GDPR / HSS Inspired Data Liquidity & Future Of Privacy

Data liquidity is a new concept signifying seamless flow of consumer data ‘to where it is needed and when it is needed’ throughout a given ecosystem, as a function of data portability. As much as service providers / vendors harbor an epic misunderstanding on ownership rights of consumer data, it is the consumer who owns it. Data portability/interoperability in our current centralized systems, particularly in EHR (electronic health records), is prone to compromising privacy / confidentiality during data exchange between third parties.

Data Liquidity

Liquidity is the degree to which an asset can be quickly moved from one location to another within an ecosystem without compromising its integrity and intrinsic quality.

Strength Of Data Protection Laws Worldwide

In the digital age, data privacy typically applies to critical personal information, including identification credentials, health and medical records, financial data (bank account and credit card numbers). Most countries do have some sort of data protection / user privacy laws in place ranging from heavy to limited in their regulatory strength.

Image for post
Data Protection Laws Of The World
Image for post
Image for post

Snowden Impact On The Strength of GDPR

Some GDPR supporters attribute its passage to the whistleblower Edward Snowden. The Snowden revelations in 2013 were crucial in changing the course of the GDPR legislation in the European Parliament (EP). The revelations outraged Europeans, bringing the importance of Internet privacy issues to prominence, and compelling the EP to reverse its opposition to rules strengthening privacy. Thus the coalition of European privacy activists prevailed over the powerful Silicon Valley lobby in convincing EP to pass the GDPR as it stands today.

The GDPR Fallout

On the GDPR’s effective date, some international websites began to block EU users entirely, others, such as Klout, and several online video games, ceased operations entirely to coincide with its implementation, citing the GDPR as a burden on their continued operations. Behavioural advertising placements in Europe fell 25–40% on 25 May 2018.

Data Protection Noose Is Tightening Worldwide

Brazil recently created the National Data Protection Authority (ANPD) and enacted the Brazilian General Data Protection Law (LGPD). The LGPD taking effect in August 2020, is largely aligned to the EU General Data Protection Act (GDPR).

Image for post
Image for post

“the right to privacy being deemed a fundamental right”,

the focus on data protection to enhance citizen safety and security has increased. In a move to drastically improve healthcare delivery in India and protect patient data, a new Digital Information Security in Healthcare Act (DISHA) was drafted in 2017 and now waiting to come in force soon. Claimed to be first to protect health data of citizens, DISHA has three primary objectives — setting up a central and state level digital health authority, enforcing privacy and security measures for digital health data, and regulating the storage and exchange of electronic health data.

Data Silos: A Medical Tragedy

A Forbes report calls data silos as “healthcare’s silent shame.” Overcoming health data silos is proven to lead to cost savings. In US alone the estimated value of such savings range from $30 — $300 billion every year.

Image for post
Image for post
Source: Health Standards
Image for post
Image for post
Variant Market Research

“SILO.”

Hospitals, clinics and doctor’s offices, insurance providers, health networks, digital health devices, EHR vendors silo their data. They don’t share.

Data Portability, Interoperability & Liquidity

Data portability is the right to transfer personal data from one organization to another organization or to the data subject herself / himself. In theory it might sound easy, but it is far too difficult in practice.

An important attribute of liquid data should be that it flows to where it is needed and when it is needed without compromising privacy and confidentiality of data subject.

The American Medical Association (AMA) calls data liquidity a priority in their framework to improve the usability of EHRs. Dr. John Mattison, AMA Advisory Committee on EHR Usability says:

Legal Ownership Of Personal Data

As established by the GDPR, personal data is owned by the data subjects, rather than the data controllers. However, individuals’ ownership of their data will become effective only when they have the means and the incentive to exercise their rights of ownership.

Currently Who Controls & Manages The Data?

A review of all the existing and proposed data privacy laws tells us that these regulations assume that the corporations control and manage the user data through their centralized servers. As a consequence, data portability between two corporations, always, without exception, implies exchange of user data between two disparate servers. This essentially means the industry has to adopt standardized application programming interfaces (APIs), to access their personal data. Such standardization is difficult as each data server will have its own data structure and protocols. It is for this reason that most EHR systems, despite about half a century of their existence, do not share well with others. However, the regulations favoring more data liquidity will compel a change.

Who Should Control & Manage Personal Data?

Ideally, if ownership of personal data lies with the data subjects, the subject should control and manage the data. However, this isn’t technologically possible with the legacy client-server systems.

Liquidus PODs: Liquidity With True Data Ownership

Image for post
Image for post

users should have the freedom to choose where their data resides and who is allowed to access it.

It also means seamless flow of data to any destination that needs it.

Freedom From Liability

Privacy regulations are only triggered if a company stores and manages users’ personal data.

No control over user data means no liability.

At a time when Googles and Facebooks of the world are penalized with billions in fines for non-compliance with GDPR, disengaging the service providers from user data, frees them from any liability risk. If they don’t control subject data, they don’t trigger GDPR or any other privacy regulation for that matter. So, instead of continuing as controller of subject data, these service providers can connect with users’ PODs and access their authorized personal data via the POD API to deliver their services.

Conclusion

European Parliament’s recent promulgation of GDPR is indeed pushing the envelope of the digital strategy in general and privacy in particular. The ideas contained within GDPR are neither entirely European, nor new. They can be found to some extent in U.S. privacy laws. The strength of GDPR though was essentially made possible because of the Snowden revelations that the GDPR opponents could not overcome.

Doctor Entrepreneur #Inventor #Health #IoT #AI #Blockchain #Fintech #Economics #Sustainability #Sharonomics #Prosperism #ZeroCash #Driverless #Mobility #Poverty

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store