Sharing data effortlessly whilst keeping control

05 September 2018 4 min. read

The General Data Protection Regulation (GDPR) gives citizens more ownership of their personal data, but more ownership does not automatically result in more control. That requires extra tools, and the Dutch government intends to formulate a set of agreements for that precise purpose. However, Douwe Lycklama from INNOPAY contends that these will only be effective if they contain agreements about the identification, authentication and authorisation of the people and organisations that wish to share data. “Only then will we have access to the tools that allow us to share data effortlessly while also retaining full control of our data.” 

Lycklama, the founder of the consulting firm, says that an essential aspect of today’s digital era is that every action is becoming a transaction. “Every time we swipe or tap our smartphone or tablet, it is registered somewhere in the world to provide us with the right response. With the rise of the Internet of Things (IoT), all other activities are at risk of becoming a transaction too – from a run in the park to a journey in our connected car.” 

“Everything we do is becoming digitalised. We are receiving increasingly appealing and affordable services, but we are paying for them with our data. And that data is in great demand. Advertisers are prepared to pay a lot of money for it in the hope of using it to interest us in their products and services.” According to data by a research firm in the Netherlands, advertising spending in the country amounted to €3.2 billion last year, a jump of around €200 million vis a vis the level noted three years previous.

New questions and concerns

The Dutch government is keen for the Netherlands to lead the way in a digitalising Europe. The country must in the eyes of policy makers seize the opportunities offered by digitalisation, whilst not losing sight of its potential drawbacks. Lycklama: “After all, digitalisation gives rise to various new questions and concerns. Who owns the data, and who has access to it? When we share our data with an organisation, what are we actually giving them? And can we ever get it back?” 

The concerns are largely focused on the concentration of power among the large, well-known big technology companies. The digital platforms that collect the most data have the best opportunities to keep improving their products and services. “This is further enhancing their attractiveness. It is a ‘winner takes it all’ market.”

Sharing data effortlessly whilst keeping control

Ownership but no control

The General Data Protection Regulation (GDPR) is designed to offer hope by giving us back control over our own data. “We now have the right to see which data has been stored, and the right to be ‘forgotten’.” But does the GDPR really change anything in practice? “If you want to exercise that control, you still have to take proactive action and it takes considerable effort to get data deleted. We might own our data, but we still don’t control it.” 

Leave data where it is

If people truly want to get back control of their own data, then a fundamentally different approach to how data is shared is needed, says Lycklama. “Leave the data where it is, at the source. Give citizens themselves the right to decide who does – and doesn’t – receive secure access to their data. And partners that are allowed access may only view the data on the owner’s terms. In this approach, data sharing becomes nothing more than providing access rights to data. If we want to stop sharing our data, we simply withdraw those rights.” 

Identification, authentication, authorisation

By drawing up the so-called ‘Dutch Digitalisation Strategy’, the Dutch government has taken the first step towards increasing citizens’ control over their own data. As part of this, the plan is to formulate sets of agreements – but which concrete agreements should such a scheme contain? The answer according to the digital expert: agreements about identification, authentication and authorisation. “Such agreements enable people to share data with previously unknown partners. Thanks to the agreements, they can identify the data-sharing partner, authenticate the partner’s identity and ensure that the partner only gains access to the data that they are willing to share.”

Data-share requests

On the question of what such a scheme could mean for consumers, Lycklama states: “That we could have completely secure, reliable and controlled transactions without having to re-enter our details every time, and that it is uniformly defined how data is shared, just as it is already defined how payments, telephone calls and emails work. Just as we’ve had to learn how to send emails, text messages and apps over the past 20 years, for the next 20 years we will be learning data sharing.”