1 THE MESINFOS PILOT STUDY Summary, Conclusions, Future challenges October June 2014 Fondation Internet Nouvelle Génération
2 00 Table of contents 01. Executive Summary 02. Context: the Self Data world 03. MesInfos: the experiment 04. Principal findings 05. Personal data management: applications and services 06. The next step: challenges 07. ANNEX 1 -MESINFOS CHARTER OF VALUES 08. ANNEX 2 Accord de consentement signé par les testeurs MesInfos
3 01 Executive Summary 01 - Executive Summary L experimentation L expérimentation in short If I can use your data, you can too... however you please. With this particular idea in mind, FING and its partner organizations launched the MesInfos pilot project in The goal: to see what would happen if organizations that gather personal data actually shared those datasets with the individuals concerned. From this starting point, MesInfos has set out to explore what could be a real paradigm shift in the digital economy. We call it Self Data : the collection, use and sharing of personal data by and for individuals, under their complete control and designed to fulfill their own needs and aspirations. The benefits to individuals are endless: improve one s self-knowledge, evaluate past decisions, make better and more informed choices in the present, share information and collaborate with others, contribute to common endeavours, make life easier But organizations stand to gain as well, first by restoring trust and loyalty, second by improving the quality of the data that they gather, and lastly, thanks to better, more efficient and more transparent marketplaces that reward the truly competitive Similar large-scale initiatives using this approach have been deployed in the United States (e.g., VRM, Blue Button, Green Button) and the UK (Midata). However, with the exception of sectoral projects, the approach had never been tested in the field. For the very first time, from October 2013 to May 2014, large companies (e.g., banks, an insurance provider, a retailer, a telecommunications giant) agreed to securely, individually share with several hundred of their clients the personal data they gather about them on a daily basis. This experiment was the first of its kind in the world. This report presents its most significant findings. A life-sized experiment in handing people their data back For seven months, a panel of 300 volunteer testers had individual access to their own secure «personal cloud», set up by the French startups CozyCloud and Privowny. Market research firm Eden Insight recruited the panel of participants, and coordinated this cohort through forums and questionnaires throughout the experiment. 6 large «data collecting» companies shared testers personal information directly with them: AXA (insurance), Banque Postale, Credit Cooperative and Société Générale (banking), Intermarket (retailer) and Orange (telecom). Solocal Group and Ecometering (GDF Suez) took an active part in the design of services for testers. Google was involved through its Google Takeout service. A total of 5,000,000 structured data items were «handed back»: transactional data (bank statements, geolocation, till/ cash register receipts, call logs), personal profile data (identity, socio-economic classification), and data tracking the relationship between the company and personnelles the individual qui les concernent. (e.g., dates, contract terms, point schemes, market segmentation, etc.) L expérimentation MesInfos , ce sont 8 grandes entreprises partenaires, qui pendant 6 mois, ont restitué à 300 de leurs clients des données Ce sont 5 millions de données structurées (relevé bancaire, géolocalisation, ticket de caisse, journal d appel) transmises dans les espaces personnels de TESTEURS PANEL DES TESTEURS Les 300 testeurs du panel de l expérimentation MesInfos ont été sélectionnés par la société d études Eden Insight. La condition pour participer à l expérimentation : être client d au moins deux entreprises partenaires. Les testeurs n étaient pas des experts du numérique. Pendant toute la durée de l expérimentation, Eden Insight a assuré l animation du panel sur un forum dédié aux testeurs, et via plusieurs canaux : tchat, focus group, quizz, mini-questionnaires ANIMATIONS CHERCHEURS DISPOSITIF DE RECHERCHE Tout au long de l expérimentation, une équipe pluridisciplinaire de chercheurs (marketing et sociologie) a observé comment les membres du panel utilisaient leurs données, ainsi que leur ressenti. Testeurs recrutés pendant l été 2013 De décembre à mai, les Testeurs ont eu accès à leurs espaces personnels CONTRIBUTIONS SUR LE FORUM Several dozen reusers : startups, independent developers, designers and students, devised consumer-oriented applications designed to help testers leverage their own data: 18 applications were prototyped and tested, and about fifty concepts were scripted and illustrated. A competition recognised the best ideas and achievements. Throughout the experiment, workshops and Chaque testeur dispose de son serveur personnel, dans lequel sont stockées ses propres données personnelles. À partir de cet espace, les testeurs peuvent exécuter les applications qu ils ont choisi d installer. Ces espaces personnels sont fournis par les start-ups CozyCloud et Privowny. Utilisables de : décembre 2013 à mai 2014 a «hotline» facilitated reusers efforts. An online resource center gave them access to data descriptions, a developer platform and offered them opportunities for direct interaction with the testers. ces 300 testeurs ; elles alimentent une quinzaine d applications créées par des développeurs de tous horizons qui proposent de nouveaux usages. Une équipe de chercheurs A team a observé of sociology l impact du and retour marketing sur researchers les testeurs, monitored et l évolution the des données personnelles de leur rapport à ces experiment, données. which was conducted under the supervision of the CNIL. ORGANISATIONS PARTENAIRES DÉTENTRICES DE DONNÉES TYPES DE DONNÉES ESPACE PERSONNEL MESINFOS RÉ-UTILISATEURS RÉ-UTILISATION DES DONNÉES Pendant 8 mois, MesInfos a mobilisé des développeurs, designers, start-ups, écoles pour concevoir des applications innovantes à partir des données restituées : Des Meetinfos, moments de rencontre mensuels pour faire communauté à Paris, Lille, Marseille, Rennes... Des ateliers Imagine réguliers pour stimuler les idées Un dispositif d aide aux développeurs : tutoriels, jeux de données anonymisées, support technique (ateliers Build ) Un concours d applications, qui récompense les 11 meilleurs prototypes et concepts de services 9 octobre 2013 : 1 er atelier créatif Imagine CONCEPTS DE SERVICE Du 15 novembre 2013 au 31 mars
4 01 - Executive Summary 01 - Executive Summary The mesinfos team Marine Albarède - Renaud Francou - Daniel Kaplan - website Main results The experiment yielded valuable, fruitful lessons to all its participants. For individuals, a positive (yet abstract) perception People are more aware of what companies know about them, and what they do with their personal data, than we had initially thought. They feel worried; however, they do not necessarily take any concrete steps to protect their privacy. The more confident in their ability to control their personal data, the more easily people engage in the exchange of data with organisations. People appreciate when companies «hand back» their personally generated data. However, for the vast majority of them, «personal data» remains an abstract concept, and they can not easily conceive of what forms it might take, or how they could use it themselves. Most people only come to realize what value their data can have for them through applications and services, especially ones that provide benefits to people s daily lives and relationships: improved awareness about consumption (either to reduce expenses, or better adjust one s spending patterns with one s values), and the ability to broadcast purchasing intentions, obtain pertinent advice, compare offers, and make daily life simpler. For data holders, a significant undertaking Business IT systems are currently not prepared to share data with thousands of customers or users: they simply have not been designed for it! The sharing of personal data is a transverse project for a company, which will involve the IT, legal, marketing and customer relations departments, and the mobilisation of senior management to overcome the «silos» where data is often locked. The return of personal data to individuals concerns two types of «users» whose differing needs and constraints need to be understood: individuals, of course, but also «reusers», i.e. those who will create the applications and services that individuals will use based on their own data. ǚ ǚ «Data holders» must also imagine what services they can readily offer their customers or users. For service developers ( reusers ), a newly emerging market If the richness of the services devised in just a few months is anything to go by, the market for Personal Information Management Systems (PIMS) appears potentially vast, diverse and still largely unexplored beyond a few «niche» efforts (e.g., Quantified Self, personal data vaults, Personal Finance Management services, etc.) Entrepreneurs have not yet become accustomed to dreaming up new services using personal data destined for individuals, rather than for organisations, Data value is at a maximum when it has been integrated with other data, but this process is not the easiest to implement, nor is its implementation the first reflex of application designers. No benchmarks currently exist, in terms of technical architectures, standards, business models etc., which makes potential innovators work more difficult and uncertain. The emergence of an autonomous, dynamic «Self Data» ecosystem: 6 prospective challenges The MesInfos pilot research study results indicate six main challenges that the stakeholders involved will have to meet in the coming years, so that the «Self Data» ecosystem can really take off. 1- Comprehensibility How can «Self Data» become understandable, desirable and credible, and unify a wide range of stakeholders? How can we define the specific concept of «Self Data» in relation to that of «Big data», as well as a necessary complement to personal data protection? 2- Empowerment Simply granting individuals access to their personal data does not in itself confer any power to them, especially if they do not have the knowledge and/or tools to understand and capitalise on it. How to ensure that Self Data actually distributes knowledge, skills and power to the greatest number of people? Value The first objective of «Self Data» is to create use value that benefits individuals. But this assumes that organisations will play along by agreeing to share data with their customers. How can we create a «Self Data» ecosystem that generates value for individuals as well as for data holders and innovators? 4- Technology The Self Data narrative (an individual obtains his/her personal data from the organisations that hold it, adds new data, stores and manages it personally, and exploits it to his/her own ends) raises many technical issues. How can we facilitate the practical implementation of the Self Data narrative through automated and secure tools that are also standardised, interoperable and decentralised systems, in order to promote a diverse and vibrant ecosystem of innovation? 5- Legal Challenges How can we ensure that the «Self Data» ecosystem provides individuals with both more power and more security, and creates a truly level playing field for all, without generating legal uncertainty for organisations? 6- Kickstarting Finally, any useful mechanism for «Self Data» generation, management and sharing is still in its infancy. How can we create a self-sustaining culture of innovation, usage and value creation that is powerful enough to change organisations information systems architecture, marketing campaigns, customer relations policies, and technical service providers operations? It is these challenges that will be foremost in the minds of Fing, its partner organisations and the MesInfos community during the final months of 2014 and into Our community is always open to new partners, new ideas, new projects.
5 02 Context: the Self Data ecosystem 02 - Context: the Self Data ecosystem 1 - Le cahier d exploration MesInfos : openfing.org/mesinfos/ MesInfos%20-%20cahier%20 d%27exploration%20numerique.pdf If I can use your data, you can too... however you please. With this particular idea in mind, FING and its partner organizations launched the MesInfos pilot project in The goal: to see what would happen if organizations that gather personal data actually shared those datasets with the individuals concerned. Broadly speaking, the MesInfos pilot study exploredof what we came to call Self Data : the collection, use and sharing of personal data by and for individuals, under their complete control and designed to fulfill their own needs and aspirations. A new path toward trust Public and private organisations have, for decades, deployed and used increasingly powerful means with which to capture, store, share and compile data on their clients and users. The clients and users, on the other hand, have yet to derive tangible benefit from this effort: they have gained neither information, nor knowledge, skills, abilities or power. This asymmetry is damaging customer relationship in many ways. News reports attest equally to the voracious appetites that public and private institutions have for personal data, and to the growing impatience with which the public greets such practices. There is evidence of a steady decline in the level of public trust in organisations, and a slump in consumer brand loyalty. How can organisations regain lost trust and loyalty? Should businesses be bracing themselves for harsher regulations, and ever more defiant customers? Can Big Data and cloud computing continue to develop in this vein over the long term? Establishing legal and technical protections of personal data is a necessary, yet insufficient response. On the one hand, these protections will never be adequately enforced if individuals fail to participate in their own digital privacy protection despite deepening mistrust towards organisations who capture their data. On the other hand, balance should be restored not just by preventing businesses from doing things with data, but also by empowering individuals to understand, control and use their data. By combining protection with empowerment, we can establish both clear and simple legal rules, and an environment wherein truly meaningful relationships can flourish. Hence the idea for a new approach toward the possibilities afforded by personal data, one that enables individuals to freely develop and experiment with their world of Self Data. MesInfos is not alone in exploring this approach. The Quantified Self pioneers, alongside developers of digital vaults, the personal cloud, PIMS (Personal Information Management Systems), and VRM (Vendor Relationship Management) software are all on the same path, as are government projects like Midata (UK) and Smart Disclosure (USA). MesInfos is related to these communities, although it does present a few original features: It specifically explores how organisations might «hand back» users personal data to them Its «use experiment» the principal focus of the present document was the first of its kind in the world; Its vision is to unite these different communities under the umbrella term «Self Data». The promise of Personal Data Of course, increased individual control over personal data what we call «Self Data» is intended to greatly benefit individuals. Yet the Self Data concept actually presents organisations with equally robust opportunities for value creation. Individuals can: Escape a negative value situation, where they are passive subjects of personalized marketing Enjoy more convenience and simplicity Feel empowered to make better choices related to their health, spending, career, time, etc. Use tools that not only allow them to protect their online identity, but also to project the self they desire to Organisations can: Regain the trust and loyalty of their clients and customers Gather higher-quality data: clients will have even more incentive to keep their information up to date if they can actually do something with it! Match what customers really want, via direct communication of personal RFPs ( Intentcasting ) Invent even more new services Preempt regulatory «backlash»: the act of handing individuals back their personal data complies with current and probable future legislation (e.g.,»free, express, and informed consent», data portability, the right to be forgotten) Experimenting with individual personal data handback Since 2012, FING and MesInfos partner organisations have been exploring both the opportunities and the possible challenges presented by personal data handback. The first phase of the study was completed in May of 2013, with the publication of the «MesInfos Exploration Notebook»: a baseline publication that mapped out the risks and opportunities inherent in sharing personal data between organisations and individuals, and explored the new reuser services market that might emerge as a result. The experiment phase, which began in October 2013 and ended in May 2014, was intended to confront this potential with real customers and real data, with a special focus on the use value of data for individuals. The present document provides readers with an assessment of this experiment. 5 6
6 03 The MesInfos pilot experiment 03 - The MesInfos pilot experiment 1- A total of 321 consenting volunteers were recruited; this figure takes into account a fall in the number of recruits to come during the active experimentation phase The experiment: an overview 300 consumer tester volunteers granted access to their data, and asked to generate or try out ideas for new applications and services; 8 large companies involved: 6 of these made individual personal data available to each tester safely and securely: AXA (insurance); Banque Postale, Crédit Coopératif, and Société Générale (banks); Intermarché (retail); and Orange (telecom). In addition, Solocal Group took an active part in the conception of services intended to support testers, and Google was involved via its Takeout service. 5 million data items released (e.g., bank statements, geolocation data, cash register receipts, call logs); 18 reuser application prototypes created by startup companies, teams of students or independent developers, and tested by the volunteers; more than 50 original concepts scripted and storyboarded; 1 research team in charge of observing test users behaviors and reactions. A dedicated personal cloud platform in place for the duration of the experiment. The experiment was supervised by CNIL (France s independent Data Protection Authority). Begun in the autumn of 2012, the MesInfos experiment phase lasted 8 months, during which time more than 50 entities were involved in its performance (corporations, public bodies, schools, startups, etc.). For the first time ever, large corporations (e.g., banks, insurance providers, retailers, telecoms) agreed to safely and anonymously release the data that they collect on their clients on a daily basis. The experiment was intended to: Identify and analyse innovative, user-oriented applications from the field of personal data use and management, with a quantitative objective of at least 10 prototypes (18 were eventually developed) and 40 concepts (50+ were eventually produced); Measure the opportunities, risks and concrete difficulties presented by data sharing between data users, reusers and individuals; Evaluate the expectations, perceptions and challenges experienced by individuals while accessing their personal data, as well as the applications that invite them to aggregate/use it; and duals and organisations, for the benefit of trust creation beyond the parameters of the experiment itself. 2-1 THE EXPERIMENT (October May 2014) volunteer testers agreed to retrieve their personal data: cash register receipts, banking information, communication data, geolocation data, insurance policies, navigational data, etc. A total of 5 million data items were transferred during the experiment. This volunteer panel was never intended to be representative; the principal recruitment criterion was that testers «be clients of at least two of our data-gathering partner organisations». 321 volunteers were thusly recruited; with an average age of 43. Each possessed some digital technology usage experience. Most of the testers were recruited from a panel selected by research firm Eden Insight. Tester connection frequency + 6h - 1h 1-3h 3-6h tattempt to kickstart a concrete and autonomous dynamic rebalancing of the relationship between indivi- Testers distribution by partner 7 8
7 03 - The MesInfos pilot experiment 03 - The MesInfos pilot experiment Eden Insight was also in charge of coordinating the volunteer panel cohort. They created a forum to both promote peer to peer exchange among testers, and to gather answers to some questions about their own digital practices as well as their feelings about the MesInfos experiment Navigation history: my web use, (url, timestamping, etc.) Source: Privowny - updated daily. Profile data In contrast to transactional data, this type of data remains much more stable over time. The data is interesting nevertheless, due to the diversity and depth of information it affords. 4 - Voir le descriptif complet des données : 6 companies actively engaged in releasing personal data to their clients 8 of FING s largest partner organisations contributed to the project. Among these, 6 returned personal data to their clients using a secure online connection: one insurance provider (AXA), three banks (Société Générale, Crédit Coopératif, and Banque Postale), one retailer (les Mousquetaires), and one telecommunications operator (Orange). Solocal Group took an active part in the conception of services designed for testers. Google was involved in the project via its Takeout service. Data holders provided a variety of data ( 40 different types), divided into two categories: Transactional data generated during service use (cash register receipts, geolocation tracking data, call logs, bank statements, etc.) ǚ ǚ Profile data specific to individual users (private identity information, household data, vehicles, contracts/policies, income, etc.) Transaction data Almost all of the data transmitted during the experiment was comprised of transaction data. Although the data often corresponded to an action with a precise date (e.g., instant geolocation, cash register checkout), individual datasets was transmitted to the testers with a significant time lag, due to the time required for processing information within each organization s IT system, and then to transmit the data. Geolocation: My time/datestamped location(mobile phone location gathered every 15 - updated daily) Source: Orange Cash register receipts (product designation, price, quantity, barcode, data, total price paid, register number, etc.). Source: Intermarché, updated weekly Banking data: My banking transactions (date, amount, description, etc.). Source: Société Générale, Banque Postale, Crédit Coopératif - updated daily Call log: my telephone communication (e.g., voice, text, data, time/date-stamped and geo-located) Source: Orange - updated monthly. Nearly every partner released this type of data. There was data on the individual/organisation relationship (e.g., relationship start date, turnover recorded, market segmentation), in addition to data on the individual (e.g., identity, SEC, marital status, birth dates of children). However, AXA released the kind of data only available to insurers: Home (individual or shared, size, garden Y/N, etc.) Vehicle: car, motorcycle (registration, model, age, mileage, brand, etc.) Insurance policies (policy number, beneficiaries, individuals covered, etc.) Life insurance policy attributes (amounts, payout schedules, etc.) Claims made (number per year). Insurance receipts (dates paid, notices, etc.) Fees and payments (payment method, contributions, etc.) Other data was only shared with testers later on (or could not be shared at all during the period of the experiment), but was none- Toutes Mes Données (All My Data) enabled testers to visualise all the data on their personal platform with just a few clicks. It was, however, a very basic visualisation tool: although it was possible to use Toutes Mes Donnés to control (e.g., delete in the platform) data, it did not fatheless used to imagine possible applications services. This was the case with energy consumption data revealed by GDF-Suez Ecometering (e.g., instantaneous electrical power, gas/electricity consumption, household energy characteristics, etc.), and VOD (Video on Demand) data (Orange). In addition, testers individual accounts had an client and an agenda, giving them the opportunity to mix and match those data with their other datasets. A personal data platform available throughout the experimentation period Each individual had a secure personal data account platform set up by private cloud-computing startup CozyCloud, in association with Privowny, another startup. The private online platform gave individual testers access to their own data (and only theirs), and to a variety of services intended to help them do things with it. During the experimentation phase, testers could navigate to their personal MesInfos platform page via their web browser. From there, they were able to use and manage multiple applications. Certain applications appeared as default applications when the MesInfos platform was launched. 9 10
8 03 -The MesInfos pilot experiment 03 -The MesInfos pilot experiment 2 - The list of award winners can be found here: le-concours-mesinfos/ cilitate the clear interpretation and visualisation of individual data by any measure Privowny (application and plug-in) gave testers the ability to collect and display their online navigation data: sites visited, form-related information provided (phone number, bank card number, address, etc.). This data was transmitted to the tester s individual online platform. Information display functionality was in dashboard form, and included a search tool. The Actu Forum (Forum News) application displayed MesInfos forum activity directly on individual testers personal platform pages. Just like on a smartphone, with a few clicks testers were able to install third-party applications on their personal platform that reused their personal data in various ways. During installation, applications were configured to request and obtain testers consent before they could access their data. Datasets relevant to each application (e.g., geolocation, receipts, bank transactions) were listed, alongside a short sentence explaining why the set was useful to the application. The testers could choose to uninstall applications at any time: applications were then removed from their personal platform and were no longer permitted to access their data. Platform architecture From a technical standpoint, the MesInfos experiment platform was built using CozyCloud. CozyCloud is a ppaas (personal Platform as a Service), or personal cloud. Each user had a Cozy instance, i.e., a virtual server with its own database. Each user instance corresponded to a database containing data used by tester-selected applications, in addition to testers personal data. The personal data shared with testers by partner organisations was stored only on the personal platform of the tester concerned. How data «deposits» were made Partner organisations were initially required to upload data to a secure repository server. The datasets were then reformatted, and then sent to the personal platforms concerned. The data saved in the repository was subsequently deleted. Data reuse support programs: enabling service development In order to foster new proposals for data reuse, MesInfos implemented a dynamic, 8-month support program to help potential application developers to tackle the issues surrounding data reuse. A reuse support program mainly focused on startups, higher education institutions, and independent developers and designers. This program combined face-to-face meetings (usually workshops) with online resources. The program incorporated three stages, which followed the stages of reusers project development: 1. «Imagine»: framing new service concepts/scenarios 2. «Build»: translating concepts into prototypes available for panel testing 3. «Run»: supporting projects participating in the MesInfos competition, and for some, supporting the user test phase Workshops The MesInfos group workshops were tailored to each of the three stages of the reuse support program: Flexible creative workshops («Imagine»), involving data capturers and reusers, were intended to facilitate the emergence of extraordinary ideas, Technical workshops («Build») provided reuser application prototype developers with personalised technical support, including solid technical material (tutorials, documentation) and hands-on support by Fing/CozyCloud technical teams. Design support was also offered during certain workshops. Individual meetings and support for reuser application project sponsors during the finalisation stage Competition A competition seeking to reward the best projects designed and/or prototyped using MesInfos data took place from November 2013 to March Participants had the choice between two competition categories: ǚ ǚ «Prototypes» using at least one MesInfos dataset, and providing an operational test service that the panel of testers could experiment with on their personal platforms; and/or ǚ ǚ «Concepts» using at least one MesInfos dataset, and presented in scripted form (e.g., description, use-case scenario, illustrations, business model). 29 concept candidates and 10 prototype candidates made submissions. The competition awarded a total of 62,000 to 6 prototypes and 3 concepts with (an average of 8000 for each prototype and 1500 for each concept). Two further projects were awarded prizes by partner organisations. Award winners 2 were announced during a ceremony that took place on June 23, Online support For the duration of the project, reuser application developers had a resource centre at their disposal, comprising: A complete description of the available data A developer area, including an online forum, tutorials and a hotline Illustrated MesInfos competition rules ǚ ǚ Opportunities for direct interaction with tester panelists (chat, mini-questionnaires, discussion forums, etc.) 11 12