THE MESINFOS PILOT STUDY

Transcription

1 THE MESINFOS PILOT STUDY Summary, Conclusions, Future challenges October June 2014 Fondation Internet Nouvelle Génération

2 00 Table of contents 01. Executive Summary 02. Context: the Self Data world 03. MesInfos: the experiment 04. Principal findings 05. Personal data management: applications and services 06. The next step: challenges 07. ANNEX 1 -MESINFOS CHARTER OF VALUES 08. ANNEX 2 Accord de consentement signé par les testeurs MesInfos

3 01 Executive Summary 01 - Executive Summary L experimentation L expérimentation in short If I can use your data, you can too... however you please. With this particular idea in mind, FING and its partner organizations launched the MesInfos pilot project in The goal: to see what would happen if organizations that gather personal data actually shared those datasets with the individuals concerned. From this starting point, MesInfos has set out to explore what could be a real paradigm shift in the digital economy. We call it Self Data : the collection, use and sharing of personal data by and for individuals, under their complete control and designed to fulfill their own needs and aspirations. The benefits to individuals are endless: improve one s self-knowledge, evaluate past decisions, make better and more informed choices in the present, share information and collaborate with others, contribute to common endeavours, make life easier But organizations stand to gain as well, first by restoring trust and loyalty, second by improving the quality of the data that they gather, and lastly, thanks to better, more efficient and more transparent marketplaces that reward the truly competitive Similar large-scale initiatives using this approach have been deployed in the United States (e.g., VRM, Blue Button, Green Button) and the UK (Midata). However, with the exception of sectoral projects, the approach had never been tested in the field. For the very first time, from October 2013 to May 2014, large companies (e.g., banks, an insurance provider, a retailer, a telecommunications giant) agreed to securely, individually share with several hundred of their clients the personal data they gather about them on a daily basis. This experiment was the first of its kind in the world. This report presents its most significant findings. A life-sized experiment in handing people their data back For seven months, a panel of 300 volunteer testers had individual access to their own secure «personal cloud», set up by the French startups CozyCloud and Privowny. Market research firm Eden Insight recruited the panel of participants, and coordinated this cohort through forums and questionnaires throughout the experiment. 6 large «data collecting» companies shared testers personal information directly with them: AXA (insurance), Banque Postale, Credit Cooperative and Société Générale (banking), Intermarket (retailer) and Orange (telecom). Solocal Group and Ecometering (GDF Suez) took an active part in the design of services for testers. Google was involved through its Google Takeout service. A total of 5,000,000 structured data items were «handed back»: transactional data (bank statements, geolocation, till/ cash register receipts, call logs), personal profile data (identity, socio-economic classification), and data tracking the relationship between the company and personnelles the individual qui les concernent. (e.g., dates, contract terms, point schemes, market segmentation, etc.) L expérimentation MesInfos , ce sont 8 grandes entreprises partenaires, qui pendant 6 mois, ont restitué à 300 de leurs clients des données Ce sont 5 millions de données structurées (relevé bancaire, géolocalisation, ticket de caisse, journal d appel) transmises dans les espaces personnels de TESTEURS PANEL DES TESTEURS Les 300 testeurs du panel de l expérimentation MesInfos ont été sélectionnés par la société d études Eden Insight. La condition pour participer à l expérimentation : être client d au moins deux entreprises partenaires. Les testeurs n étaient pas des experts du numérique. Pendant toute la durée de l expérimentation, Eden Insight a assuré l animation du panel sur un forum dédié aux testeurs, et via plusieurs canaux : tchat, focus group, quizz, mini-questionnaires ANIMATIONS CHERCHEURS DISPOSITIF DE RECHERCHE Tout au long de l expérimentation, une équipe pluridisciplinaire de chercheurs (marketing et sociologie) a observé comment les membres du panel utilisaient leurs données, ainsi que leur ressenti. Testeurs recrutés pendant l été 2013 De décembre à mai, les Testeurs ont eu accès à leurs espaces personnels CONTRIBUTIONS SUR LE FORUM Several dozen reusers : startups, independent developers, designers and students, devised consumer-oriented applications designed to help testers leverage their own data: 18 applications were prototyped and tested, and about fifty concepts were scripted and illustrated. A competition recognised the best ideas and achievements. Throughout the experiment, workshops and Chaque testeur dispose de son serveur personnel, dans lequel sont stockées ses propres données personnelles. À partir de cet espace, les testeurs peuvent exécuter les applications qu ils ont choisi d installer. Ces espaces personnels sont fournis par les start-ups CozyCloud et Privowny. Utilisables de : décembre 2013 à mai 2014 a «hotline» facilitated reusers efforts. An online resource center gave them access to data descriptions, a developer platform and offered them opportunities for direct interaction with the testers. ces 300 testeurs ; elles alimentent une quinzaine d applications créées par des développeurs de tous horizons qui proposent de nouveaux usages. Une équipe de chercheurs A team a observé of sociology l impact du and retour marketing sur researchers les testeurs, monitored et l évolution the des données personnelles de leur rapport à ces experiment, données. which was conducted under the supervision of the CNIL. ORGANISATIONS PARTENAIRES DÉTENTRICES DE DONNÉES TYPES DE DONNÉES ESPACE PERSONNEL MESINFOS RÉ-UTILISATEURS RÉ-UTILISATION DES DONNÉES Pendant 8 mois, MesInfos a mobilisé des développeurs, designers, start-ups, écoles pour concevoir des applications innovantes à partir des données restituées : Des Meetinfos, moments de rencontre mensuels pour faire communauté à Paris, Lille, Marseille, Rennes... Des ateliers Imagine réguliers pour stimuler les idées Un dispositif d aide aux développeurs : tutoriels, jeux de données anonymisées, support technique (ateliers Build ) Un concours d applications, qui récompense les 11 meilleurs prototypes et concepts de services 9 octobre 2013 : 1 er atelier créatif Imagine CONCEPTS DE SERVICE Du 15 novembre 2013 au 31 mars

4 01 - Executive Summary 01 - Executive Summary The mesinfos team Marine Albarède - malbarede@fing.org Renaud Francou - rfrancou@fing.org Daniel Kaplan - dkaplan@fing.org website Main results The experiment yielded valuable, fruitful lessons to all its participants. For individuals, a positive (yet abstract) perception People are more aware of what companies know about them, and what they do with their personal data, than we had initially thought. They feel worried; however, they do not necessarily take any concrete steps to protect their privacy. The more confident in their ability to control their personal data, the more easily people engage in the exchange of data with organisations. People appreciate when companies «hand back» their personally generated data. However, for the vast majority of them, «personal data» remains an abstract concept, and they can not easily conceive of what forms it might take, or how they could use it themselves. Most people only come to realize what value their data can have for them through applications and services, especially ones that provide benefits to people s daily lives and relationships: improved awareness about consumption (either to reduce expenses, or better adjust one s spending patterns with one s values), and the ability to broadcast purchasing intentions, obtain pertinent advice, compare offers, and make daily life simpler. For data holders, a significant undertaking Business IT systems are currently not prepared to share data with thousands of customers or users: they simply have not been designed for it! The sharing of personal data is a transverse project for a company, which will involve the IT, legal, marketing and customer relations departments, and the mobilisation of senior management to overcome the «silos» where data is often locked. The return of personal data to individuals concerns two types of «users» whose differing needs and constraints need to be understood: individuals, of course, but also «reusers», i.e. those who will create the applications and services that individuals will use based on their own data. ǚ ǚ «Data holders» must also imagine what services they can readily offer their customers or users. For service developers ( reusers ), a newly emerging market If the richness of the services devised in just a few months is anything to go by, the market for Personal Information Management Systems (PIMS) appears potentially vast, diverse and still largely unexplored beyond a few «niche» efforts (e.g., Quantified Self, personal data vaults, Personal Finance Management services, etc.) Entrepreneurs have not yet become accustomed to dreaming up new services using personal data destined for individuals, rather than for organisations, Data value is at a maximum when it has been integrated with other data, but this process is not the easiest to implement, nor is its implementation the first reflex of application designers. No benchmarks currently exist, in terms of technical architectures, standards, business models etc., which makes potential innovators work more difficult and uncertain. The emergence of an autonomous, dynamic «Self Data» ecosystem: 6 prospective challenges The MesInfos pilot research study results indicate six main challenges that the stakeholders involved will have to meet in the coming years, so that the «Self Data» ecosystem can really take off. 1- Comprehensibility How can «Self Data» become understandable, desirable and credible, and unify a wide range of stakeholders? How can we define the specific concept of «Self Data» in relation to that of «Big data», as well as a necessary complement to personal data protection? 2- Empowerment Simply granting individuals access to their personal data does not in itself confer any power to them, especially if they do not have the knowledge and/or tools to understand and capitalise on it. How to ensure that Self Data actually distributes knowledge, skills and power to the greatest number of people? Value The first objective of «Self Data» is to create use value that benefits individuals. But this assumes that organisations will play along by agreeing to share data with their customers. How can we create a «Self Data» ecosystem that generates value for individuals as well as for data holders and innovators? 4- Technology The Self Data narrative (an individual obtains his/her personal data from the organisations that hold it, adds new data, stores and manages it personally, and exploits it to his/her own ends) raises many technical issues. How can we facilitate the practical implementation of the Self Data narrative through automated and secure tools that are also standardised, interoperable and decentralised systems, in order to promote a diverse and vibrant ecosystem of innovation? 5- Legal Challenges How can we ensure that the «Self Data» ecosystem provides individuals with both more power and more security, and creates a truly level playing field for all, without generating legal uncertainty for organisations? 6- Kickstarting Finally, any useful mechanism for «Self Data» generation, management and sharing is still in its infancy. How can we create a self-sustaining culture of innovation, usage and value creation that is powerful enough to change organisations information systems architecture, marketing campaigns, customer relations policies, and technical service providers operations? It is these challenges that will be foremost in the minds of Fing, its partner organisations and the MesInfos community during the final months of 2014 and into Our community is always open to new partners, new ideas, new projects.

5 02 Context: the Self Data ecosystem 02 - Context: the Self Data ecosystem 1 - Le cahier d exploration MesInfos : openfing.org/mesinfos/ MesInfos%20-%20cahier%20 d%27exploration%20numerique.pdf If I can use your data, you can too... however you please. With this particular idea in mind, FING and its partner organizations launched the MesInfos pilot project in The goal: to see what would happen if organizations that gather personal data actually shared those datasets with the individuals concerned. Broadly speaking, the MesInfos pilot study exploredof what we came to call Self Data : the collection, use and sharing of personal data by and for individuals, under their complete control and designed to fulfill their own needs and aspirations. A new path toward trust Public and private organisations have, for decades, deployed and used increasingly powerful means with which to capture, store, share and compile data on their clients and users. The clients and users, on the other hand, have yet to derive tangible benefit from this effort: they have gained neither information, nor knowledge, skills, abilities or power. This asymmetry is damaging customer relationship in many ways. News reports attest equally to the voracious appetites that public and private institutions have for personal data, and to the growing impatience with which the public greets such practices. There is evidence of a steady decline in the level of public trust in organisations, and a slump in consumer brand loyalty. How can organisations regain lost trust and loyalty? Should businesses be bracing themselves for harsher regulations, and ever more defiant customers? Can Big Data and cloud computing continue to develop in this vein over the long term? Establishing legal and technical protections of personal data is a necessary, yet insufficient response. On the one hand, these protections will never be adequately enforced if individuals fail to participate in their own digital privacy protection despite deepening mistrust towards organisations who capture their data. On the other hand, balance should be restored not just by preventing businesses from doing things with data, but also by empowering individuals to understand, control and use their data. By combining protection with empowerment, we can establish both clear and simple legal rules, and an environment wherein truly meaningful relationships can flourish. Hence the idea for a new approach toward the possibilities afforded by personal data, one that enables individuals to freely develop and experiment with their world of Self Data. MesInfos is not alone in exploring this approach. The Quantified Self pioneers, alongside developers of digital vaults, the personal cloud, PIMS (Personal Information Management Systems), and VRM (Vendor Relationship Management) software are all on the same path, as are government projects like Midata (UK) and Smart Disclosure (USA). MesInfos is related to these communities, although it does present a few original features: It specifically explores how organisations might «hand back» users personal data to them Its «use experiment» the principal focus of the present document was the first of its kind in the world; Its vision is to unite these different communities under the umbrella term «Self Data». The promise of Personal Data Of course, increased individual control over personal data what we call «Self Data» is intended to greatly benefit individuals. Yet the Self Data concept actually presents organisations with equally robust opportunities for value creation. Individuals can: Escape a negative value situation, where they are passive subjects of personalized marketing Enjoy more convenience and simplicity Feel empowered to make better choices related to their health, spending, career, time, etc. Use tools that not only allow them to protect their online identity, but also to project the self they desire to Organisations can: Regain the trust and loyalty of their clients and customers Gather higher-quality data: clients will have even more incentive to keep their information up to date if they can actually do something with it! Match what customers really want, via direct communication of personal RFPs ( Intentcasting ) Invent even more new services Preempt regulatory «backlash»: the act of handing individuals back their personal data complies with current and probable future legislation (e.g.,»free, express, and informed consent», data portability, the right to be forgotten) Experimenting with individual personal data handback Since 2012, FING and MesInfos partner organisations have been exploring both the opportunities and the possible challenges presented by personal data handback. The first phase of the study was completed in May of 2013, with the publication of the «MesInfos Exploration Notebook»: a baseline publication that mapped out the risks and opportunities inherent in sharing personal data between organisations and individuals, and explored the new reuser services market that might emerge as a result. The experiment phase, which began in October 2013 and ended in May 2014, was intended to confront this potential with real customers and real data, with a special focus on the use value of data for individuals. The present document provides readers with an assessment of this experiment. 5 6

6 03 The MesInfos pilot experiment 03 - The MesInfos pilot experiment 1- A total of 321 consenting volunteers were recruited; this figure takes into account a fall in the number of recruits to come during the active experimentation phase The experiment: an overview 300 consumer tester volunteers granted access to their data, and asked to generate or try out ideas for new applications and services; 8 large companies involved: 6 of these made individual personal data available to each tester safely and securely: AXA (insurance); Banque Postale, Crédit Coopératif, and Société Générale (banks); Intermarché (retail); and Orange (telecom). In addition, Solocal Group took an active part in the conception of services intended to support testers, and Google was involved via its Takeout service. 5 million data items released (e.g., bank statements, geolocation data, cash register receipts, call logs); 18 reuser application prototypes created by startup companies, teams of students or independent developers, and tested by the volunteers; more than 50 original concepts scripted and storyboarded; 1 research team in charge of observing test users behaviors and reactions. A dedicated personal cloud platform in place for the duration of the experiment. The experiment was supervised by CNIL (France s independent Data Protection Authority). Begun in the autumn of 2012, the MesInfos experiment phase lasted 8 months, during which time more than 50 entities were involved in its performance (corporations, public bodies, schools, startups, etc.). For the first time ever, large corporations (e.g., banks, insurance providers, retailers, telecoms) agreed to safely and anonymously release the data that they collect on their clients on a daily basis. The experiment was intended to: Identify and analyse innovative, user-oriented applications from the field of personal data use and management, with a quantitative objective of at least 10 prototypes (18 were eventually developed) and 40 concepts (50+ were eventually produced); Measure the opportunities, risks and concrete difficulties presented by data sharing between data users, reusers and individuals; Evaluate the expectations, perceptions and challenges experienced by individuals while accessing their personal data, as well as the applications that invite them to aggregate/use it; and duals and organisations, for the benefit of trust creation beyond the parameters of the experiment itself. 2-1 THE EXPERIMENT (October May 2014) volunteer testers agreed to retrieve their personal data: cash register receipts, banking information, communication data, geolocation data, insurance policies, navigational data, etc. A total of 5 million data items were transferred during the experiment. This volunteer panel was never intended to be representative; the principal recruitment criterion was that testers «be clients of at least two of our data-gathering partner organisations». 321 volunteers were thusly recruited; with an average age of 43. Each possessed some digital technology usage experience. Most of the testers were recruited from a panel selected by research firm Eden Insight. Tester connection frequency + 6h - 1h 1-3h 3-6h tattempt to kickstart a concrete and autonomous dynamic rebalancing of the relationship between indivi- Testers distribution by partner 7 8

7 03 - The MesInfos pilot experiment 03 - The MesInfos pilot experiment Eden Insight was also in charge of coordinating the volunteer panel cohort. They created a forum to both promote peer to peer exchange among testers, and to gather answers to some questions about their own digital practices as well as their feelings about the MesInfos experiment Navigation history: my web use, (url, timestamping, etc.) Source: Privowny - updated daily. Profile data In contrast to transactional data, this type of data remains much more stable over time. The data is interesting nevertheless, due to the diversity and depth of information it affords. 4 - Voir le descriptif complet des données : 6 companies actively engaged in releasing personal data to their clients 8 of FING s largest partner organisations contributed to the project. Among these, 6 returned personal data to their clients using a secure online connection: one insurance provider (AXA), three banks (Société Générale, Crédit Coopératif, and Banque Postale), one retailer (les Mousquetaires), and one telecommunications operator (Orange). Solocal Group took an active part in the conception of services designed for testers. Google was involved in the project via its Takeout service. Data holders provided a variety of data ( 40 different types), divided into two categories: Transactional data generated during service use (cash register receipts, geolocation tracking data, call logs, bank statements, etc.) ǚ ǚ Profile data specific to individual users (private identity information, household data, vehicles, contracts/policies, income, etc.) Transaction data Almost all of the data transmitted during the experiment was comprised of transaction data. Although the data often corresponded to an action with a precise date (e.g., instant geolocation, cash register checkout), individual datasets was transmitted to the testers with a significant time lag, due to the time required for processing information within each organization s IT system, and then to transmit the data. Geolocation: My time/datestamped location(mobile phone location gathered every 15 - updated daily) Source: Orange Cash register receipts (product designation, price, quantity, barcode, data, total price paid, register number, etc.). Source: Intermarché, updated weekly Banking data: My banking transactions (date, amount, description, etc.). Source: Société Générale, Banque Postale, Crédit Coopératif - updated daily Call log: my telephone communication (e.g., voice, text, data, time/date-stamped and geo-located) Source: Orange - updated monthly. Nearly every partner released this type of data. There was data on the individual/organisation relationship (e.g., relationship start date, turnover recorded, market segmentation), in addition to data on the individual (e.g., identity, SEC, marital status, birth dates of children). However, AXA released the kind of data only available to insurers: Home (individual or shared, size, garden Y/N, etc.) Vehicle: car, motorcycle (registration, model, age, mileage, brand, etc.) Insurance policies (policy number, beneficiaries, individuals covered, etc.) Life insurance policy attributes (amounts, payout schedules, etc.) Claims made (number per year). Insurance receipts (dates paid, notices, etc.) Fees and payments (payment method, contributions, etc.) Other data was only shared with testers later on (or could not be shared at all during the period of the experiment), but was none- Toutes Mes Données (All My Data) enabled testers to visualise all the data on their personal platform with just a few clicks. It was, however, a very basic visualisation tool: although it was possible to use Toutes Mes Donnés to control (e.g., delete in the platform) data, it did not fatheless used to imagine possible applications services. This was the case with energy consumption data revealed by GDF-Suez Ecometering (e.g., instantaneous electrical power, gas/electricity consumption, household energy characteristics, etc.), and VOD (Video on Demand) data (Orange). In addition, testers individual accounts had an client and an agenda, giving them the opportunity to mix and match those data with their other datasets. A personal data platform available throughout the experimentation period Each individual had a secure personal data account platform set up by private cloud-computing startup CozyCloud, in association with Privowny, another startup. The private online platform gave individual testers access to their own data (and only theirs), and to a variety of services intended to help them do things with it. During the experimentation phase, testers could navigate to their personal MesInfos platform page via their web browser. From there, they were able to use and manage multiple applications. Certain applications appeared as default applications when the MesInfos platform was launched. 9 10

8 03 -The MesInfos pilot experiment 03 -The MesInfos pilot experiment 2 - The list of award winners can be found here: le-concours-mesinfos/ cilitate the clear interpretation and visualisation of individual data by any measure Privowny (application and plug-in) gave testers the ability to collect and display their online navigation data: sites visited, form-related information provided (phone number, bank card number, address, etc.). This data was transmitted to the tester s individual online platform. Information display functionality was in dashboard form, and included a search tool. The Actu Forum (Forum News) application displayed MesInfos forum activity directly on individual testers personal platform pages. Just like on a smartphone, with a few clicks testers were able to install third-party applications on their personal platform that reused their personal data in various ways. During installation, applications were configured to request and obtain testers consent before they could access their data. Datasets relevant to each application (e.g., geolocation, receipts, bank transactions) were listed, alongside a short sentence explaining why the set was useful to the application. The testers could choose to uninstall applications at any time: applications were then removed from their personal platform and were no longer permitted to access their data. Platform architecture From a technical standpoint, the MesInfos experiment platform was built using CozyCloud. CozyCloud is a ppaas (personal Platform as a Service), or personal cloud. Each user had a Cozy instance, i.e., a virtual server with its own database. Each user instance corresponded to a database containing data used by tester-selected applications, in addition to testers personal data. The personal data shared with testers by partner organisations was stored only on the personal platform of the tester concerned. How data «deposits» were made Partner organisations were initially required to upload data to a secure repository server. The datasets were then reformatted, and then sent to the personal platforms concerned. The data saved in the repository was subsequently deleted. Data reuse support programs: enabling service development In order to foster new proposals for data reuse, MesInfos implemented a dynamic, 8-month support program to help potential application developers to tackle the issues surrounding data reuse. A reuse support program mainly focused on startups, higher education institutions, and independent developers and designers. This program combined face-to-face meetings (usually workshops) with online resources. The program incorporated three stages, which followed the stages of reusers project development: 1. «Imagine»: framing new service concepts/scenarios 2. «Build»: translating concepts into prototypes available for panel testing 3. «Run»: supporting projects participating in the MesInfos competition, and for some, supporting the user test phase Workshops The MesInfos group workshops were tailored to each of the three stages of the reuse support program: Flexible creative workshops («Imagine»), involving data capturers and reusers, were intended to facilitate the emergence of extraordinary ideas, Technical workshops («Build») provided reuser application prototype developers with personalised technical support, including solid technical material (tutorials, documentation) and hands-on support by Fing/CozyCloud technical teams. Design support was also offered during certain workshops. Individual meetings and support for reuser application project sponsors during the finalisation stage Competition A competition seeking to reward the best projects designed and/or prototyped using MesInfos data took place from November 2013 to March Participants had the choice between two competition categories: ǚ ǚ «Prototypes» using at least one MesInfos dataset, and providing an operational test service that the panel of testers could experiment with on their personal platforms; and/or ǚ ǚ «Concepts» using at least one MesInfos dataset, and presented in scripted form (e.g., description, use-case scenario, illustrations, business model). 29 concept candidates and 10 prototype candidates made submissions. The competition awarded a total of 62,000 to 6 prototypes and 3 concepts with (an average of 8000 for each prototype and 1500 for each concept). Two further projects were awarded prizes by partner organisations. Award winners 2 were announced during a ceremony that took place on June 23, Online support For the duration of the project, reuser application developers had a resource centre at their disposal, comprising: A complete description of the available data A developer area, including an online forum, tutorials and a hotline Illustrated MesInfos competition rules ǚ ǚ Opportunities for direct interaction with tester panelists (chat, mini-questionnaires, discussion forums, etc.) 11 12

9 03 - The MesInfos pilot experiment 03 - The MesInfos pilot experiment QUESTIONNAIRE N 1 Before the experiment 3 -Christophe Benavent (University Paris 10 - Nanterre), Eric Dagiral (Paris-Descartes University), Caroline Miltgen (Angers University), and Sarah Medjek (University Paris 10 - Nanterre) 4 -Annex 1 5 -Annex 2 6 -Accessible here: mesinfos.fing.org/wpcontent/uploads/2013/08/ MesInfos_Expe_PlateForme_ CdC_V2.pdf What relations with their personal data? What relations with data holders? QUESTIONNAIRE N 2 During the experiment The observation system: tracking tester usage and use trajectories To better understand the relationship between individuals and their personal data, and analyse the pathways they chose throughout the experiment, MesInfos included an «observation system». There were three main issues driving the observation system: Once their personal datasets were shared with them, what would people actually do with them? How exactly would they use them? What could data sharing mean for businesses in terms of customer relations? Specifically, the system was based on: Coordination of the Main steps of the Observation system How do they react when their discover their data? How do they use the platform? QUESTIONNAIRE N 3 End of the experiment New relations with businesses? New uses? tester cohort conducted by the research firm Eden Insight, via topics posted to the forum (see above), micro-questionnaires, and a focus group organised in the spring of At stake: obtaining valuable feedback from participants offering insightful comments, verbatim. A research methodology combining quantitative and qualitative research, devised by a team of researchers from the domains of sociology, marketing and management science. Quantitative methods : To assess individuals attitudes to their personal data, three separate questionnaires were carried out, at three stages (1) before the testers had access to their personal data, (2) once they had access to their data on their platform, and (3) once they were able to test a number of services reusing the data. In order to measure respondents evolution, certain variable measurements were included in all three questionnaires: The degree of privacy concern testers experienced toward the collection of their personal data User/client trust in data holders Benefits expected by users/clients when sharing their personal data with an organization Individual perceptions of their own effectiveness in protecting their data Qualitative methods : A sociologist, Eric Dagiral, conducted a series of nine (face to face/telephone) interviews, in order to gather supplemental information and direct quotes from the testers, and to generally clarify the experience of testers during the experiment. 2-2 THE EXPERIMENTATION PROCESS: a demanding eight months The MesInfos experiment was ambitious in many ways: the number and variety of actors around the table, the novelty of the subject, the technical and legal precautions to implement... Of course, not everything went as planned, which is a lesson in and of itself! Part complex preparation, part guesswork It took us nearly one full year to set up the experiment and get the players around the table. We were obliged to: Convince organizations to risk sharing individual data: an experiment like MesInfos only makes sense if organisations voluntarily commit. There was the need to convince various decision makers within each organisation (marketing, IT, innovation, etc.), and thusly identify the opportunities, and workloads, required for each. Assess technical feasibility conditions, and develop procedures to be put in place during the experiment; create platform specifications, outline the tester community coordination process, build the research methodology, and answer a number of technical questions: which framework would ensure the secure retrieval of data by the right people? Which measures/conditions is MesInfos required to implement/fulfill so that it conforms with the French data protection legislation? How can we ensure panelists anonymity during data transfer? Produce framing documents Five documents were essential to the establishment of trust and a common framework: > A charter defining the MesInfos «spirit» and values > A consortium agreement between partners > A consent agreement signed by testers > The Personal data platform s specifications > The Tester recruitment and coordination procedure specifications 6 Identify specific datasets to be shared by each partner: which data from each system? Which datasets could be easily shared? Which sets would have meaning for the testers, once they were able to access them? Formulate the tester recruitment procedure: identify compliance requirements in line with the French data protection legislation, plan and implement the two-step recruitment process (initial recruitment of a dozen alpha-testers, secondary recruitment of 300 beta-testers two months later), obtain consent from testers, ensure partner verification of testers client status, create a Getting Started booklet outlining the tools made available to the testers (platform and forum), etc. Establish a personal data platform: some development was required to adapt CozyCloud to suit the experiment parameters and facilitate our 300 semi-digital-novice testers recovery of their personal data. Beyond the preliminaries, certain inherent processes proved to be extremely tedious; some unexpectedly so. These processes required attention long before the 300 testers would try to retrieve their data: Organisations: locate tester files in their information systems, ensure that each was indeed a customer Recruitment: recruit/ oversee 300 testers for six months; each a client of at least two partner organizations ǚ ǚ Reusers: provide sufficient documentation and the proper tools, by documenting not only information regarding 13 14

10 03 -The MesInfos pilot experiment 03 -The MesInfos pilot experiment the data and the platform, but also the path to be followed to develop an application Stimulate interactions and activities among all participant groups Similar to other open data efforts, stimulating activities within and between data holders, reusers, and test users, was a central element of our experiments. A time to close down and begin analyzing The technical and legal framework developed upstream provided that all personal data returned to the testers and saved to their personal platforms would be eliminated at the end of the experiment. On 30 May 2014, all accounts were deleted. Two issues required special attention: For developers: support and leadership are crucial. Establishing a truly personalised support system for developers is essential. Furthermore, it is important to «prime the pump». That the first four services prototyped in the platform were initiated by the project team illustrates this fact: at the beginning, panelists and reusers had to be motivated and shown by example the kinds of potential suggested by the pilot study experiment. Then, buoyed by solid facilitation dynamics and a burgeoning spirit of competition, other prototypes were proposed by independent developers, designers and teams of students. Two of these applications came from one of our partner «data holders», who was then able to tackle the challenges presented to reuser application developers! For testers: a true and sustained stimulation requires a lot of imagination. It took several weeks between data generation, data retrieval, and data reuse Weeks when nothing was available to test. We therefore had to «keep the forum busy, by encouraging testers to discuss general topics, offering them quizzes, etc

11 04 -Principal findings 04 Principal findings 7- cf Part 3 of the present document 8- Out of the 321 initially recruited In sum People are quite aware of what happens to their personal data. They are worried... but do not necessarily do anything to protect themselves. To individuals, «personal data» is an abstract concept. The path to Self Data passes through reuser services and applications. Personal data is not only individual: quite often it is household- or socially-related. The more confident people are in their ability to manage their personal data, the easier it will be for them to engage in data sharing. A. Lessons learned from individual testers... A strong awareness of what happens to their personal data The testers were found to be quite aware that their data is collected and aggregated. They even have a fairly good idea of what this data can be used for. Overall, data manipulation was perceived rather negatively: at the beginning of the experiment, 70% of MesInfos testers said they did not trust the way firms use their personal data. Testers thus avowed strong interest, in principle, in a platform that would give them control and also offer services based on their data «Companies gather all sorts of data, maybe today the stuff they do with it might not be too evil, but I wonder if, in the near future, it might be possible to profile people according to specific criteria.» Anonymous MesInfos tester Little concrete reactions despite «awareness» In spite of a strong desire to protect themselves, the experiment confirms that either people do not know about, or fail to use, the tools (technical or legal) available to them. At most, the decision to share data or lie online is based on the perceived degree of «sensitivity» of the data requested. These observations corroborate the so-called Privacy Paradox identified years ago by researchers, regulators and privacy activists. However, if we exclude the identity and profile information provided regularly on the web, «personal data» remains an abstract concept in the minds of our individual testers. They were able to imagine what personal data might deal with (my location, shopping habits, etc.), but not the form it might take. They did not spontaneously imagine what they might be able to do with their data, and saw it as indecipherable and unusable. It is only through applications which are not only useful, but also relational, educational and fun, that they grasped the potential that data presents: my awareness can reduce my consumption, I can find out who knows what about me, I can make my purchase intentions clear, receive relevant advice, compare prices and rates, make daily life easier It is therefore likely that the path to data its protection and reuse will lead straight through whatever services are on offer. Individuals expect applications to be simple or single function (at least initially): if the application is too «rich», users tend to mentally break it down into as many distinct services and apps as there are functions (or reject it entirely). Sharing personal data is not just an individual issue... One might mistakenly think that personal data can only be used for strictly individual purposes; in fact, some of the data handed back to testers during the experiment (or which might have been) mainly made sense to the household (cash register receipts, energy consumption, etc.). The experiment also revealed a strong appetite for social uses of personal data: comparing oneself to others, comparing rates/ modes of consumption and/or rates paid, comparing professional/economic/social activity; even possibly sharing the data within the family circle. Thus, «personal data» is not necessarily personal, nor is it always considered confidential. Trust, and the user/organisation relationship Surveys conducted during the experiment ultimately revealed that the reputation of a brand, or the strength of its data protection measures, are not enough to convince a consumer to share information, even in exchange for tangible benefits. The decisive factor is the trust the user has in his or her own ability to control information. «Data protection policies must be complemented by a policy of consumer empowerment» conclude the researchers involved in the project

12 04 - Principal findings 04 -Principal findings in sum Business information systems are not ready to share data with customers or users. Personal data handback is a transverse, continuous and innovative project for data holders. Individual personal data handback interests two types of «users», both of whose needs must be understood: individual users, of course, and «reusers» those who create the applications and services to be used by those individuals wishing to get more out of their data. B. Lessons learned from data holders... Data holder information systems are not ready to share Today, data is stored and used in various internal company silos. Some silos are already configured to interact with customers, like billing departments or private account pages; but most are operated only by parts of the company, which are the only ones to interact with the data. Therefore, data is usually not ready to be processed by others. To initiate any kind of handback or retrieval to or by customers, the departments concerned must identify and fully describe all the data beforehand, so that dozens of unintelligible entries like «qs = CSP_89» turn into «occupational category = worker» and become comprehensible to others. The work to establish this new channel of communication between companies and their customers and make it work efficiently and securely has barely started. For example, the experiment reveals the difficulties companies have identifying clients in their information systems. According to the companies, 15% to 30% of their customers could not be located in their systems for a variety of reasons: contractor different from user (e.g., mobile plan offered by the employer, or in the spouse s name), change of address, typos, etc. Another item of note: the concept of household is virtually absent from corporate information systems. As a result, the data returned may either concern an entire household or an individual, and the company does not generally know which is which. Personal data handback is a transverse, continuous and truly innovative undertaking Sharing personal data with clients is a completely new endeavour requiring cross-company collaboration. IT has to design and implement secure and reliable data transmission protocols. Business units need to document all the data (and explore potential services to offer users). The Legal department has to ensure regulatory compliance (particularly vis-à-vis any given Data Protection Act) as well as the protection of intangible corporate assets. Marketing, Communications and Customer relations will likely need to prepare for less unilateral relationships with consumers who have the same amount of information as the company does, etc. During the MesInfos experiment, data holder companies were ready and willing to pass on personal data to their customers; such willingness went against the tide of practices that have been in place for decades. But progress on practical issues required a significant amount of information gathering and internal staff education. Handing back personal data is thus a complex, transverse and probably lengthy project for data holders to undertake. Beyond the technical constraints of data handback itself, the needs of reusers must also be anticipated The data returned to users can be stored in personal accounts; yet it will most often be «reused» by applications or services produced by third parties. This requires data holder information systems to have new functions: The frequency and latency of data transmission, for example, determines the relevance and therefore the existence of many services, especially since the experiment indicated that transaction data was the data most often reused, and this kind of data often takes the form of a regular flow of data. But data handback in real time is another new constraint and one for which a majority of information systems are not configured. More generally, each silo has its own vocabulary, even if the meaning of the data they contain is very similar. For example, in the experiment, the (already ancient) standardisation of bank data by all three partner banking institutions helped reusers create functioning applications without additional work. Without this, it is unlikely that any application would have reused the data from the bank that had the lowest number of tester/ clients, for example. It is also thanks to data standardisation practices that reusers are able to develop services targeted towards individuals, that combine different sources of personal data, and/or data from non-private repositories. Such data repositories exist as open data (Open Food Facts, for example), but they do not cover all areas, or are not developed enough. To allow the emergence of rich services, it would be appropriate that, apart from handing back personal data, data holders also provide access to the industry-wide or even private data vocabularies, reference databases, etc., via an open data platform, or via any other agreement accessible to large and small service developers alike

13 04 - Principal findings 04 - Principal findings The 50+ ideas and concepts framed during the MesInfos expein sum Sharing personal data will open a whole new world of innovation over the long term, but as yet this domain remains unexplored, and the most significant market prospects that might emerge as a result of its exploration still remain to be unearthed. Entrepreneurs have not yet become accustomed to thinking of services based on data to be given to individuals, rather than to organisations. Data value is maximised when it is integrated with other data, but application designers instincts are not yet attuned to this. C. Lessons learned from data reusers... A whole new field of innovation The world of Self Data opens up new horizons for innovation: new services that enable personal data processing for and by individuals. The amount and variety of services concepted or prototyped during the MesInfos experiment (cf. Part 4 of the present document) attests to this. However, this new field presents many a challenge to reusers and third party service providers, who are not accustomed to handling personal data on behalf of users themselves. The true value of data integration revealed The experiment shows that end users perceptions of the value of these services increases when separate datasets are integrated: Personal data can be integrated with (non-identifying) public data, for example with collaborative data from open data sources. Knowing the bar code and the price of a product purchased in a supermarket is useful, but seeing its picture, nutritional composition, or the carbon footprint it generated is much more so. This kind of information is based on the integration of personal data from register receipts with product data repositories. Personal user data from different suppliers and domains can be integrated (geolocation, bank data, mobility logs, shopping, etc.). Other users data can be integrated with private user data (e.g., for comparison or competition). «Social» services where users can share/compare data with one another have considerable potential. Of course, anonymization becomes an issue in this case. However, integrating heterogeneous data is not really convenient just yet, especially because today this kind of integration is tightly controlled: in the experiment, for example, most of the reusers drew from either one single data source alone, or from an extremely limited number of sources, when building their applications. Keep it simple Another challenge could be for reusers to invent really simple, easy to use, single-function services to attract users. The experiment revealed testers appetite for this type of service, rather than for complex services. Apps, yes; but not just apps... The applications we were looking for were data-driven, so it is not surprising that most take the form of mobile apps or web services. However, some designers explored the use of smart objects; for example, a pocket mirror that displays its dynamic relational mapping or a wrist compass indicating the city s «hot» spots, by computing where things happen using other individuals aggregated data. Applications can draw on data streams generated by our smart things The MesInfos experiment barely scratched the surface of what is probably an entirely new field of potential activity. Market prospects but not in the short term riment lit the way toward future market opportunities for developers and service designers, but most technical architectures, business models, modes of interaction and even new services themselves have yet to be invented! What kind of business models should be used by third-parties? How can we ensure that these models will not forever be based on data resale? Paving the way to Self Data usage will be a real challenge for entrepreneurs, as they require short business cycles, which are not well-suited to emerging fields like Self Data. Two important lessons were learned during the MesInfos experiment: Without the promise of rapid time-to-market, smallscale experiments are problematic, as they require a lot of effort that does not necessarily bear fruit in the short term; Specifically developing for an emerging platform (in this case CozyCloud) is a real obstacle: a multiplicity of platforms is indeed one of the main challenges for developers to grapple with

14 05 Applications and services 05 - Applications and services Mesinfos nutritionnelles Track food purchase/consumption nutrient value Patrice Delorme / Flavie Ferrari Be Green Calculate your carbon footprint using cash register receipts Samuel Renault / Lucas Fayolle Pierre Burgy / Pierre Guilhou / Thibault Haenlin / Hugo Mingoïa (HETIC) The 8-month experiment fostered 18 prototypes (that testers could use to manipulate their data) and 50+ concepts - some of which were extensively scripted (e.g., mock-ups, use case scenarios, potential business models, development prospects, etc.). The prototypes: utility-focussed The 18 prototypes share one common trait: they offered users some form of utilitarian benefit. For example: Personal data browsing: MesInfos Semantic Search (a «data search engine» using the standards of the semantic web); All my data (a «raw» data explorer), MonthlyMe (a monthly aggregated, editorialized, easy and fun to read statement based on one s data). A «different» way of visualizing: > Consumption data, using e.g., My nutrition info (represents shopping data according to caloric content or nutrient content, fat content, etc.), or BeGreen (calculating carbon footprint from purchase data). > Mobility and location tracking, e.g., My geo data (a zoomable time and space map of one s geolocation). Budget and Money Management, e.g., MyAccounts (open source, multi-account banking management service) and MySmartStatement (zoom from bank statement line entry to corresponding purchase receipt, invoice, or other underlying documents) Consumption: whether to streamline shopping lists and loyalty point accounts (Pur- Chease), organise a virtual closet at home (AliVentaire) or extract and preserve useful data from various documents, such as warranties (MesObjets) faire les bons choix, et les appliquer Je compare les offres et les décrypte avec d autres individus, j exprime mes intentions d achat et invite les vendeurs à y répondre, j achète à plusieurs avec des individus qui me ressemblent... Mes démarches longues et complexes sont simplifiées, mes choix, mieux éclairés : je ne me perds plus dans la jungle des tarifs et des offres commerciales Décrypter les offres des assureurs, opérateurs de téléphonie, transporteurs, banques en comparant ses données avec celles de milliers (millions) d autres Mettre en place des systèmes d enchères inversées et d achats groupés entre individus, sur la base de leurs données partagées Publier ses intentions d achats à partir de ses propres données et attendre les propositions des fournisseurs en temps réel! ( Intentcasting ) Effectuer un gros achat aidé d un Quart de confiance, qui rassemble les documents nécessaires à ma place, trie les offres, m alerte en cas de dépassement de budget Optimiser son agenda en temps réel The concepts: a panoply of uses for personal data alimenter la production de connaissances collectives personnelles Je peux partager certaines de mes données, anonymisées, pour contribuer à une étude sur la santé, les déplacements urbains, les habitudes de consommation... Partager ses données de manière anonyme avec des milliers d autres pour contribuer à des études cliniques ou urbaines Contribuer automatiquement à des bases de données collaboratives comme Open Street Map ou Open Food Fact Décrypter des contrats d assurance ou de garantie en les comparant avec celles de milliers d autres personnes Sticking to illustrated concepts obviously offered designers more freedom to explore potential services. They were free from the technical constraints presented by MesInfos platform, and to go beyond some of the limitations the existing sets of data imposed on developers. découvrir, ressentir, faire partager Je cherche la commodité, mais pas seulement : étonnez-moi, faites-moi vivre de nouvelles expériences grâce à mes données! Je veux être surpris, découvrir de nouveaux lieux, de nouvelles personnes, m amuser, m émouvoir, apprendre sans le savoir Visualiser ses dépenses, ses consommation, ses déplacements de manière sensible, ludique, humaine Cartographier ses traces, leur donner du sens Se voir proposer des parcours culinaires, cinématographiques, géographiques grâce à l historique de ses traces This freedom was reflected in a wide variety of uses that we have classified into seven main categories: Domaines D usage 6 7 décision et action Contribution ViVre une expérience 5 1 Gestion ConsCienCe 1. Manage daily life and the documents it generates 2. Control digital identity and personal data 3. Sounder action through better self-knowledge 4. Live according to one s values 5. Discover, experience, and share 6. Contribute to the production of collective knowledge 7. Make and implement better choices 4 2 Contrôle ConnaissanCe de soi 3 administrer son quotidien et ses informati J accède à tout moment à mes papiers, factures, contrats, garanties, hi m en servir, par exemple, pour fournir une preuve d achat, prouver un d Gérer facilement ses papiers, ses contrats, ses garanties Rassembler des documents en vue d un gros achat Naviguer dans ses traces, ses données, ses relations Reconstituer automatiquement un voyage à partir de ses photos, sa Valoriser des compétences à partir de ses traces (e-portfolio) Faciliter l organisation d une colocation ou d une soirée entre amis maîtriser ses identités numériques et ses Qui sait quoi sur moi? Qui a accès à mes données, et pour en faire q organisations ont le droit de faire de mes données, pas l inverse! Je veux aussi jongler entre mes différentes identités simplement et en to sans dévoiler qui je suis, ne pas avoir à re-rentrer la même information Être alerté de l utilisation de ses données personnelles par une ent Gérer ses comptes et ses identités numériques Prouver quelque chose sans avoir à dévoiler son nom ou son adres Établir la véracité d une contribution en ligne à partir de justificatif Permettre aux individus d élaborer les CGU de leurs propres donn signer avant de les collecter et les utiliser mieux se connaître pour agir Je visualise de manière intelligible, parfois ludique, mes traces, mes co santé Je peux aussi mesurer mon sommeil, mon activité physique, m alimenter mon coffre-fort personnel, et générer de nouvelles représenta Obtenir une vision à 360 de ses consommations Se fixer des objectifs pour réduire son empreinte écologique, rester e et être conseillé pour y arriver ViVre avec ses Valeurs Je mesure mon empreinte carbone (ou l éthique de mes achats) et bé réduire. Je visualise ce que je consomme, et suis coaché pour atteindre l Consommer plus vert ou plus éthique Révéler ses routines quotidiennes et se voir proposer des soluti consommation,

15 05 - Applications and services 05 - Applications and services DataFiction Explore and understand your personal data Nolwenn Maudet / Thomas Thibault The Make and implement better choices category, emblematised by VRM tools, was also a nonstarter. These tools presuppose a two-way dialogue between computer users and business information systems - and therefore additional complexity that fell out of what the experiment could provide. However, one concept, GarantBox, focussed on helping individuals to decide whether to include a warranty with their next purchase, basing its recommendations on real usage data gathered from 1000s of consumers. GarantBox (Concept) Take control of your product warranties Pierre-Edouard Barrault / Kévin Béchu / Karim Ennassiri / Camille Leblond (Master Architecture de l Information, ENS Lyon) Cool OK The house-sharing hub Amory Panné (ENSCI-Les Ateliers) However, other domains were left almost unexplored. Few concepts granted testers with an opportunity to «experience» their data by playing down usefulness for the benefit of a more playful, sensitive and emotional attitude to personal data. TALI, for one used «life» data (e.g., contacts, geolocation, calls, texts and s) to create personal interaction maps. Tell me a story is an exploration of private web traces and online contributions that takes the form of a dynamic video, without any record-keeping or statistical display. Tali If data is our reflection, let TALI be the mirror Nathalie Signoret / Ryslaine Moulay (Strate College) 25 26

16 05 -Applications and services 05 - Applications and services MesInfos Competition winners WINNERS: PROTOTYPE CATEGORY WINNERS: CONCEPT CATEGORY LA POSTE PRIZE Mesinfos nutritionnelles A nutritional coach right in your cash register receipt! Patrice Delorme / Flavie Ferrari MesInfos Semantic Search Explore your data Pierre-Alexandre Kofron / Romain Foucault Datafiction Datafiction, the story in which you are the hero! Nolwenn Maudet / Thomas Thibault GarantBox (Concept) Take control of your warranties Pierre-Edouard Barrault / Kévin Béchu / Karim Ennassiri / Camille Leblond (Master Architecture de l Information, ENS Lyon) ORANGE PRIZE Ali-ventaire My shopping, within my budget, according to my diet, to make my recipes Antoine Goupille (ENSCI) / Pierre Rousseau PurchEase All your shopping services, available as mobile apps Gregory Thurin et l équipe Skerou Cool OK House sharing with a smile Amory Panné (ENSCI-Les Ateliers) Mes1001choses (Prototype) Expand your horizons! Charles Douangvichith / Olivier Douangvichith Be Green Live healthier, live better! Samuel Renault / Lucas Fayolle Pierre Burgy / Pierre Guilhou / Thibault Haenlin / Hugo Mingoïa (HETIC) MesObjets Make an inventory of your things Michael Fozeu / Maxime Lathuilière (simplon. co) Tali If data is our reflection, let TALI be the mirror Nathalie Signoret / Ryslaine Moulay (Strate College) 27 28

17 06 The next steps: challenges facing «Self Data» 06 - The next steps: challenges facing «Self Data» 9- wiki/filter_bubble 10- Better Choices: Better Deals - Consumers Powering Growth, BIS, 2011 Which major issues need to be addressed so that the «Self Data» ecosystem really takes off? What challenges will the stakeholders involved in Self Data have to take up in the coming years? The research we conducted in points to six major challenges. 1- Comprehensibility How can «Self Data» become understandable, desirable and credible, and unify a wide range of stakeholders? How can we define the specific concept of «Self Data» in relation to that of «Big data», as well as a necessary complement to personal data protection? The word «data» is so fashionable, and the issue of privacy protection so hot, that it is easy to miss the specificity of the newly-minted term «Self Data»: is it a variant of open data? of Big data? or of the Quantified Self movement? Is it just another neologism due for rapid obsolescence? Is it just another way to protect one s personal data? Or does it herald a paradigm change in our relationship to personal data? We have defined «Self Data» as the collection, use and sharing of personal data by and for individuals, under their complete control and designed to fulfill their own needs and aspirations. However, this initial definition needs to be refined, in order to: Clarify what «Self Data» s place is in the cluttered world of «x data». Explain its intent, and most importantly, define its character both from society s standpoint, and from the standpoint of individuals and their concrete needs. Without the involvement of individuals, there will be no Self Data movement to speak of. Define the contours of the Self Data «movement»: the promise it holds, the stakeholders it involves, and the values it embodies. 2- Empowerment How to ensure that Self Data actually distributes knowledge, skills and power to the greatest number of people? Simply granting individuals access to their personal data does not in itself confer any power to them, especially if they do not have the knowledge and/or tools to understand and capitalise on it. Instead, we could run the risk of driving users to discharge their newly conferred responsibility of handling their data onto large online platforms eager to do it for them. Three main topics must be addressed: Convenience and simplicity: how can we make access to Self Data simple and easy, and avoid prompting users to delegate its management to «services» or platforms on whom they have little control? Openness: how can make Self Data a means with which to broaden users perspectives beyond their current circles of friends, families and interests (thus escaping Eli Pariser s filter bubble 9 )? Independence: how can we prevent the necessary function of personal data hosting from turning into a mechanism to confine the user within the ecosystem of a specific platform or technical device? 3- value How can we create a «Self Data» ecosystem that generates value for individuals as well as for data holders and innovators? The experiment showed that Self Data can produce a significant amount of use value; other personal data initiatives have also demonstrated its potential. For example: According to the report at the origins of the UK s Midata project 10, simply comparing mobile plans, based on actual consumption data, would allow 79% of UK consumers to save around 250 per year; Intentcasting scenarios, in which consumers (the market s demand side ) can express their purchase intentions accurately and expect answers from suppliers, could significantly reduce the «coordination costs» responsible for the continued inflation of marketing expenses. By definition, making markets more efficient generates an economic surplus. Nevertheless, many questions remain unanswered: Who would pay for what? In a market «distorted» by ostensibly free services, what could drive consumers to agree to pay for data-driven services? Can creative forms of monetization be designed (e.g., inclusion in service packages, sharing monetary benefits e.g. savings)? Are there new forms of third-party payment (like advertising) that do not amount to a Faustian pact? At a time when data is considered one of their main assets, what economic value might data holders generate and/or capture through making it available to their customers? What value can be expected from gains in trust and loyalty, from new business opportunities generated, and from new services made possible? How can we create an ecosystem that benefits all its members? How can value flow between consumers, data holders, data hosting platforms (e.g., personal clouds, repositories, personal data marts and warehouses, etc.) and innovative service providers? How to avoid the formation of large monopolies or gateways? How can we expand the market? How, in particular, to join what are currently siloed markets: personal tracking devices (e.g., personal health and sport trackers), digital vaults, personal servers or clouds, finance management services, privacy protection tools, etc.? 4- Technology How can we facilitate the practical implementation of Self Data through automated and secure tools that are also standardised, interoperable and decentralised systems, in order to promote a diverse and vibrant ecosystem of innovation? The Self Data narrative tells the story of an individual who [1] seeks out personal data that organisations hold about him/her (and adds more data that he/she captures or produces); [2] stores and manages his/her data (with the help of service providers); [3] negotiates personal data use by 29 30

18 06 - The next steps: challenges facing «Self Data» 06 -The next steps: challenges facing «Self Data» third parties in full light; and [4] exploits personal data to his/her own ends (usually using applications or third party services). This seemingly simple tale actually raises many questions, particularly on the technical and legal side of things. Handing back personal data to customers requires both the reliable identification of the individual who requests it, and the implementation of fully automated technical and secure transmission protocols, which will likely differ depending on whether they replicate data or access real time data, for example. We have seen that even if the technologies and protocols required do exist, corporate information systems do not use them widely. These mechanisms must rely on simple, neutral, and shared practices for them to be adopted on a wide scale, and to avoid costly and complex fragmentation. Data administration must be based on technical tools and service platforms that should develop freely, but must guarantee complete data portability, and perhaps even interoperability. It will also require significant work on data semantics, in order to facilitate understanding, aggregation and data mining by users and reusers alike. Negotiating the use of data by third parties will likely require extensive work on personal data terms of consent and rules of (re)use, and also into tracking mechanisms that monitor the movement and use of data in compliance (or not) with said consent. This work could draw inspiration on existing initiatives around open data licenses, as well as the computerized expression of Creative Commons licences. Introducing the concept of groups of individuals (e.g., family, home, business) may further complicate the situation. Data processing by and for individuals will mostly rely on third-party software or services, which brings us back to issues surrounding data traceability, rights and use. 5 -Legal Challenges How can we ensure that the «Self Data» ecosystem provides individuals with both more power and more security, and creates a truly level playing field for all, without generating legal uncertainty for organisations? Again, the big questions may be based on the four steps of the «Self Data narrative» described in the previous paragraph: Is obtaining data that organisations hold about oneself and using it to one s own ends a right (beyond the existing «right to know»)? If so, how far does it extend? What form does it take (e.g., right of access, ownership)? And what would make it effective? What new responsibilities do the storage and data administration of their data confer on individuals, and is this responsibility shared with the providers who will assist them: security, loyalty, portability...? How can these responsibilities be made understandable and enforceable? How can the duties of personal data warehouse managers be clarified, market transparency organised, portability made effective? Should such activities require official labels? How can we enable individuals to communicate their default «data terms of use», symetric to service providers «terms and conditions»? How, thus, can a clear dialogue be established when some of this data is being required in some contexts? How can we avoid that an asymmetry of information and power would drive individuals to give away even more data than they do now, without necessarily deriving any more benefit? How can we ensure that the limits of the consent given on data are met, not only by the entity who obtains it, but by all those with whom this entity works, not just at the moment, but over the long term ( sticky policies )? This raises the further question of data accuracy: will there be cases when, in return for meeting individuals increasingly important requirements vis-a-vis their personal data, organisations could require accurate and up-todate data from their customers? How, finally, can we reconcile the legal issues surrounding individuals «social» data processing, e.g., comparison with other individuals, relationship graphs, «tagging» of information relating to other individuals, etc.? 6-Kickstarting How can we create a self-sustaining culture of innovation, usage and value creation that is powerful enough to change organisations information systems architecture, marketing campaigns, customer relations policies, and technical service providers operations? The final challenge resides with the Self Data stakeholders, who today remain split into separate communities: PFMs (personal finance managers), personal servers/clouds/datastores, Quantified self, VRM, etc. Only the federation of these communities, along with the emergence of a use and value creation dynamic, is likely to trigger a strong enough momentum to change organisational information systems, marketing and client relations strategies, major technical services, etc. Three major issues will specifically need to be addressed: Prepare the foundation, by laying some of the key «building blocks» of Self Data: personal data hosting platforms with secure application deployment devices, a survey of applicable standards (technical and semantic), more work on consent agreements, disclaimers and data licensing, etc. Identify initial business models, even temporary or fragile ones. Identify killer (or at least kickstarter ) apps, through a multitude of entrepreneurial initiatives and/or experimentations. Three strategies could be deployed to this end: > Work with tech heads, geeks, early adopters, and competent or even militant users: even if their needs are clearly different from those of the general public, these pilot users can play a key role ny actively contributing to the development and improvement of initial platforms and applications. > Take industry-wide initiatives, like the United States has with its Green Button (energy consumption data), Blue Button (health data) and Purple Button (training data) programs. Akthough the value of data grows exponentially with its diversity, a sectoral approach is more likely to quickly achieve critical mass and therefore attract innovators. > Stimulate the emergence of a multitude of innovative initiatives, help them get to know one another, work together and work with large companies as well as public administrations, thereby enabling them to quickly access sizeable markets

19 Special Thanks These 12 last months, more than 30 enterprises, public players, research labs, schools, non-profit organisations, collectives, innovation clusters, contributed to this experiment. Leader and coordinator of the project : La Fondation Internet Nouvelle Génération Since its creation in 2000, Fing has produced and sharing novel and actionable ideas to anticipate changes inspired by technology and its uses. General coordination Marine Albarède - malbarede@fing.org Renaud Francou - rfrancou@fing.org Daniel Kaplan - dkaplan@fing.org Technical coordination Guillaume Jacquart - gjacquart@fing.org Research Team Christophe Bénavent - Université Paris X Nanterre Caroline Miltgen - Université d Angers Eric Dagiral - Université Paris Descartes Sarah Medjek - Université Paris X Nanterre / Fing 33 34

20 07 ANNEX 1 - MESINFOS CHARTER OF VALUES 07 - Annex 1 - MesInfos charter of values The MesInfos pilot study explores the emergence, opportunities and risks related to the voluntary handback of personal data by data holders to their customers or users. The pioneering corporations, public administrations, non-governmental associations and research laboratories assembled for the MesInfos pilot study adhere to the following principles: 01 The MesInfos pilot study aims to return to individuals the knowledge, control and use of their personal data. All activities and knowledge related to the project will be assessed according to this prime objective. 04 Specifically, the data returned to individuals, or that which they have themselves captured or entered during the MesInfos pilot study are under their exclusive control. All personal data will be completely deleted at the end of the experiment. During the experiment, a service or an application can make use of personal data only with the prior, informed and explicit consent of the individual concerned. This consent will specify the requested data, the ends sought, and shelf life. In addition, within the context of the MesInfos pilot project research: Platforms, applications and services tested during the MesInfos pilot project cater to individuals and aim to enable them to use their data for their own purposes. Individuals may choose to enable or disable any application or service, without being subject to any solicitation that they would not have previously requested. 03 The partners of MesInfos pilot project share the goal of producing common and useful knowledge about the conditions of emergence, opportunities and risks of handing back their personal data to individuals. As such, they accept that the MesInfos experimentation takes place in the open, and that its results will be made public, except as regards personal data and the data provided by participants which they have previously marked as having a confidential nature. MesInfos pilot study researchers and participants, and the services and applications that claim to 06 follow these principles, shall strictly In particular, participants agree obey the EU directives as well as not to appropriate, or seek to be the national legislation on the protection granted exclusivity for the ideas, of personal data, in letter concepts and features made and in spirit. available or produced during the pilot project