Henkilötiedon hallinnan infrastruktuuri ja yhteistoimintamalli bit.ly/mydata-yhteistoimintamalli MyData allianssin kokous 28.10 13:00-16:00 @ Etelä-esplanadi 16 (LVM) Ohjelma: Esittäytymiset ja tilannekuva Kärkihankkeen rakenne ja rooli MyData pilotit MyData Allianssin toiminta (keskustelu ja yhteenveto) Taustamateriaalit päivitetään tänne 23.10. mennessä Background: What is MyData? Personal Data is Everywhere €1T Digital identity applications can bring a quantifiable annual benefit of approximately €1 trillion in Europe by 2020. The Value of Our Digital Identity - Boston Consulting Group (2012) Asset Class Personal data is becoming a new economic “asset class”, a valuable resource for the 21st century that will touch all aspects of society. Rethinking Personal Data - World Economic Forum (2014) Potential vs. realisation? Who gets the benefits? What happens to privacy? Trust is must! Two-thirds of potential value generation – €440 billion in 2020 – is at risk if stakeholders fail to establish a trusted flow of data. The Value of Our Digital Identity - Boston Consulting Group (2012) 78% 78% of consumers state that it is hard to trust companies when it comes to the way they use consumer personal data The future of Digital Trust - Orange (2014). MyData Principles ● Human Centric: right to data, individual in control, privacy ● Usability of Data and transparent relationship management: machine readable, open formats, APIs, standards, ● Open Business Environment: interoperability, possibility to change services without “data locks” My Data - Subset of Personal Data Individual can manage her personal data Personal data is accessible in machine readable form MyData vs. Current Models MyData Operator Model Account portability Standardized Agreements Current state Consents are not comprehensive Not dynamic They do not allow access for individuals to their own data MyData goal Create similar framework for personal data as CC is for copyright Also dynamic properties Addressing data The big change? Old ways of collecting and managing data struggle to provide aggregation, consent management and transparency Landline telephony (calling a fixed location) Traditional warehousing of personal data Mobile telephony (calling to a person) Personal control of one’s personal data use MyData nelikulmamalli Selitys... Kuluttajan MyData-operaattori Allianssin ylläpitämä “HUB” Yrityksen MyData-operaattori Monioperaattoriekosysteemi Yrityspalveluihin, tiedon jalostukseen ja kuluttajapalveluihin erikoistuneita MyData-operaattoreita Tiedon jalostukseen erikoistunut MyDataoperaattori Kuluttajan MyData-operaattori Kuluttajan MyData-operaattori Allianssin ylläpitämä “HUB” Yrityksen MyData-operaattori Yleinen MyData-operaattori Benefits of MyData Incentive for Data Sources to Open MyData Complementary services Incentive for Data Sources to Open MyData Flexible Consenting (GDPR) Incentive for Data Sources to Open MyData Data Exchange with Individual Incentive for Data Sources to Open MyData Organization Roles in the Infrastructure Business as usual Viewing service Level 1 Open MyData compliant API Use data from MyData APIs Level 2 Take the role of MyData operator Technical Architecture OpenID Connect, Oauth 2.0 and UMA Modules of Personal Data Management Health data profile, mobility profile, intent profile, contact profile, status profile. Local, cloud, distributed storage. Various security approaches. Semantic Models, Schemas and “Profiles” Algorithm and Application Sandbox Analytics Engine Data Storage, Database model, API harmonization Identity Management and Nondisclosure Trust networks, IdPs, strong authentication, regional regulations, identity nondisclosure as default. Interfaces for Personal Data Management and Creation Service Registry Service Discovery Authorization, Audit Trail, Consent models Self-report interfaces, data visualization, privacy control interfaces. Run analysis and applications locally instead of sending data out. Base of the “app store”, finding compatible services Consent management as a service, authorizing and later auditing the data transactions Modules of Personal Data Management Analytics Semantic Models, Schemas and “Profiles” Interfaces for Personal Data Management and Creation Algorithm and Application Sandbox Analytics Engine Data Storage, Database model, API harmonization Identity Management and Nondisclosure Service Registry Service Discovery Authorization, Audit Trail, Consent models Transactions SCENARIOS: 1. TRANSACTIONS - NO ANALYTICS 2. TRANSACTIONS + ANALYTICS 3. MIX (PARTIAL ANALYTICS) User Managed Access (UMA) 1.0 versio vuoden 2015 alusta Open Source toteutuksia on jo. Pohjautuu Oauth 2.0:aan ja OpenID Connectiin Keskitetty luvitus - “Authorization as a Service” Authorization server Resource server Useamman autorisointipalvelimen (MyData operaattorin) federaatio tulossa versioon 2.0 - Suomalaiset mukana vaikuttamassa standardointiin. UMA Demo Video (10 min.) UProtect Doctor Bob Happy Heart Account BHealthy EHR Husband Ted / client software https://youtu.be/cpT0S5LL9Fo?t=39m10s (start watching from 39 min. 10 s. onwards) MyData -kehitys Suomessa Driving the change Industrial alliance - National initiative, Telecom operators, Banks, Retail, IT providers, Startups... Public collaboration - Government plan and digitalization spearhead programme, LVM, TEM … Research projects - DHR, Re:Know, ICT Labs... Active people - OKF MyData working group, Datam.me... Julkishallinnon tuki “Vahvistetaan kansalaisten oikeutta valvoa ja päättää itseään koskevien tietojen käytöstä” LVM raportti 9 / 2014 Hallitusohjelma 5 / 2015 “käynnistetään ns. omadataan perustuvia kokeiluja” Kärkihanke 9 / 2015 Roadmap Phase 1: CLARITY Phase 2: FEASIBILITY Complete stack reference architecture ➔ Common Ground for Interoperability and Distribution Reference implementation of Operator stack, Data Source and Sink APIs Stack Process Ownership EU – level collaboration National legislation and Practice clearance 2015 Pilots First commercial operators Phase 3: GROWTH International growth and maturization of approach ➔ Global consortium Business-as-usual New stack generation(s) Focus on support structures Integration to big national Information systems 2016-2017 2017+ Kokeiluista yhteistoimintamalliin Phase 1: CLARITY Phase 2: FEASIBILITY Phase 3: GROWTH 2015 2016-2017 2017+ Kokeilut MyData allianssi Henkilötieto infrastruktuuri Yhteistoimintamalli MyData Alliance MyData allianssi Allianssin organisaatio ● Yrityskonsortio, jonka tavoite on kehittyä henkilötiedon hallinnan luottamusverkostoksi eli henkilötietoinfrastruktuuria operoivaksi yritysverkostoksi ja kokeilujen käynnistäjäksi ● Käynnistetään yritysten yhteenliittymänä, jonka kokoontumista ja toimintaa fasilitoidaan ● Tuottaa suosituksia, määrityksiä ja tukea piloteille ● Tavoite on kehittää kansallinen yhteistoimintamalli, joka on kansainvälisesti yhteensopiva Mukana (tilanne 8.10.2015, laajentuu jatkossa) Pilot Services contributing to the MyData core Mobility as a Service CRM as a Service SC Reserch Data Banking A&A PDS, Profile MyData& CORE& Retail UMA Cosent UMA Management / UMA Service Registry / SC Connection Personal Data PDS Storage QS Telecom Media UMA Aggregation & A&A Anonymization Local Application & Directive on Payment Services PSD2 Health Finance Analytics Analytics Profile Profile creation & portability QS Self tracking MyData allianssin toiminta Allianssiin osallistuminen: ● Allianssi on lähtökohtaisesti avoin ● Konsortio päättää itse osallistumisen ehdoista ● Jatkossa allianssissa voi olla yksityiskohtaisempi rakenne ja evoluutiossa kohti yhteistoiminta verkostoa voi olla tarve konsortiosopimukselle Mahdollisia allianssin toiminnan merkkipaaluja : ● Korkean profiilin roundtable (esimerkiksi ministeri kutsuu koolle Allianssin yritysten korkeaa johtoa) ● Kansallinen MyData visio ● Yhteistoimintamallin MyData viitearkkitehtuuri ● Henkilötieto reguloinnin suosituksia ● Kansallisten palveluiden ja valtionyritysten rajapintojen MyData yhteensopiva avaaminen ja integraatio ● Allianssin yhtiöittäminen ● MyData operaattoritoiminnon referenssitoteutus Allianssin ja pilottien suhde Allianssi tuottaa suosituksia, määritystä ja tukea piloteille Pilotit ohjaa allianssin toimintaa ja yhteistoimintamallin kehitystä Seuraavat askeleet 13.10: Workshops (LVM) ● Allianssin työprosessit ja tavoitteet ● Allianssin kokoonpano 28.10: Kick-off / Launch (LVM) ● MyData allianssin muoto ja toiminnan tiekartta ● MyData allianssin julkisuusperiaatteet ● MyData allianssin fasilitointiperiaatteet ● MyData pilottien ja MyData allianssin välinen vuorovaikutus (miten pilotti liittyy allianssiin, miten avoimia pilottien täytyy olla, miten pilotteihin pääsee mukaan) ● MyData pilottien ja MyData allianssitoiminnan rahoitus ● Kärkihanke rakenteen esittely Tavoitteena yhteistoimintamalli Yhteistoimintamalli Yhteistoimintamallin lähtökohtainen visio ● Monioperaattoritoimintaympäristö, jossa operaattoriin kytkeytyneet yksilöt, yritykset ja palvelut näkevät toisensa (yhteinen verkosto ja palvelurekisteri) ● Nelikulmamalli: Yrityksillä ja yksilöillä on rajapinta verkostoon ● Yhteistoimintamalliin kuuluu sekä teknisiä, regulatorisia että liiketoiminnallisia elementtejä ● Allianssi ohjaa ja omistaa yhteistoimintamallin kansallisesti, mutta pyrkii kansainvälisesti kytkemään yhteistoimintamallin Yhteistoimintamallin elementit ● Tekninen yhteentoimivuus: ○ Palveluiden ja henkilöiden rekisteröinti (mahdollisesti yhteinen rekisteri) ○ Suostumusten hallinta ○ Tietomallit ja rajapintastandardit ○ Tiedon käsittelyn standardit pilvessä, yksilön pilvessä toimivat sovellukset ○ Henkilödatan aggregointi kytkettynä henkilötiedon käsittelyyn ○ KaPa ja luottamusverkko integraatio (KaPa julkisena MyData operaattorina) ● Yhteinen liiketoimintamalli (siirtohinnoittelu) ● Yhteistoimintamallin regulaatio (mahdollisesti operaattoritoiminnan regulointi, mahdollistava regulointi, henkilötiedon infrastruktuuri reguloinnin mahdollistajana) Potential Pilot Cases MyData kokeilun (pilotin) raamit ● ● ● ● Identifioidaan loppukäyttäjät ja arvolupaus heille Dataa liikkuu vähintään kahden organisaation välillä Ihminen on itse mukana luvittamassa datan liikkumista Pilotti kontribuoi MyData allianssiin Pilotissa ainakin yksi lähde, operaattori ja loppu- käyttäjille näkyvä sovellus CASE: Privacy Management as a Service (CRMaaS) MyData Operator Organization X Operator sells organizations: Consent management and privacy management outsourcing CRMaaS services (by extending existing CRMaaS services) Rich profile information Value added personal data processing services Can extend to other MyData services and business models MyData Alliance is the joint platform operated by operator companies. Each company and individual subscribes account from single operator, but is registered to joint service registry system CASE: Research data banks CASE: Mobility Profile (MaaS) MyData Operator OR Mobility Profile Creator Mobility data sources MyData Operator Mobility data sources MaaS Operator MaaS Operator Mobility Profile Creator CASE: Account Number for Salary and Benefit Payments General MyData-operator Public Organization’s MyData-operator Social Benefit Organization (benefits) Bank where the individual has his cash account Tax Authority (tax returns) Employer (salaries) CASE: Portable Media Profile @ YLE YLE Authorization (UMA) Areena (YLE) Profiles API (YLE) Uutisvanhti (YLE) Player App (external) CASE: Portable Media Profile expanded use YLE Authorization (UMA) Areena (YLE) Consumption profile (Retail) Uutisvanhti (YLE) Profiles API (YLE) Player App (external) Other media channel CASE: Occupational Health CASE: Loyalty Card Data MyData operator Source: Retail Loyalty Card Data Source: Complementary Data Source Health & Wellness Feedback (App) Diagnosis and Monitoring Service for Healthcare Intelligent Consumption Service International Benchmarking Next actions Activities Human-centric personal data management white paper 2.0 H2020 (Big Data PPP) proposal Visits to Finland Health Bank visit to Finland (TBC) Synergetics UMA workshop in Helsinki (18-19.11.) Upcoming trips Amsterdam (22-28.10) multiple meetings Bryssel (27.11 - 1.12) Commission Round-table & EU Big Data PPP Light House Wien (2-3.12) Internet Identity Week London (8.12) Ctrl-Shift conference Copenhagen (9.12) Nordic Digital Forum Personal Data Management Scenarios Blockchain models Human-centric MyData Approach PDS-based aggregators How to find the right balance? Finnish KaPa Organizationcentric Dominant US-based Data giants model Free market -driven Regulation-driven OpenPDS/SafeAnswers allows users to collect, store, and give fine-grained access to their data all while protecting their privacy. OwnYourInfo puts you in control of your data - Keep your important information and files safe, organized and up-to-date. Share your information securely with anyone from anywhere. Mydex enables individuals to exchange personal data with confidence. It provides the individual with a hyper-secure storage area to enable them to manage their personal data, including text, numbers, images, video, certificates and sound. HealthKit allows apps that provide health and fitness services to share their data with the new Health app and with each other. A user’s health information is stored in a centralized and secure location and the user decides which data should be shared with your app. The HAT is a personal data platform created to trade and exchange individuals’ own data for services in a standardised and structured manner. HAT has a schema that ‘flattens’ and ‘liberates’ vertical structures of data. Arkkeo automatically stores and archives all the purchase receipts, warranty, insurance, healthcare and travel documents you receive from the businesses and service providers that you deal with. Microsoft HealthVault is a trusted place for people to gather, store, use, and share health information online. Life Management Platform that puts you at the center of your connected world. Take control of your personal data, organise your private information and replace many of your paper-based tasks. Link your IoT devices, manage your social channels and connect your contacts. Encrypt your information and store it in your own personal cloud. Healthbank is a citizen-owned health data transaction platform. It connects data sources from all facets of the healthcare ecosystem and rewards participants in research data collection. TheGoodData gives you back control of your valuable browsing data and lets you do some good with it. The Qiy Standard offers people a human-centric solution to access, manage and share personal data. Cozy Cloud is a personal cloud you can host, customize and fully control. Sync your contacts, calendars and files between your devices and your personal server. Add your own services to leverage your personal data. Synergetics is developing Personal Data Ecosystem platforms, based on international standards, ontologies, and big (personal) data. The solutions aim to innovate Life Management processes supported by intelligence and end2end trust assurance. Glome is a new era relationship management service to help businesses improve user acquisition and retention. We remove the login while gaining insight to user behaviour across multiple devices with soft accounts - no sign-up, no installations, no friction. A mobile application for everyone to own their personal digital identity for communicating, connecting and browsing the web independently. People can tie information to their identity, regardless of where it is stored. People can secure the data, yet share it directly between peers in mightily flexible ways. Your data belongs to you. So when it is sold, you should be the one that benefits. With Handshake you can. Your personal information – under Your control, with Your consent, for Your benefit. PAOGA App creates a unique certificate (key) which is stored on your computer and is required for you to access your PAOGA Personal Cloud and all the personal and private data, documents and files that you are protecting. User-Managed Access is an OAuth-based access management protocol standard. The purpose of the protocol specifications is to enable a resource owner to control the authorization of data sharing between online services on the owner’s behalf or with the owner’s authorization by an autonomous requesting party. This has privacy and consent implications for web applications and IoT. Antti “Jogi” Poikola Kai Kuikkaniemi about.me/apoikola LinkedIn @apoikola @kaikuikkaniemi
© Copyright 2025