In today’s state-of-the-art, a data-controller collects and stores subject data. As data subjects have no control on their personal data, they remain at the mercy of the data controller hoping that their privacy is guarded. It turns out that the subjects’ privacy is breached more often than not, by almost all data-controllers.
Restoring full data ownership and control to the data subject not only secures the data privacy, but can also enable its liquidity and security within any Web 3.0 infrastructure.
We have lost control over our personal data in our online lives. We are no more than “data subjects” to the “data controllers,” or “data processors.”
In the era of big data, the battle for privacy has already been fought and lost — personal data is routinely collected and traded in the new economy and there are few effective controls over how it is used or secured. — The Guardian
At least in Europe, that situation changed on May 5th 2018, when European Parliament promulgated GDPR (General Data Protection Regulation), a new law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. As a consequence, all major data-controllers are now facing billions of Euros in fines for GDPR non-compliance.
Enforcing data privacy through regulations is one thing, and achieving it technologically by design is quite another.
Deemed technologically impossible at the time GDPR was deliberated in European Parliament a couple of years ago, if what we are working on today was available then, the GDPR would have been explicit not only in clarifying privacy of data subjects, but also in defining this specific technological tool that will keep data controllers in compliance by default.
That specific technology is LIQUIDUS (Linkable Quarantined Internet Data of Unique Subjects)
The Data Ownership Dilemma
Humankind has always possessed a love for data.We are now living in an age of big data. The data is pervasive, plentiful and ubiquitous. It’s everywhere around us. If the data relates to a person, the questions that crop up are:
Who owns the personal data?
One who collects, stores and processes it, or one who is the subject of that data?
Even, the recent legislative breakthrough in Europe -GDPR (General Data Protection Regulation) is not explicit about the answer.
Article 4 (1) defines GDPR ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In being ambiguous about data ownership, GDPR basically assumes that personal data of a “data subject” will always be:
- controlled by a data controller who “determines the purposes and means of the processing of personal data”
- processed by a data processor who “processes personal data on behalf of the controller”
This is because in the current state-of-the-art it is inconceivable that:
personal data can be stored, processed or shared freely without the need of a data controller and a data processor.
Article 1 of GDPR lays down the following 3 objectives:
- This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
- This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
- The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
The GDPR does not explicitly give us an answer on personal data ownership. But —
What does follow from the GDPR however, is that data subjects should be in control of their personal data.
GDPR gives data subjects the tools necessary to exercise their rights to privacy, the right to be in control of how their personal data is processed.
But, there are many corporates who still think:
If a company believes that the data belongs to them, data privacy becomes difficult and vulnerable. However, if the company instead understands and agrees that it is neither entitled to ownership, nor full control of user data, building a successful privacy compliance program becomes easier.
We disclose a much easier “Privacy-By-Design” technology, that enables GDPR or any privacy compliance by default.
As much as the world thinks that there will always be data controllers, and users will always be data subjects, we believe it’s time to get radical for the paradigm shift.
Foundational Principles Of Privacy By Design
The 7 foundational principles of Privacy By Design as originally conceptualized by Ann Cavoukian, the Information & Privacy Commissioner of Ontario, Canada, are:
- Proactive not Reactive, Preventative not Remedial: The Privacy by Design approach anticipates and prevents privacy compromising events before they happen. It does not wait for privacy risks to manifest. It prevents them from occurring.
- Privacy as the Default: Privacy is built into the system, by default. Personal data are automatically protected in any given ecosystem, and users need to do nothing to protect their privacy. Their privacy remains intact.
- Privacy Embedded into Design: Privacy is embedded into the design and architecture of an IT system proactively by default and not an add-on. Hence, privacy becomes an essential component of the core functionality being delivered without diminishing system’s functionality.
- Win-Win For All: No trade-offs, no compromises, privacy by design accommodates all legitimate interests and objectives in a “win-win” manner. Privacy is often positioned in a zero-sum manner as having to compete with other legitimate interests, such as design objectives, technical capabilities, security, etc.
- End-to-End Security: Security extends throughout the entire lifecycle of the data involved, ensuring secure lifecycle management of information, end-to-end.
- Visibility and Transparency: It remains visible and transparent, to both users and providers alike. Visibility and transparency are essential to establishing accountability and trust.
- Respect User Privacy: Interests of user is the primary consideration above all. Empowering data subjects to play an active role in the management of their own data is the single most effective check against abuses and misuses of privacy and personal data.
LIQUIDUS PODs: Privacy By Design
In Europe General Data Protection Regulation (GDPR) underlines that citizens have the right to access their personal data. It provides the legal framework for the protection of personal data, including their health data. Article 25 of GDPR codifies the concept of privacy by design and by default.
Data protection in data processing procedures is best adhered to when it is already integrated in the technology when created. Nevertheless, there is still uncertainty about what “Privacy by Design” means, and how one can implement it.
LIQUIDUS PODs eliminate that uncertainty and defines with clarity how technology can acheive privacy by design and by default.
Heavily inspired by GDPR and the EC’s recommendation seeking to facilitate the cross-border interoperability of electronic health records (EHRs), the LIQUIDUS technology creates PODs (personal online data) that ensure the digital transformation of healthcare, or for that matter any digital outfit, by securing the data, and at the same time unlocking its free flow across borders.
Citizens have the right to access their personal data, including their health data as provided for by Regulation (EU) 2016/679 of the European Parliament. Rules for facilitating the access to safe and high-quality cross-border healthcare are also provided for by the Directive on patients’ rights in cross-border healthcare.
The users can create different PODs for storing and even segregating their personal data depending on the type of end use. For example, one may have a separate POD each for specific use case such as, sovereign ID, personal, professional, social, EHR, KYC (know your customers), or even a custom POD. Each POD can deliver the specific data that the user authorises to any service provider through API. Without LIQUIDUS API the POD may still deliver the info to any service provider but with read only rights. The user can even quarantine his / her personal data, totally isolating it from any online exposure.
LIQUIDUS, thus serves as a radical new way to reclaim the user privacy that’s been under siege from technology since the birth of Internet.
Managing subject data with LIQUIDUS, not only restores data control to its rightful owner — the subject, but grants the companies freedom from liability and keeps them in compliance of GDPR or any other privacy regulation under the sky.
LIQUIDUS, thus places the ownership and sharing of private user data in exclusive control of the data subject or data owner. It does this by creating decentralized user-controlled personal online data storage (POD)s.
What Is Data Liquidity?
Liquidity is the degree to which an asset can be quickly moved from one location to another within an ecosystem without compromising its integrity and intrinsic quality.
LIQUIDUS PODs: Interoperability (Liquidity) By Design
Data liquidity basically is a function of data portability wherein the data is no longer confined to data controllers’ databases or data silos such as supply chain management systems, financial systems, healthcare systems, social media, etc. An important attribute of data should be that,
it flows to where it is needed and when it is needed without compromising privacy and confidentiality.
In addition, if it is made quarantinable at data owner’s behest, it will be the ultimate accomplishment in personal data privacy and confidentiality. LIQUIDUS claims that ultimate accomplishment, and triggers a paradigm shift in data privacy, security and portability.
The LIQUIDUS Paradox
While liquidity entails seamless flow, quarantine warrants isolation and restriction. Liquidity and quarantinability are two diametrically opposite properties of data. The ability to quarantine the data as well as maintain its liquidity may sound paradoxical but LIQUIDUS makes it possible with just a simple click. At subject’s behest personal data can be either quarantined, isolating or restricting its movement through the information superhighway, or it can be released to any destination of subject’s choice.
Liquidus PODs: Data Security By Design
Liquidus design not only incorporates data privacy by default, but it has data security built in. There is a hacking attack somewhere every 39 seconds. Cost of such data breaches is predicted at $2.1 trillion globally in 2019, and estimated to reach $6 Trillion by 2021. According to a latest report data breaches cost companies $150 per record, and in first half of 2019 itself 4.1 billion records were breached. Such data breaches happen on a daily basis causing hundreds of billions in losses.
Liquidus massively impacts the data security because it is decentralized and as such does not aggregate all the user data in a single server location making it impossible for hackers.
Data Privacy, Security & Liquidity In Healthcare
Enabling citizens to securely access and share their health data across borders is a concern that every nation in the world is waking up to. Europe has taken the lead as one of the priorities in its communication on enabling the digital transformation of healthcare in the Digital Single Market.
In this age of big data, the growth in healthcare data is phenomenal and continues to grow exponentially. As a consequence, the Electronic Health Record (EHR) exchange format recommended by European Commision is expected to significantly impact across the European Union, ensuring that citizens can securely access and exchange their health data wherever they are in the EU. It will help citizens to quickly access and share their health data with healthcare professionals. But, unfortunately operational liquidity of health data, or for that matter any data, is still lacking.
The Quantum Of Global Healthcare Data
Healthcare is one of the most data-intensive industries. The challenge is not only to protect this data but make it useful in reducing costs and improving outcomes.
In this age of big data, the growth in healthcare data is phenomenal and continues to grow exponentially with the exponential growth in connected home monitoring devices. A patient’s electronic health record (EHR) will become the epicentre or hub of patient care. Next generation medical devices are designed to automatically upload the data to the EHR instead of manually entering data. This data can also be combined with lifestyle devices that monitor exercise, sleep cycles, and heart rate. This apparently adds convenience and reliability, giving physicians a more cohesive picture of a patient’s overall health status. Additionally, over 16,000 hospitals worldwide collect thousands of petabytes of data on patients.
What good is all the data if today’s EHR providers silo the data within their proprietary systems, making it mostly inaccessible to the patient at any place or time he / she needs?
The most effective way to use patient data effectively has just been invented:
It breaks through the data silos and restores data ownership and total control to the patients saving 100s of billions in healthcare costs .
Healthcare’s Silent Shame Grows To $40 Billion
The global EHR market is very competitive, with over 1,100 EHR providers competing worldwide for a slice of the market that’s growing at a CAGR of 6.2% to reach $40 billion by 2024.
Despite spending billions in EHR, global healthcare industry losses billions more because of lack of interoperability of EHR systems.
EHR industry, consequently faces one of the fiercest criticisms related to usability and interoperability of patient data. This is because the EHR industry largely exists in data silos that do not get along with each other.
Today, in all probability, patient data with one EHR provider remains locked up with that provider, and is not available to the patient if a medical emergency is presented before another provider. That’s why a Forbes report calls EHR data silos
“healthcare’s silent shame.”
It’s time we broke through the data silos, and enabled data privacy, security and portability by default, without having to force regulatory compulsions on the so called data controllers. LIQUIDUS does that seamlessly.
Web 3.0 is the third generation of internet services for websites and applications that will focus on using a machine-based understanding of data to provide a data-driven and semantic web. Of all the attributes that are assigned to Web 3.0, privacy, security and interoperability are the key attributes that enable the ultimate goals of Web 3.0. Therefore, Liquidus technology potentially serves as a core enabler of Web 3.0.
Claps will be appreciated if you liked the article.