Search This Blog

Thursday 13 December 2012

Midata Thoughts No. 1

Hard on the heels of the government's recent warning shot, we're now into the working group phase of the voluntary Midata programme.

I'm involved in the working groups on Transmission and Data Protection Regulation & Enforcement. Other members of the Interoperability Board are also looking at Identification; Data Storage; and Onward Data Release to Third Parties. In due course, we will draw those aspects together, with the exact form and format of the output to be decided.

Of course, this is not intended as a 'closed shop' and I have tried to be transparent, via this blog, about my involvement. This has included publishing a summary of my response to the Midata consultation over the summer. In keeping with that, I am now embedding below a presentation of my initial thoughts following discussions on the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved.

I welcome any comments, queries or suggestions you may have. I will post further updates in due course.



9 comments:

  1. Simon - can you explain to me why an active PIM (which adds value and can alter the data) does not simply belong in the same category as a 3PSP?

    From a consumer point of view the key difference is between a service which acts on their behalf and can't see the data (such as Mydex) and a service which seeks to acquire their data by incentivising them (the classic Web 2.0 business model) and does not act on their behalf.

    Doc Searls of Project VRM would call the latter a third-party service and the former a fourth-party service. The terms aren't necessarily right haven't necessarily stuck but the VRM way of thinking about this is clear and helpful, most of all to the individual I'd have thought.

    ReplyDelete
  2. Hi William

    Thanks for the comment.

    I realise the term 'third party service provider' should be 'third party supplier' ("3PS"). The point is to contrast the receipt/use/generation etc of midata solely for the purpose of supplying goods or services (which a 3P supplier does) with a service that involves acting on a consumer's behalf in the holding/controlling/processing/transferring midata, or personal information management. Of course, the same entity could be performing both functions as separate offerings.

    It follows that there is at least a limited form of agency involved in personal information management. That may be more limited where the agent can't 'see' the data, but it remains an important legal distinction even in that case. I will also call this out in a revised version of the presentation.

    ReplyDelete
  3. I’ve further updated the presentation to v1.2 to include a scenario 3c, in which Customer deals with 3P supplier directly.

    Scenarios 3a/b assume the Personal Info Manager deals with the 3P Supplier on the Customer’s behalf under a pre-existing contract between the Customer and the 3P Supplier.

    ReplyDelete
  4. Could you please explain why a consumer ('customer') would have any desire to have a relationship with the PIM. It fails the "mum" test. What's in it for your mum to take the time and hassle to authenticate herself with the PIM? Why would she do it?

    ReplyDelete
  5. Because consumers (and small business owners) may not be able to do much with data in machine-readable format, whereas Personal Information Management services will turn that data into knowledge that can help consumers get better deals. Currently, only the Suppliers have access to this data in a format that enables analysis; and they exploit this 'information asymmetry' to suit themselves ahead of consumers. Midata is about removing the asymmetry.

    ReplyDelete
  6. You didn't answer the question. What problem are you trying to solve for the average Joe on the street? "machine-readable format... Midata is about removing the asymmetry" these expressions fail the mum test. If I said this to my mother she'd be clueless as to what I'm talking about. How would you sell it to her? What customer problem are you trying to solve? Is a PIM going to be a price comparison website? Sorry, but it seems like you've got a great solution for a problem that customers (aren't aware) they have. What's the elevator pitch to the Great British Population?

    ReplyDelete
  7. Tell me how you use your mobile phone and I'll keep switching you to the service that's right for you.

    ReplyDelete
  8. Why do you need to have the PIM? Why shouldn't the supplier make the data accessible to the 3PS using open standards? Aren't you going to end up with some cumbersome security intermediary that enforces some complicated 2 factor authentication, resulting in an over-complicated, under used service?

    ReplyDelete
  9. @Anonymous: nothing is mandatory - not even a 'PIM' (see scenarios 1 and 3c). It's just evolving as a function/service, so we need to consider the implications.

    ReplyDelete