What’s the MyData movement all about?

The contemporary debate about data, including discussions of the legal status of data, are hard to understand without defining the broader context. One element of this context is the demands of the movement referred to collectively as “MyData.”

A European strategy for data,” published by the European Commission in February 2020, alludes to the MyData movement in the context of the challenge presented by inadequate technological support for data subjects in managing their own personal data. On one hand the Commission perceives the potential inherent in personal data, in particular the potential for the data subjects themselves. Appropriately managed personal data can improve the quality of services received by data subjects (e.g. in the area of healthcare) and increase their control over their data. On the other hand, the Commission found that there is a lack of appropriate tools for managing data, and thus the inherent potential of the data is not being exploited to the fullest.

This is where the MyData
movement comes in. “MyData” is in fact the name of a specific initiative, but
it well reflects the spirit of a much broader movement which has been around
for several years. This movement seeks to develop tech solutions unleashing a qualitatively
new approach to management of personal data. Thanks to such solutions, data
subjects could decide who can use their data, when and under what rules. Some
of these solutions also offer opportunities for data subjects to enjoy a stream
of passive income from their data.

The broader MyData
movement now includes a huge number of initiatives, and in a brief article we
can touch on only a small number of them. But a few examples suffice to convey what
a broad and intriguing phenomenon this is.

We can start with the organisation whose name has been used to identify the entire movement. MyData is an NGO currently bringing together over a hundred institutions from all over the world working on an alternative vision for managing personal data. This vision includes real control by data subjects over the data concerning them. There are regulations in place providing certain protection of personal data, but enforcement can be ineffective. The MyData movement calls for the creation of technologies enabling fluid transfer of data, immediate realisation of the right to be forgotten, and so on. This would place data in the actual control of individuals, not internet corporations. It would also allow benefits to be extracted from data. With fluid transfer, data would no longer be locked in corporate siloes but could easily be moved to where there is a current need. Implementation of the principles called for by MyData would result, for example, in the rule that data generated by automobiles belong to the data subjects (the users) and are managed by them.

The MyData movement
foresees the creation of an entire data management infrastructure. It would
also be necessary to establish appropriate standards and trusted entities
storing the data which could be managed by data subjects directly or indirectly
(by duly authorised agents).

Another interesting example is Wildland, an initiative of the cofounders of one of the best-known Polish blockchain projects, Golem. This project calls for creation of a new data management protocol based on the concept of data containers and access paths. In the developers’ concept, this is a response to the excessively centralised and closed model of digital services which practically deprives users of sovereignty in managing their own data. The dominant model is manifest for example in a lack of real access to alternative models for digital services. The Wildland concept calls for addressing these phenomena by creating a system giving data subjects control over the infrastructure in which their data are stored and processed. Each data container may be filled with a specific package of data and can have defined parameters for access to the data.

Another
interesting dimension of the MyData movement is the idea of creating new
institutions playing a key role in new models for administration of data. An
example is the vision of “data partners” presented in a recent report by the Warsaw-based Centrum Cyfrowe. Under this vision, the debate over the data
management model should not be limited to a bipolar division into a privacy perspective
(assuming a focus on ensuring protection of data privacy) and a commercial
perspective (assuming a focus on creating a model for commercialisation of data).
This logic is dispelled by adding a public perspective. Increasing the
exploitation of data for public purposes is in the interest of both citizens
and the economy. The authors of the report propose to achieve this effect by
introducing intermediary institutions into the system which would aggregate
personal and non-personal data and manage access to them, under commercial or
non-commercial rules depending on the recipient. This vision calls for a
compromise between privacy protection, the economic dimension, and the public
interest.

As indicated, these are just a small sample of the area covered by the MyData movement. The ideas presented offer great intellectual interest, but we as lawyers are also interested in whether the MyData movement carries the potential to change legal paradigms. And that is undoubtedly the case, as is already demonstrated by the examples mentioned above. Technology can be the primary agent of change. But the potential creation and spread of new data management protocols may give rise to a need to create new legal frameworks for data, just as the technological revolution in the form of blockchain protocols has given rise to a need to develop legal frameworks for crypto assets. In the case of data, projects based on tokenisation of data or creation of data containers may in time lead to the development of legal frameworks for these digital creatures. Discussions on data management models can also contribute directly to changes in the legal system. If the models ultimately head in the direction called for by the authors of the Centrum Cyfrowe report and others, it will undoubtedly be necessary to develop legal frameworks for the operation of various types of data trusts or data partners.

Krzysztof Wojdyło

Previous post
Data and copyright
Next post
Data as crypto-assets