual and the computing in-
ture that allows patients easily to down- frastructure cannot be understated. The
load all their historical health information broad private sector support to cooperate
from one secure location and then share in the sharing of personal data will bring
it with healthcare providers, caregivers with it extremely high technical, legal and
and others they trust – something that performance requirements.
wasn’t possible before.
The service is innovative in many ways. Government as enabler
First, it allows Medicare beneficiaries Governments have a vital role to play in
to access their medical histories from accelerating the growth of a balanced
various databases and compile sources personal data ecosystem. Their influence
into one place (e.g., test results, emer- manifests itself along three primary di-
gency contact information, family health mensions.
history, military health history and other
health-related information). Second, First, they play a dominant role in crafting
the service provides the information in the legal and regulatory environments that
a very convenient and transportable shape what is possible in the ecosystem.
format (ASCII text file). That allows it to This is a challenging role in many respects.
be shared seamlessly with virtually any Within the national context, regulators are
healthcare or insurance provider. Finally, being asked to balance consumer protec-
Blue Button fully empowers the end user: tion with the need to create a business en-
patients are given control over how their vironment conducive to innovation, growth
information is shared and distributed. and job creation. On top of that, many
That allows them to be more proactive global industry participants are turning to
about – and have more insight into – the national and regional regulatory bodies to
medical treatments that they need. harmonise guidelines to facilitate global
platforms.
It is important to stress that the call for Second, governments are active partici-
interoperability does not equate to work- pants in ongoing experiments regarding
ing exclusively with standards bodies. how the personal data ecosystem can be
In many cases standards take too long. harnessed to achieve important social
By leveraging open protocols, de facto goals such as providing more efficient and
26
“‘Blue Button’ Provides Access to Downloadable Personal Health Data.” Office of Science and Technology
Policy, the White House website. http://www.whitehouse.gov/blog/2010/10/07/blue-button-provides-access-
downloadable-personal-health-data
25

26. “We must have empowered cost-effective serv- ery, governments can write specifications
users, but no one is sug- ices to citizens, for everything from security protocols to
gesting the user should stopping epidem- end user interfaces and data portability
be able to edit his or her ics before they options. Successful projects can serve
criminal records. We’re become pandem- as proof points and major references for
looking at a collaborative ics and using data- innovative solutions.
model with users who are mining techniques
as empowered as we can to enhance nation- Hands-on experience gained in leverag-
make them. ” al security. ing personal data for government services
and objectives, combined with insights
Interviewee,
“Rethinking Personal Data” Third, and perhaps gleaned from negotiations with vendors,
project most importantly, can give regulatory deliberations a very
given their pur- practical bent, which should be beneficial
chasing power, governments are in a posi- to all parties.
tion to influence significantly commercially
available solutions. In crafting requests for
proposals to help modernise service deliv-
26

27. Section 2:
Stakeholder Trust and Trust Frameworks
Achieving a high level of stakeholder trust The magnitude of data breaches
requires a set of legal and technical struc-
The Privacy Rights Clearinghouse
tures to govern the interactions of partici-
estimates that in the US alone, more
pants within the ecosystem. The concept of
than 2,000 publicly announced data
trust frameworks is emerging as an increas-
breaches have occurred since 2005.
ingly attractive means for the personal data
These include instances of unintended
ecosystem to scale in a balanced manner.
disclosure of sensitive information, hacks
Trust frameworks consist of documented
and payment card fraud, all of which
specifications selected by a particular
resulted in a staggering 500-million-plus
group (a “trust community”). These govern
records of data being compromised.
the laws, contracts and policies undergird-
ing the technologies selected to build the
Source: Privacy Rights Clearinghouse
identity system. The specifications ensure
the system reliability that is crucial for cre-
ating trust within the ecosystem. establish a user name and password, and
invariably requires the sharing of such per-
sonal data as name, address and credit
thE truSt FramEWork modEl card information. Not only is this inconven-
ient, it’s unsafe. It puts our personal data
The Open Identity Trust Framework model onto every server with which we interact,
(OITF) is a working example. Built to Inter- increasing the odds that our data may be
net scale, it offers a single sign-on envi- compromised.
ronment for trust between relying parties
and end users. The model addresses two The second problem trust frameworks
problems with the way end users and rely- address is the lack of certainty about
ing parties interact with the Internet today: online identities. In most of today’s Internet
transactions, neither the user nor the rely-
• The proliferation of user names and ing party is completely sure of the other’s
passwords; identity. That creates a huge opening for
identity theft and fraud. In 2009, more than
• The inability of relying parties to verify $3 billion in online revenue was lost due
the identity of other entities. to fraud in North America.27 Some $550
million of that was money lost by individual
Most people can relate to the first problem. US consumers.28 The hope is that with a
Almost every website requires visitors to richer, scalable and more flexible identity
27
CyberSource. 11th Annual “Online Fraud Report.” 2010.
28
2009 “Internet Crime Report.” Internet Crime Complaint Center. US Department of Justice, 2010.
27

28. FigurE 5: thE opEn idEntity truSt FramEWork modEl
Policy makers
Identity
service Trust framework provider (TFP)
provider Relying
party
Assessor
User
Contracts with the trust framework provider for implementing requirements set by policy makers
Other agreements potentially affected by requirements set by policy makers
Source: OITF
management system, these losses can be framework provider recruits assessors
reduced. responsible for auditing and ensuring
that framework participants adhere to
The model defines the following roles (see the specifications;
Figure 5) to support Internet-scale identity
management: • Identity providers (IdPs) issue, verify and
maintain online credentials for an indi-
• Policy makers decide the technical, op- vidual user. Relying parties accept these
erational and legal requirements for credentials and have firm assurances
exchanges of identity information among that the IdP has analysed and validated
the group they govern; the individual user;
• Trust framework providers translate • Assessors evaluate IdPs and relying
these requirements into the building parties, and certify that they are capable
blocks of a trust framework. They then of following the trust framework provid-
certify identity verification providers that er’s blueprint.
provide identity management services
in accordance with the specifications Within such a trust framework model, end
of the trust framework. Finally, the trust users can access multiple sites (relying
28

29. FigurE 6: pErSonal data SErvicES StorE End uSErS’ data and providE
applicationS that EnaBlE thEm to managE, SharE and gain BEnEFit From thEir
pErSonal data29
Alice's Attribute Data Service
Local personal data store Managed data stores
Telco 1
Credit card
profile
Facebook
Ad preferences Anonymous Age 21
profile
Friends,
Home address Amazon
interests
Equifax Facebook
Local DB
Amazon
Source: The Eclipse Foundation
parties) using a single credential issued by data to complete the transaction. In some
an identity provider. On their part, the sites cases, that may simply amount to verifica-
can rest assured about the identities of the tion of the availability of the funds being
individuals they are doing business with. transmitted to the relying party.
This screening is similar to how a car rental
agent trusts that a driver can legally oper-
ate an automobile because he or she has a pErSonal data SErvicES
valid driver’s licence.
The trust framework model will bring
With such a framework, users would need benefits to end users in the form of
only to share less sensitive personal data increased privacy and a more seamless
with relying parties. No longer would they and convenient Web experience. But such
have to enter their name, address and advantages can be extended through the
credit card information in order to purchase related concepts of personal data servic-
a Web service. Using the trust framework, es and vendor relationship management
they would share the minimum amount of (VRM).
29
Higgins Open Source Identity Framework is a project of The Eclipse Foundation. Ottawa, Ontario, Cana-
da. http://www.eclipse.org/higgins/faq.php
29

30. Personal data services provide the safe have primarily been at websites where the
means by which an end user can store, level of assurance required is relatively low,
manage, share and gain benefit from his or such as those enabling blogging or provid-
her personal data. These data can range ing news content. They need to be deployed
from such self-asserted attributes as the in environments that encompass more high-
individual’s likes, preferences and interests risk transactions, such as logging into a bank
to such managed and verified attributes as account. Only then will proponents know if
a person’s age, credit score or affiliations, these ideas can achieve Internet scale.
and histories with external entities like
firms, government agencies and the like Risks and uncertainties also surround the
(see Figure 6). business models for both identity providers
and relying parties. While a large number
Personal data services consolidate end of private enterprises have begun working
users’ digital identity, allowing them to con- in this space (Acxiom, AOL, Citibank, Equi-
trol which third parties are entitled to ac- fax, Google and PayPal) the economics are
cess – along with how, when and at what unclear.30
price. VRM extends this control to the realm
of realising direct value – monetary or in From the perspective of relying parties, the
kind – from the personal data stored and benefits of transitioning to a user-centric
managed by personal data services provid- model are still emerging. In this new ap-
ers. proach, relying parties will be constrained
on collecting data for free and will need to
These emerging concepts will help build start paying for end user data. While some
stakeholder trust and herald additional ben- believe that an aggregated and holistic view
efits for end users and relying parties alike. of an individual would be more valuable, the
Indeed, some promising trials are already balance of trade between what relying par-
under way. Yet more testing will be needed ties would be willing to share versus the new
to resolve some open questions about the insights and efficiencies they would gain
viability of these concepts. from a holistic user-centric view are unclear.
However, the cost of online fraud and risk
kEy uncErtaintiES oF truSt mitigation could be enough to make relying
FramEWorkS parties seriously consider participating in a
more collaborative model. On average, on-
Trust frameworks and personal data serv- line fraud represented 1.2 per cent of a Web
ices are concepts in their infancy. Despite retailer’s revenue in 2009.31
encouraging pilots in the US and the UK,
they need further refinement and testing to Finally, building end user awareness is
fulfil their promise. Implementations thus far another uncertainty. How can firms com-
30
Kreizman, Gregg, Ray Wagner and Earl Perkins. “Open Identity Pilot Advances the Maturity of User-Cen-
tric Identity, but Business Models Are Still Needed.” Gartner, November 9, 2009. http://www.gartner.com/
DisplayDocument?id=1223830
31
Cybersource. “11th Annual Online Fraud Report.” 2010.
30

31. municate to individuals the advantages of personal data dashboards. Further investi-
managing their personal data? For a start, gation is therefore needed into applications
companies must themselves fully under- and services that provide end users with
stand the convenience, value proposi- convenient, contextually relevant and sim-
tion, contextual nuances and usability of plified control over their data.
31

32. Section 3:
Conclusions
Personal data will continue to increase in trust frameworks? What are the busi-
dramatically in both quantity and diversity, ness model mechanics? Who will pay for
and has the potential to unlock significant identity provider services?
economic and societal value for end users,
private firms and public organisations alike. what is required and why
Complex blueprints for Internet business
The business, technology and policy trends models typically come to life in iterative
shaping the nascent personal ecosystem steps. For example, the retail banking
are complex, interrelated and constantly sector evolved online through succes-
changing. Yet a future ecosystem that both sive phases of change. Trust frameworks
maximises economic and societal value – need similar pressure testing in large-
and spreads its wealth across all stakehold- scale applications to prove these con-
ers – is not only desirable but distinctly pos- cepts can be instrumental in unlocking
sible. To achieve that promise, industries economic and societal value. Addition-
and public bodies must take coordinated ally, end user participation in testing and
actions today. Leaders should consider tak- developing these trust frameworks is
ing steps in the following five areas: crucial. Offering more transparency on
how personal data is used and educat-
ing end users on the benefits they can
1. innovatE around uSEr-cEntricity extract from such applications – two ar-
and truSt eas lacking in the ecosystem today – will
significantly strengthen trust among all
where we stand today stakeholders.
Innovative concepts already exist on
how personal data can be shared in a recommended next stePs
way that allows all stakeholders to trust Private firms and policy makers should
the integrity and safety of this data. consider the following next steps:
Examples of such trust frameworks in-
clude the Open Identity Trust Framework • Invest in open and collaborative tri-
and Kantara’s Identity Assurance Frame- als orchestrated by end user privacy
work. However, no truly large-scale appli- groups or academics;
cation of a trust framework has yet been
rolled out. As a consequence, we remain • Integrate principles surrounding end
uncertain about how to take advan- user trust and data protection into
tage of personal data while still aligning the development of new services and
stakeholder interests. Also unanswered platforms (the concept of “privacy by
are questions such as: What are the in- design”), particularly when designing
centives for stakeholders to participate new “e-government” platforms;
32

33. • Engage with leading innovators and end of internationally accepted, user-centric
user advocacy groups to explore the fur- principles. Additionally, a set of commonly
ther applications for, and development accepted terms
of, trust frameworks. and definitions – a “Digital bill of rights have
taxonomy – sur- been introduced a half
rounding personal dozen times... If they are
2. dEFinE gloBal principlES For uSing data concepts must introduced in conjunction
and Sharing pErSonal data be created to al- with a way for them to be
low unencumbered actionable by large popu-
where we stand today dialog. Although lations of people then it
Privacy-related laws and police enforcement it is unrealistic to may have more success. ”
differ significantly across jurisdictions, of- hope to develop
Interviewee,
ten based on cultural, political and histori- globally accepted “Rethinking Personal Data”
cal contexts. Attempts to align such policies standards and project
have largely failed.32 But the need is growing. frameworks while
Many Internet services, in particular those national and regional versions are still in
based upon cloud computing delivery mod- significant flux, establishing a standing,
els, require the cross-jurisdictional exchange cross-regional dialog will allow for more
of personal data to function at optimal levels. rapid harmonisation once regulatory envi-
ronments do begin to stabilise.
what is required and why
The downside of the current divergence in It is imperative for private sector firms to
regulatory frameworks manifests itself in participate in at least some of these dia-
several ways. First, companies striving to logs, as they can share real-world perspec-
provide products and services based upon tives on the cost and challenges of deal-
personal data see significant complexity ing with divergent regulations and can help
costs associated with compliance. As a re- public sector officials adapt pragmatic and
sult of these costs, they may choose not to consistent policies.
offer their product and services in certain
smaller markets, where the cost of doing recommended next stePs
business may outweigh incremental prof- • Policy makers and private firms should
its. That decision to opt out obviously hurts launch an international dialog to stay
the users who cannot access the services. informed about proposed laws and poli-
Less obvious is the fact that users with ac- cies that would have a global bearing on
cess are also hurt, as the value of many of their markets. This dialog should encom-
these services increases with the number pass governments, international bod-
of users. ies such as the World Trade Organiza-
tion, end user privacy rights groups and
A truly global and seamless exchange of representation from the private sector.
personal data will not emerge without a set It should include not only US and Eu-
32
See, for example, Connolly, Chris. “The US Safe Harbor – Fact or Fiction?” Galexia, 2008.
33