1. No category

Henkilötiedon hallinnan infrastruktuuri ja
yhteistoimintamalli
bit.ly/mydata-yhteistoimintamalli
MyData allianssin kokous
28.10 13:00-16:00 @ Etelä-esplanadi 16 (LVM)
Ohjelma:
Esittäytymiset ja tilannekuva
Kärkihankkeen rakenne ja rooli
MyData pilotit
MyData Allianssin toiminta (keskustelu ja yhteenveto)
Taustamateriaalit päivitetään tänne 23.10. mennessä
Background: What is MyData?
Personal Data is Everywhere
€1T
Digital identity applications can bring a
quantifiable annual benefit of
approximately €1 trillion in Europe by
2020.
The Value of Our Digital Identity - Boston Consulting Group (2012)
Asset
Class
Personal data is becoming a new
economic “asset class”, a valuable
resource for the 21st century that will
touch all aspects of society.
Rethinking Personal Data - World Economic Forum (2014)
Potential vs. realisation?
Who gets the benefits?
What happens to privacy?
Trust is
must!
Two-thirds of potential value generation
– €440 billion in 2020 – is at risk if
stakeholders fail to establish a trusted
flow of data.
The Value of Our Digital Identity - Boston Consulting Group (2012)
78%
78% of consumers state that it is hard
to trust companies when it comes to
the way they use consumer personal
data
The future of Digital Trust - Orange (2014).
MyData Principles
●  Human Centric: right to data,
individual in control, privacy
●  Usability of Data and transparent
relationship management:
machine readable, open formats,
APIs, standards,
●  Open Business Environment:
interoperability, possibility to
change services without “data
locks”
My Data - Subset of Personal Data
Individual can manage her personal data
Personal data is accessible in machine readable form
MyData vs. Current Models
MyData Operator Model
Account portability
Standardized Agreements
Current state
Consents are not comprehensive
Not dynamic
They do not allow access for
individuals to their own data
MyData goal
Create similar framework for
personal data as CC is for
copyright
Also dynamic properties
Addressing data
The big change?
Old ways of collecting and managing data struggle to provide
aggregation, consent management and transparency
Landline telephony
(calling a fixed location)
Traditional warehousing
of personal data
Mobile telephony
(calling to a person)
Personal control of
one’s personal data use
MyData nelikulmamalli
Selitys...
Kuluttajan
MyData-operaattori
Allianssin
ylläpitämä
“HUB”
Yrityksen
MyData-operaattori
Monioperaattoriekosysteemi
Yrityspalveluihin, tiedon jalostukseen ja kuluttajapalveluihin erikoistuneita MyData-operaattoreita
Tiedon jalostukseen
erikoistunut MyDataoperaattori
Kuluttajan
MyData-operaattori
Kuluttajan
MyData-operaattori
Allianssin
ylläpitämä
“HUB”
Yrityksen
MyData-operaattori
Yleinen
MyData-operaattori
Benefits of MyData
Incentive for Data Sources to Open MyData
Complementary services
Incentive for Data Sources to Open MyData
Flexible Consenting (GDPR)
Incentive for Data Sources to Open MyData
Data Exchange with Individual
Incentive for Data Sources to Open MyData
Organization Roles in the Infrastructure
Business
as usual
Viewing service
Level 1
Open MyData compliant API
Use data from MyData APIs
Level 2
Take the role of MyData operator
Technical Architecture
OpenID Connect, Oauth 2.0 and UMA
Modules of Personal Data Management
Health data profile,
mobility profile, intent
profile, contact profile,
status profile.
Local, cloud, distributed
storage. Various security
approaches.
Semantic
Models,
Schemas and
“Profiles”
Algorithm and
Application
Sandbox
Analytics
Engine
Data Storage,
Database
model, API
harmonization
Identity
Management
and Nondisclosure
Trust networks, IdPs, strong
authentication, regional
regulations, identity nondisclosure as default.
Interfaces for
Personal Data
Management
and Creation
Service
Registry
Service
Discovery
Authorization,
Audit Trail,
Consent
models
Self-report interfaces, data
visualization, privacy control
interfaces.
Run analysis and applications
locally instead of sending data out.
Base of the “app store”,
finding compatible services
Consent management as a service,
authorizing and later auditing the
data transactions
Modules of Personal Data Management
Analytics
Semantic
Models,
Schemas and
“Profiles”
Interfaces for
Personal Data
Management
and Creation
Algorithm and
Application
Sandbox
Analytics
Engine
Data Storage,
Database
model, API
harmonization
Identity
Management
and Nondisclosure
Service
Registry
Service
Discovery
Authorization,
Audit Trail,
Consent
models
Transactions
SCENARIOS:
1. TRANSACTIONS - NO ANALYTICS
2. TRANSACTIONS + ANALYTICS
3. MIX (PARTIAL ANALYTICS)
User Managed Access (UMA)
1.0 versio vuoden 2015 alusta Open Source toteutuksia on jo.
Pohjautuu Oauth 2.0:aan ja
OpenID Connectiin
Keskitetty luvitus - “Authorization
as a Service”
Authorization server
Resource server
Useamman autorisointipalvelimen
(MyData operaattorin) federaatio
tulossa versioon 2.0 - Suomalaiset
mukana vaikuttamassa
standardointiin.
UMA Demo Video (10 min.)
UProtect
Doctor Bob
Happy Heart
Account
BHealthy EHR
Husband Ted /
client software
https://youtu.be/cpT0S5LL9Fo?t=39m10s
(start watching from 39 min. 10 s. onwards)
MyData -kehitys Suomessa
Driving the change
Industrial alliance - National initiative, Telecom operators,
Banks, Retail, IT providers, Startups...
Public collaboration - Government plan and digitalization
spearhead programme, LVM, TEM …
Research projects - DHR, Re:Know, ICT Labs...
Active people - OKF MyData working group, Datam.me...
Julkishallinnon tuki
“Vahvistetaan
kansalaisten
oikeutta valvoa ja
päättää itseään
koskevien tietojen
käytöstä”
LVM raportti
9 / 2014
Hallitusohjelma
5 / 2015
“käynnistetään ns.
omadataan
perustuvia
kokeiluja”
Kärkihanke
9 / 2015
Roadmap
Phase 1:
CLARITY
Phase 2:
FEASIBILITY
Complete stack reference
architecture
➔ Common Ground for
Interoperability and
Distribution
Reference implementation
of
Operator stack, Data
Source and Sink APIs
Stack Process Ownership
EU – level collaboration
National legislation and
Practice clearance
2015
Pilots
First commercial
operators
Phase 3:
GROWTH
International growth and
maturization of approach
➔ Global consortium
Business-as-usual
New stack generation(s)
Focus on support structures
Integration to big national
Information systems
2016-2017
2017+
Kokeiluista yhteistoimintamalliin
Phase 1:
CLARITY
Phase 2:
FEASIBILITY
Phase 3:
GROWTH
2015
2016-2017
2017+
Kokeilut
MyData allianssi
Henkilötieto
infrastruktuuri
Yhteistoimintamalli
MyData Alliance
MyData allianssi
Allianssin organisaatio
●  Yrityskonsortio, jonka tavoite on kehittyä henkilötiedon hallinnan
luottamusverkostoksi eli henkilötietoinfrastruktuuria operoivaksi
yritysverkostoksi ja kokeilujen käynnistäjäksi
●  Käynnistetään yritysten yhteenliittymänä, jonka kokoontumista ja toimintaa
fasilitoidaan
●  Tuottaa suosituksia, määrityksiä ja tukea piloteille
●  Tavoite on kehittää kansallinen yhteistoimintamalli, joka on kansainvälisesti
yhteensopiva
Mukana (tilanne 8.10.2015, laajentuu jatkossa)
Pilot Services contributing to the MyData core
Mobility as
a Service
CRM as a
Service
SC
Reserch Data
Banking
A&A
PDS,
Profile
MyData&
CORE&
Retail
UMA
Cosent
UMA Management / UMA
Service Registry /
SC Connection
Personal Data
PDS Storage
QS
Telecom
Media
UMA
Aggregation &
A&A Anonymization
Local Application &
Directive on
Payment
Services PSD2
Health
Finance
Analytics Analytics
Profile
Profile creation &
portability
QS Self tracking
MyData allianssin toiminta
Allianssiin osallistuminen:
●  Allianssi on lähtökohtaisesti avoin
●  Konsortio päättää itse osallistumisen ehdoista
●  Jatkossa allianssissa voi olla yksityiskohtaisempi rakenne ja evoluutiossa
kohti yhteistoiminta verkostoa voi olla tarve konsortiosopimukselle
Mahdollisia allianssin toiminnan merkkipaaluja :
●  Korkean profiilin roundtable (esimerkiksi ministeri kutsuu koolle Allianssin
yritysten korkeaa johtoa)
●  Kansallinen MyData visio
●  Yhteistoimintamallin MyData viitearkkitehtuuri
●  Henkilötieto reguloinnin suosituksia
●  Kansallisten palveluiden ja valtionyritysten rajapintojen MyData
yhteensopiva avaaminen ja integraatio
●  Allianssin yhtiöittäminen
●  MyData operaattoritoiminnon referenssitoteutus
Allianssin ja pilottien suhde
Allianssi tuottaa suosituksia, määritystä ja tukea piloteille
Pilotit ohjaa allianssin toimintaa ja yhteistoimintamallin kehitystä
Seuraavat askeleet
13.10: Workshops (LVM)
●  Allianssin työprosessit ja tavoitteet
●  Allianssin kokoonpano
28.10: Kick-off / Launch (LVM)
●  MyData allianssin muoto ja toiminnan tiekartta
●  MyData allianssin julkisuusperiaatteet
●  MyData allianssin fasilitointiperiaatteet
●  MyData pilottien ja MyData allianssin välinen
vuorovaikutus (miten pilotti liittyy allianssiin, miten
avoimia pilottien täytyy olla, miten pilotteihin pääsee
mukaan)
●  MyData pilottien ja MyData allianssitoiminnan rahoitus
●  Kärkihanke rakenteen esittely
Tavoitteena yhteistoimintamalli
Yhteistoimintamalli
Yhteistoimintamallin lähtökohtainen visio
●  Monioperaattoritoimintaympäristö, jossa operaattoriin kytkeytyneet yksilöt,
yritykset ja palvelut näkevät toisensa (yhteinen verkosto ja palvelurekisteri)
●  Nelikulmamalli: Yrityksillä ja yksilöillä on rajapinta verkostoon
●  Yhteistoimintamalliin kuuluu sekä teknisiä, regulatorisia että liiketoiminnallisia
elementtejä
●  Allianssi ohjaa ja omistaa yhteistoimintamallin kansallisesti, mutta pyrkii
kansainvälisesti kytkemään yhteistoimintamallin
Yhteistoimintamallin elementit
●  Tekninen yhteentoimivuus:
○  Palveluiden ja henkilöiden rekisteröinti (mahdollisesti yhteinen rekisteri)
○  Suostumusten hallinta
○  Tietomallit ja rajapintastandardit
○  Tiedon käsittelyn standardit pilvessä, yksilön pilvessä toimivat sovellukset
○  Henkilödatan aggregointi kytkettynä henkilötiedon käsittelyyn
○  KaPa ja luottamusverkko integraatio (KaPa julkisena MyData operaattorina)
●  Yhteinen liiketoimintamalli (siirtohinnoittelu)
●  Yhteistoimintamallin regulaatio (mahdollisesti operaattoritoiminnan regulointi,
mahdollistava regulointi, henkilötiedon infrastruktuuri reguloinnin
mahdollistajana)
Potential
Pilot Cases
MyData kokeilun (pilotin) raamit
● 
● 
● 
● 
Identifioidaan loppukäyttäjät ja arvolupaus heille
Dataa liikkuu vähintään kahden organisaation välillä
Ihminen on itse mukana luvittamassa datan liikkumista
Pilotti kontribuoi MyData allianssiin
Pilotissa ainakin yksi lähde, operaattori ja
loppu- käyttäjille näkyvä sovellus
CASE: Privacy Management as a Service
(CRMaaS)
MyData
Operator
Organization
X
Operator sells organizations:
Consent management and privacy
management outsourcing
CRMaaS services (by extending existing
CRMaaS services)
Rich profile information
Value added personal data processing
services
Can extend to other MyData services and
business models
MyData Alliance is the joint platform operated
by operator companies.
Each company and individual subscribes
account from single operator, but is
registered to joint service registry system
CASE: Research data banks
CASE: Mobility Profile (MaaS)
MyData
Operator
OR
Mobility
Profile
Creator
Mobility data
sources
MyData
Operator
Mobility data
sources
MaaS
Operator
MaaS
Operator
Mobility
Profile
Creator
CASE: Account Number for Salary and Benefit
Payments
General
MyData-operator
Public
Organization’s
MyData-operator
Social Benefit
Organization
(benefits)
Bank where the
individual has his
cash account
Tax Authority
(tax returns)
Employer
(salaries)
CASE: Portable Media Profile @ YLE
YLE Authorization
(UMA)
Areena
(YLE)
Profiles API
(YLE)
Uutisvanhti
(YLE)
Player App
(external)
CASE: Portable Media Profile
expanded use
YLE Authorization
(UMA)
Areena
(YLE)
Consumption
profile (Retail)
Uutisvanhti
(YLE)
Profiles API
(YLE)
Player App
(external)
Other media
channel
CASE: Occupational Health
CASE: Loyalty Card Data
MyData operator
Source: Retail
Loyalty Card Data
Source:
Complementary
Data Source
Health & Wellness
Feedback (App)
Diagnosis and
Monitoring Service
for Healthcare
Intelligent
Consumption
Service
International
Benchmarking
Next actions
Activities
Human-centric personal data management white paper 2.0
H2020 (Big Data PPP) proposal
Visits to Finland
Health Bank visit to Finland (TBC)
Synergetics UMA workshop in Helsinki (18-19.11.)
Upcoming trips
Amsterdam (22-28.10) multiple meetings
Bryssel (27.11 - 1.12) Commission Round-table & EU Big Data PPP Light House
Wien (2-3.12) Internet Identity Week
London (8.12) Ctrl-Shift conference
Copenhagen (9.12) Nordic Digital Forum
Personal Data Management Scenarios
Blockchain models
Human-centric
MyData Approach
PDS-based
aggregators
How to find the right balance?
Finnish KaPa
Organizationcentric
Dominant US-based
Data giants model
Free market -driven
Regulation-driven
OpenPDS/SafeAnswers allows users to collect, store, and give
fine-grained access to their data all while protecting their privacy.
OwnYourInfo puts you in control of your data - Keep your important
information and files safe, organized and up-to-date. Share your
information securely with anyone from anywhere.
Mydex enables individuals to exchange personal data with
confidence. It provides the individual with a hyper-secure storage
area to enable them to manage their personal data, including
text, numbers, images, video, certificates and sound.
HealthKit allows apps that provide health and fitness services to share
their data with the new Health app and with each other. A user’s health
information is stored in a centralized and secure location and the user
decides which data should be shared with your app.
The HAT is a personal data platform created to trade and
exchange individuals’ own data for services in a standardised
and structured manner. HAT has a schema that ‘flattens’ and
‘liberates’ vertical structures of data.
Arkkeo automatically stores and archives all the purchase receipts,
warranty, insurance, healthcare and travel documents you receive from the
businesses and service providers that you deal with.
Microsoft HealthVault is a trusted place for people to gather,
store, use, and share health information online.
Life Management Platform that puts you at the center of your connected
world. Take control of your personal data, organise your private
information and replace many of your paper-based tasks. Link your IoT
devices, manage your social channels and connect your contacts. Encrypt
your information and store it in your own personal cloud.
Healthbank is a citizen-owned health data transaction platform. It
connects data sources from all facets of the healthcare
ecosystem and rewards participants in research data collection.
TheGoodData gives you back control of your valuable browsing data and
lets you do some good with it.
The Qiy Standard offers people a human-centric solution to
access, manage and share personal data.
Cozy Cloud is a personal cloud you can host, customize and fully control.
Sync your contacts, calendars and files between your devices and your
personal server. Add your own services to leverage your personal data.
Synergetics is developing Personal Data Ecosystem platforms,
based on international standards, ontologies, and big (personal)
data. The solutions aim to innovate Life Management processes
supported by intelligence and end2end trust assurance.
Glome is a new era relationship management service to help businesses
improve user acquisition and retention. We remove the login while gaining
insight to user behaviour across multiple devices with soft accounts - no
sign-up, no installations, no friction.
A mobile application for everyone to own their personal digital
identity for communicating, connecting and browsing the web
independently. People can tie information to their identity,
regardless of where it is stored. People can secure the data, yet
share it directly between peers in mightily flexible ways.
Your data belongs to you. So when it is sold, you should be the one that
benefits. With Handshake you can.
Your personal information – under Your control, with Your
consent, for Your benefit. PAOGA App creates a unique
certificate (key) which is stored on your computer and is required
for you to access your PAOGA Personal Cloud and all the
personal and private data, documents and files that you are
protecting.
User-Managed Access is an OAuth-based access management protocol
standard. The purpose of the protocol specifications is to enable a
resource owner to control the authorization of data sharing between online
services on the owner’s behalf or with the owner’s authorization by an
autonomous requesting party. This has privacy and consent implications
for web applications and IoT.
Antti “Jogi” Poikola
Kai Kuikkaniemi
about.me/apoikola
LinkedIn
@apoikola
@kaikuikkaniemi