Think You Own Your Data? Get Ready for the Multi-Party World
By Tim Panagos
One of the poorly understood implications of the IoT economy now emerging is that data is not likely to be the preserve of a single company or individual in the future. In fact, we’re already entering a multi-party or multi-tenant world where data will be owned jointly or by different entities during different moments in its life. This will require a whole new way of thinking about contracts, regulatory compliance, rights and privacy.
Multi-party ownership is one of the key tenets we programmed into our microshare™ solution to this challenge. When a piece of data actually has multiple people who have some ownership stake in that content, we have to adopt a more flexible approach than traditional IT uses today. The norm in 2017 is that all data has an owner mostly because the IT systems have been so restrictive, so we naturally think about the contributor of that data being the sole owner of that data, solely responsible for the disposition of that data, of who can see it and delete it, copy it, or profit from it.
In a multi-party scenario, which we believe is the norm that is now emerging, we actually have more than one person who has those rights to that piece of data. An analogy that I usually use would be an e-mail system: when I send an e-mail, logically there’s a ‘to’ and ‘from’ owner, and as the sender, I have rights to the data that is that e-mail, and then as the receiver I also have rights to the content that is that e-mail. Most e-mail systems, all e-mail systems are not written as multi-party systems today, they are handled by generating a copy of the data, right? So the sender has a copy on their server and the receiver has a copy on their server.
Think about that same core piece of data representing the content of the e-mail, having a ‘from’ and a ‘to’ owner. The other area where I think this is illustrated is in the case of health care, for instance, where you might have a doctor who might have access to information in your medical record, and so he is the ‘by’ owner of that data, while the person for whom that information is about would be the ‘about’ owner. So you, as the patient, have ownership rights of the data about you in your medical records but naturally the doctors, who have that data stored in their electronic medical record systems, also have a right to that data. This is a perfect scenario for multi-party ownership. I have rights over the data, and my doctor has rights over the data.
So, you ask, why do we care?
When the promised revenue opportunities of the IoT economy come to fruition, regulation increases as it becomes more recognized that data is a valuable asset. Naturally, there’s going to begin to become increasing struggles over who actually has the right to benefit from the value of the data that is generated from all this content. You see regulations like HIPAA on health care data, where a patient has a right to the information about their health, and there’s the General Data Protection Regulation (GDPR) coming into force next May in Europe, that says browsers on the internet have rights to data that is collected about them, they have an ownership stake in their browsing history, for instance. And so, as these sort of regulatory environments change to protect the consumer, there needs to be IT systems that go along with that. And once that’s done we’ll have data that we’ve collected in a variety of different contexts where you’ve got multiple people who really, logically own that content. For that reason, we have taken great pains to integrate this new ecosystem into microshare™ software.
Tim Panagos is Chief Technology Officer at Microshare.io, makings of the unique microshare™ data governance and management system. This is an excerpt of an upcoming podcast.