GDPR personal data could be a force for common good if consumers share more

In the wake of GDPR legislation, finding a way to encourage people to share their personal data more widely is crucial to enabling the service breakthroughs everyone wants. But there’s a level of trust that needs to be built first, says J Cromack of Consentric

Much of the potential of smart city initiatives relies on unprecedented sharing of data between different parties – from council departments and transport/infrastructure managers to the app companies coordinating innovative new services.

Some of this data will come from the people passing through and engaging with these cities – and not all of it will be aggregated, anonmysed population data. In Southhampton, for instance, local residents can now carry a single City Council ‘smart’ card which can be used interchangeably as a bus pass, donor card, library card, leisure card, and toll card for crossing the Itchen Bridge. Something that would not be possible without the council and affiliated service providers being able to share citizens’ data.

Yet, in the wake of Facebook/Cambridge Analytica, and as the new EU General Data Protection Regulation (GDPR) comes in, personal data sharing has become a thorny subject. And plans for smarter cities, improved public health and other digital service innovations could be at risk if people stop consenting to relevant organisations being in on the secret. So it’s important we don’t reach that point.

That means giving individuals new, attractive reasons to share their personal data in the wake of GDPR – based on what they stand to get in return. It also means rebuilding trust; that people’s personal data will only be used with an individual’s express permission for the intended purpose, and that new permissions will be sought as needed.

Getting out what you put in

In the public sector a whole range of advances, from personalised, pre-emptive health advice to smarter transport services, depend on citizens allowing different organisations to understand more about who they are and what they are doing. As well as improving their own experience, the shared information could be used for the greater good – such as a deeper understand of diabetes or heart-attack triggers, or how to make streets safer.

It’s a theme that’s explored in an extensive new report[1], which notes that when the purpose of data sharing is clearly and transparently defined, participants are generally readier to accept new use cases. At an administrative level, this could be something as simple yet easy-to-appreciate as reducing the need for citizens to repeatedly give their address and other identifying data when applying for a passport, driving licence, Blue Badge and so on.

‘Help us to help you’

Lateral data sharing isn’t just a public-sector imperative, either. Other markets, such as financial services, could provide a more innovative and impactful experience for consumers who are sufficiently confident to share their data with more than one organisation at a time.

I could empower my independent financial adviser to do a better job for me, for example, if I allowed him to understand more about fluctuations in my wealth and cash flow. But that would mean giving permission to access certain information from my bank accounts, credit cards and so on, in support of specified activities.

It all comes back to balance, however. If the IFA’s algorithm means my default high-risk investment category is reviewed immediately if my income drops below a certain threshold, that’s valuable to me. If someone later tries to sell me car insurance because they’ve bought my financial profile, I’m going to look on the situation less generously.

Similarly, I am more likely to give consent for data captured by my Fitbit device to be shared if I think it could save my life by preventing a heart attack – because my readings trigger an alert, based on correlations in shared health data. But if there is a chance my medical information could fall into the wrong hands, I may make a different judgement call about how far my data’s use may be extended.

Gaining trust by giving back control

Although GDPR might seem to suggest it, rebuilding consumer confidence doesn’t necessarily mean that organisations themselves must put in place rigid new controls over what happens to people’s data. Rather it may be more effective – and confidence-inspiring – to put these controls into the public’s hands, so that individuals can view, edit and determine their own data permissions. Think of it as giving people access to their own data ‘strongboxes’ – which can be linked to particular use cases and applications as new options present themselves.

As consumers are asked to connect to everything from smart meters in the home to health-monitoring or finance-management apps to help them manage their health and their lives, giving them a say in what happens to their information is an important first step in getting them to open up. Being more transparent about the intentions for data, spelling out the benefits they stand to gain, and putting the individual in continuous control of consent, is surely the way forward.

[1] Data for Public Benefit: Balancing the risks and benefits of data sharing, a paper by Understanding Patient Data, Involve, CarnegieUK Trust, April 2018