Ben Longstaff

Advisor at Every Capital

Data Markets: we need to think about using personal data like sex, your consent is required every…

Data Markets: we need to think about using personal data like sex, your consent is required every time.

Letting people sell their personal data without informed consent is a terrible idea.

image source: why should your data be any different?

Giving informed consent requires having full knowledge of the possible consequences. Who could have guessed that taking a Facebook quiz in 2012 could impact the 2016 US elections? Knowing what you know now, would you still take that quiz? Let’s be real, data markets are not going away. Advertisers are still going to want to give you the ads your most likely to convert on. Researchers are still going to want to get insights from your behaviour.

The good news is that digital cats that own digital hats hold the blueprint for a new business model.

First let me explain why it’s a bad idea for you to sell me your data.

Once you consent to selling your data, an exchange takes place. I give you some money and you give me the 1’s and 0’s that make up your data. Once I have that data you no longer have any control over how that data gets used. You don’t own the 1’s and 0’s on my computer, I do.

I can do whatever I like with the 1’s and 0’s that represent you.

I don’t need your permission or consent for what I do with the 1’s and 0’s that I bought from you. You now have no recourse or enforceable rights for what I do with them.

Many identity startups struggle to find a business model. The default is to sell user data and cut you the user in on the action. There are better business models.

To keep control over your data requires that you don’t give away the 1's and 0's.

There are large amounts of value locked up in rich datasets. To unlock that value requires algorithms doing work on the data.

It’s time to change the way we use data

Instead of selling data, the better alternative is to lease access. This changes where the computation takes place and returns control to the data owner. This means that I would pay you each time I want to ask a question of your data. I get the answer to my questions without needing to see your data. A simple example is I want to know if you are over 21 before displaying alcohol related content to you. Instead of collecting your date of birth and calculating your age I can ask the question

“are you over 21?”

This satisfies my business logic without needing to know your date of birth.

The request for answers needs to be proportionate to the benefits offered. For example, if I ask Yelp for recommendations on the best ice cream near me and Yelp comes back asking for:

  • My 23andMe DNA Genetic Testing & Analysis
  • All my Facebook photos
  • My employment history for the last 10 years
  • All my health records
  • My phone’s GPS data for the last 24 months

That is a disproportionate ask. Now if you’re thinking

“you’re not the boss of me, I can do whatever I see fit with my data”

You wouldn’t be alone, discovering why there is always a line outside of Bi-Rite in SF, even in winter is important. I would agree IF your able to give informed consent. But Yelp could give me a good result only knowing that I’m in Delores Park. If Yelp could give me better recommendations with my health records it should be done on my device. Ideally, they only need to know that I am in SF and return my app the top 1,000 ice-cream places to be filtered on my device.

How can I give informed consent to use my data when I don’t know the consequences of how it will get used? Yelp could sell my health records to a data broker in a data marketplace. That data broker could sell my data to an insurer interested in people with chronic illness. The end result could be my grandchildren get precluded from health insurance. I know Bi-Rite’s ice-cream is good, but is it give up your grandchildren’s future rights good?

The long-term consequences of how personal data is being used is unknown.

So how do cats with hats save us?

Remember CryptoKitties? Those cute cats that clogged up the Ethereum network at the end of 2017 became a platform. What’s unusual is that they didn’t plan to be a platform. The KittyHats team decided that the cats needed more swag in the form of digital hats. All the data is on the blockchain and all the assets are in a CDN so KittyHats didn’t need permission.

Why this is a big deal:

When you buy a hat for your cat, the cat owns the hat, so if you sell the cat it comes with the hat.

Put a different way, digital objects on the blockchain can own other digital objects. This is a new way of thinking about data ownership and user’s rights. This can be a way to include the data owner in the value chain. Let’s look at an example:

  • 1) There is a digital object that represents me (address 1) on a blockchain. I export my bank data to a data vault (not on a blockchain). My data has a digital object on a blockchain that represents it (address 2).
  • 2) Kate is a researcher (address 3). She wants to look for a relationship between salary, posting online and time spent at a company. She has identified 1,000 software engineers with more than 10 years’ experience.
  • 3) I consent to running Kate’s query against my data, this triggers a payment to my data.
  • 4) The digital object that represents that data sends it to me.
  • 5) My response gets combined with the other 999 peoples’ results. The output of the aggregated results is returned to Kate via a smart contract.
  • 6) The smart contract creates a new digital object (address 4) for the new data.
  • 7) The new data is owned by the input data sets and Kate.
  • 8) Amazon has 20,000 applications and wants to short list them by those most likely to stay with the company. Amazon wants to use the results from Kate’s research.
  • 9) Amazon pays the digital object at Address 4 to use the data via a smart contract. This is distributed to the owners.
  • 10) The payment is distributed to Kate at Address 3 and the data sources.
  • 11) Address 2 gets paid (my data)
  • 12) The digital object that represents my data redistributes the payment to me at Address 1.

NOTE : My bank data is NOT on the blockchain, personal data should never be on a blockchain.

The key thing here is that Amazon didn’t need to see my data to be able to apply the insights that where derived from it.

Why blockchain?

Why can’t we just do this with a centralised solution, why do you need a blockchain? Having a hash of the data in the digital object that exists on-chain means

  • The hashes can be used by Kate’s algorithm to verify the authenticity of the data being used.
  • There is an immutable record of data ownership rights. The rules can’t be amended down the track

In a centralised world, you would buy a digital cat, and then buy a digital hat. Then you could add the hat to the cat, but you still own the cat and the hat. Maybe the centralised world has a rule that the cat then owns the hat. The kicker with a centralised world is that the owners can change the rules later if you really need that hat back.

In a decentralised world once the cat owns the hat there is no going back.

We have laws to ensure that sex is consensual and safe. We need to design the future to protect the rights of the most vulnerable and include them in the value chain. Data Markets that sell your data are not the way to do this.

Want to know more about storing hashed data on the blockchain?

Why hashed Personally identifiable information (PII) on the blockchain can be safe

How about what verifiable trust looks like?

Meeco is verifiable trust - Whitepaper

If you’re working in the digital identity and personal data space please reach out.

More by Ben Longstaff

More Related Stories