The foundations of a new personal data ecosystem

For the last 50 years or more, businesses have hoarded information about customers and, largely, done what they wanted with it. But what companies do with that data is coming under growing scrutiny, both from regulators and from consumers, who are increasingly aware of their data protection and privacy rights.

Some experts argue that the relationship that organisations have with their customer’s data should be turned on its head. Instead of a business processing data in a way that it hopes does not aggravate its customers or break the law, the data subject – they argue – should control who can access data about them.

This loss of control would not be detrimental to businesses, they say. If a customer is in control of how their data is used, and trusts the organisations that wish to use it, then they will freely share information that is currently inaccessible to businesses, and will maintain the quality and accuracy of that data themselves.

This revolution in the personal data ecosystem would of course require a substantially different technical architecture to the current state of affairs, in which personal data is stored in vast, organisation-specific siloes.

Earlier this week, at the Sibos banking innovation summit in Osaka, Japan, an early step in what may become that new technical architecture was unveiled. Innotribe, the innovation arm of banking information transfer agency SWIFT, announced a prototype for what it calls the Digital Asset Grid.

Digital Assets

The Digital Asset Grid is proposed as a system of information exchange protocols and governance processes that allows users to make information about them accessible to third parties in a controlled fashion.

Central to the system is the concept of a ‘personal cloud’, a hosted information repository specific to an individual that could contain not only descriptive data but also information about their intentions, such as whether they want to buy a car or a take out a mortgage.

This information would be accessible by trusted merchants, who could find customers in need of their services, while consumers would in theory receive offers that were useful to them. The ‘personal cloud’ systems could even analyse the offers put forward by merchants so only the best are brought to their attention.

In SWIFT’s vision, the custodians of an individual’s ‘Digital Assets’ – the hosts of their personal clouds – will be the banks. They already protect an individual’s financial assets, so why not their digital assets?

SWIFT’s role would be to provide a ‘trust framework’, implementing various techniques to verify individuals and merchants depending on the degree of trust required for a given transaction.

The prototype of the Digital Asset Grid includes some technical specifications. Information, it proposes, should be shared using XDI, an open data interchange standard that incorporates access permissions into the data model with a system of ‘link contracts’.

It also proposes that systems, be they ‘personal clouds’ or merchant e-commerce platforms, should talk to one another through ‘Evented APIs’. 

“Most APIs today are like phones that don’t ring – you can call them but that they can’t call you,” explains Phil Windley, CTO of platform as a service provider Kynetx and an advisor to the project. “But Evented APIs can push data out to another system in response to an event – such as an individual expressing their intention to buy something.”

The immediate challenge for the Digital Asset Grid now is to attract the support of the banks. At the announcement at Sibos, representatives from HSBC, Citibank and RBS were on hand to endorse the prototype in principle. However, it remains to be seen whether SWIFT, which is funded by its member banks, sees enough interest to continue the project.

A bigger question, though, is whether the banks really should own the system of exchange between individuals and merchants.

One of the principal benefits for the banks, besides what they might charge for personal cloud hosting, is the ability to offer financial services to support the deals that are being struck over the Digital Asset Grid.

For Johannes Ernst, founder of personal cloud start-up Cloudstore, this raises questions about how open the personal data ecosystem would be under the banks’ stewardship.

“Could I store something on the Digital Asset Gird, and prevent the hosting bank from accessing it for their own business purposes?” he asks. “If I decide to store my digital assets with a SWIFT member bank, can I get them out and move them somewhere outside of SWIFT at any time?”

“Those questions will help us determine how much of a silo [the Digital Asset Grid] is going to be,” he says. “However, from what I have heard so far, it may very well be more user-centric. If so, this project could be truly transformative.”

Another advisor to the project, Alan Mitchell of UK marketing innovation consultancy Ctrl-Shift, says that banks have certain experience that makes them suitable candidates to support the exchange of personal data.

“They deal with a huge wide range of stakeholders; they are trusted to have highly secure systems and they are used to dealing with regulation and governance on as massive scale,” he says.

But Mitchell concedes that there are other candidates too, including web service providers Facebook and Google. “There are a lot of areas where banks have an advantage, but that doesn’t mean that it’s going to be a monopoly or that no-one else is going to try to do it.”

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media (now Bonhill Group plc) from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The...

Related Topics

Personal Data