1. Home
›
2. Data Protection
›
3. Personal Data Privacy

A Personal Data Privacy Model

The personal data gold rush is over – the future lies in trusted, customer-centred data business models which will drive unforeseen increases in business efficiency.

In the past decade postal & logistics providers have responded to the emerging information-based economy by becoming a data-driven communication logistics industry.

As personal data becomes a dominating factor in production – and probably the most valuable economic asset of all – access to personal information becomes a central issue.

Yet customers are increasingly aware that their personal data is being expropriated and they are currently being deprived of its economic value.

Digital oligarchies stifle innovation

Recent developments such as Facebook buying WhatsApp have turned public focus on the lack of transparency, accountability and trust in markets that trade in personal information.

The huge price tag involved in this particular deal also indicates the potential value of personal data to business.

The value and economic power that personal data represents is concentrated around the institutions that operate the most centralised data-driven infrastructures and network industries.

We could call them digital oligarchs, where the few benefit from the many, and objecting voices are easily muffled. Their aim is to maintain the status quo, rather than to democratise it for the benefit of the majority. This impedes both the rise of new services and stifles innovation.

Personal data must be returned to its owners

As the human factor in production is increasingly replaced by personal information, consumers are becoming more aware that their personal information has a monetary value.

The right to monetize this personal data must be returned to those who own it.

The more consumers realise how the new information economy works, the more irritated they become. Trust is destroyed and a sense of fairness is lost as consumers see their assets being taken from them with no chance of regress.

Killing the goose that lays the golden eggs

The current situation is universally unsatisfactory:

• Legislators, data protection authorities and customers are unhappy because society can neither safeguard their right to informational self-determination, nor their personal data privacy.
• Data traders are unsatisfied as they increasingly understand the need for a predictive market environment, created through close, transparent, accountable and trusted interaction with those whose personal information their business is based on – the customers.

The current shadow market in global personal data has the potential to undermine any long-term viability, leaving the whole industry to operate on the edge of what is morally sustainable.

New models for personal data privacy

Personal information is the currency driving the digital world.

Only a market for personal information based on fundamental privacy legislation can ensure consumers receive proper compensation for its value. This means bringing it out of the shadow market, where personal information is traded without accountability to customers.

There is no doubt that an adequate balance between the right to privacy & data protection on the one hand, and economic efficiency on the other, must be found, and quickly.

Leading scholars, such as Professor Dr. S. Spiekermann&A. Novotny at the Vienna University of Economics, and thinkers including Jaron Lanier (Who owns the future?), Erik Brynjolfsson & Andrew McAfee (Race Against the Machine) are offering workable adjustments to the current macro and microeconomic business model, to make it fit for the challenges of the digital economy.

Professor Dr S. Spiekermann & A. Novotny propose a 4 space market model:

1. Customer relationship space: the customers and customer relationship holders directly involved in any service exchange.
2. Customer relationship holder – controlled data space: the distributed computing and service infrastructures that enable electronic business relationships.
3. Customer controlled data space: services that grant customers ownership of their personal information and manage and control personal data in a privacy-friendly way, enabled by trusted third parties and personal data vaults.
4. Safe big data space: grants access to anonymized data on people and customers to all market entities that need it. The safe big data space is filled by data originating from market spaces 1- 3, but whenever personal information is transferred to the safe big data space, it must pass an anonymity frontier.

A customer relationship-centric model for personal information AND privacy

In a customer relationship-centric model, customers are willing to provide their personal information in payment for services knowing they will receive an appropriate return. This is the absolute opposite of today’s model, where customer relationship holders often serve as a gateway to the shadow markets.

The proposed model requires that only the single relationship holder visible to the customer collects the personal data. This relationship holder then becomes liable for the proper handling of the data in any exchange.

In accordance with the relevant data protection legislation, personal information received by the relationship holder is recognized as being owned by the customer. The relationship holder is only permitted to use the data for the purposes as set out in the digital personal data use policies.

This requires identified one-to-one transactions. This comes very close to solutions currently being proposed by leading postal service providers (e.g. credential exchange services such as Postal eID). Dealing with only one relationship holder at a time will re-establish predictability and trust in business transactions.

Another prerequisite is contextual integrity – where people always have the right to a personal data privacy-friendly service – if the use of personal information is to be legitimate.

Any data exchange between customers and relationship holders, and any further use of this data, is therefore strictly limited to the purpose of the transaction. Personal information cannot be used for purposes unrelated to the transaction, and the relationship holder is held liable.

Today’s complex service environment, in which strategic alliances across multiple organizations are the rule, reduces the security of personal information.

Customers are increasingly concerned about the secondary uses of their data by such invisible organizations. In this so called “customer relationship holder- controlled data space” the customer relationship holder should be liable and accountable to their subcontractors.

Giving customers back what belongs to them in the first place requires new policies, standards and governance to enable the necessary accountability.

However, one of the most promising consequences of this would be to reduce barriers to market entry.

Today data is controlled by those who dominate the market. In a customer-controlled data space, companies do not obtain a critical mass of users; instead, users proactively address companies and aggregate reference data that can be obtained from a big data space.

Salvation is at hand - from an unexpected quarter?

When we look at the economy as a whole we see that although vast amounts of data are available, markets are not yet able to leverage on it effectively. Quite the opposite in fact; many markets are stagnating, or even in recession.

Contrast this with rapid developments in the traditional post, parcel and logistics industries, which are merging and coalescing to form the digital, multichannel, communication logistics industry.

This industry is founded on a global infrastructure, standards and applications, and based on fundamental principles:

1. Personal and/or sensitive communication is private and protected
2. Sender and recipient in a communication are authenticated
3. Personal data about the user is confidential and secure
4. Personal data is only used for the purpose for which it is gathered

These principles also form the building blocks for any future, sustainable business model in which personal data is a key driver. 

It is therefore no surprise that global organisations driven by actual market needs – such as the Universal Postal Union (UPU) – are currently establishing the foundations for the next generation postal network.

They are developing standards, regulations and business models to meet these global challenges.

Fig.1: The Universal Postal Union: A proposed identity management environment

One such element is the proposed Postal Identity management standard.

The technical framework describes identity management elements and identifies common protocols used to exchange identity assertions and attributes for the purpose of enabling customer access to applications within the postal network.

The identity elements are defined to ensure the interoperability of credentials issued by postal operators worldwide, or by others for use in the postal network.

The standard will provide a basic understanding of identity management roles, technologies, activities and principles for the next generation postal network.

We believe that, having evolving from postal services and acting as trusted mediators in a regulated and globally governed network industry, the communication logistics industry is well positioned to support this balanced approach. Giving customers back the rights to the personal data that belongs to them in the first place will accelerate the rise of new services and speed up innovation.

Walter Trezek is the Chairman of the Consultative Committee (CC) of the Universal Postal Union (UPU).