We have all been trained over the last 20-25 years or so on ‘here’s how things work online’. 

The ‘user journey’ starts with the individual on a computing device that they own, rent, or perhaps have access to in work context.

They then wish to read/ engage with some content, or maybe buy something and ‘visit’ a site or app to do so. When they wish or need that engagement to be an ongoing relationship they then sign up for and sign into an online account.

That account is run by the organisation, and in it they manage their side of the relationship. That typically requires personal data then being managed by the organisation, which means the organisation is subject to privacy and data protection regulations to ensure this relationship data is respected, and that individuals retain and can enact their rights over this data as granted to them in the same regulations. The terms and conditions and the privacy policy are defined by the organisations. The former is a description of the product/ service being delivered via this digital relationship, and any terms around that (e.g. pricing, accessibility, renewals). The latter is to demonstrate how the organisation meets their compliance with the privacy and data protection regulations obligations. Sometimes personal data exchange is also included within the terms and conditions; this is typically a free form contract, so there is no set format. Nor is there a standard for the privacy and data protection policy, each organisation creates their own, with no defined template.

That will change, more on in another post as the MyTerms standard emerges.

The point we are raising now is that the above model is not the only way these digital relationships can run. We believe there is a better way emerging, with DataPal and other ‘data intermediaries’ enabling it.

To understand the change that is now possible, it is worth looking in more detail at that actual flow above.

What actually happens when a person wishes to access content on a web site is that their browser (aka ‘client’) sends a message the server run by the organisation that is making the content/ products available. That message says ‘please send your content pages over to my browser which is on my device’. So, the content flows to the person’s local device, along with other items like operational and tracking cookies. But any data entered or generated on the ‘client’ flows back to the server; that is how the personal and generated data comes to now be within the organisation, and thus needs to be protected by regulation. And the rules and tools that enable management of the ongoing relationship are set and controlled by the organisation involved.

The situation is very similar when using ‘apps’, whether mobile, tablet or PC based. The app is formed as a wrapper around browser type functionality. Data flow is the same, person on their device download the app (engaging with the apps store/ mobile OS along the way) and then sign-up to a relationship and in to a server. Their app then acts as client, pulling content and functionality to the local device whilst the data entered and generated flows to the organisation.

In technical terms, that model is known as ‘client - server’. The server sets the rules and the client engages within the scope and with the functionality allowed them.

That is the model that underpins pretty much how all of the individual experience of The Internet runs. Organisations set the rules and provide the relationship tools and terms; individuals do as they are allowed. As individuals we have no option but to hop from one silo (server) to the next; doing as we are allowed, and giving up our data to be managed and used by organisations.

However, it does not have to be this way. DataPal is about a different model. One in which:

• Websites and applications (including AI agents) come to the individual’s data rather than the data only going to the organisation.

• The individual has much more control over what data is going where, and why.

• Websites and apps that agree to this model can, with permission, have access to a richer, deeper, more accurate data-set, and a reduced compliance burden.

It is best to think of this emerging model as ’Server - Server’, or in fact a network model in which all parties are peers and have strong capabilities.

But how then does an individual gain access to these higher end capabilities and the agency they bring?

We think there are two answers to that:

The first, in the technical sense, the ‘age of AI’ has completely changed the art and the cost of the possible. That, along with the general drop in cost of cloud based computing and the high specifications available in modern smart phones mean that people already have the basic infrastructure for what is required above, or can be provided with that as a service at very low cost.

Secondly, the rise of data intermediaries, and especially fiduciary ones as ‘a thing’ makes the above much easier to understand and deliver upon. A fiduciary data intermediary (e.g. DataPal) is an organisation/ service that works structurally on behalf of an individual. They exist to help individual gather, manage and use their data; and share it should they wish under their control.

At this stage it is likely wise for us to share an example of what we mean by websites and applications connecting to ‘My Data’ as opposed to the current model of my data going to the app and being siloed in there, and controlled by the organisation that runs the app.

Our reference/ demonstration app is called Travel Log. It is as simple as could be - it enables the individual to think about and manage just one data attribute/ fact, ‘I have visited this country’. The reason we chose that attribute is because that data is clearly self-entered, controlled and owned by the individual and non-contentious. And yet there is clear value in that data being used by other more evolved apps which allows us to demonstrate the benefits of individually controlled data.

The four screenshots below illustrate the key concepts of these human-centric apps.

We think that only seems a bit complex because it is not the current norm. Once the principle is established it will seem very normal. It is actually how data management works in most large organisations; data lives in a central ‘data warehouse’ and then can be read or written to by connected business applications.

But then comes the magic….

Imagine then that a second app developer has the idea to build ‘Country Rater’, an app that allows people to rate the countries they have been to, and which then recommends other countries that you may want to visit based on your past history and ratings. Benefits then emerge for both the individual and the app developer.

• For the individual, the benefit is that they can explore new applications and functionality without having to re-enter the data.

• For the app developer, they can get new users up and running quickly without having to re-enter data. And have the major benefit of not having to take on the security and compliance responsibility and tasks related to managing personal data.

Those benefits are pretty clear then. But imagine those extrapolated across many data types. How many times for example do we enter and re-enter our contact details, or our clothing sizes, or our favourite grocery shopping items; or many more.

In fact as this much more efficient model grows, apps and organisations will increasingly ask ‘do you have that data already?’ And when people can gather their data easily as they go along that answer will increasingly be ‘yes’.

Travel Log will be in the app stores shortly, as then will be a number of other human-centric apps that we are developing.

We can also now make that core software development kit available to developers who wish to build their own DataPal connecting app. If that is of interest then get in touch via our web form.