I attended MyData 2019 in Helsinki last week (25-27 September 2019) and, while it’s fresh in my mind, I’d like to share my impressions.
This year’s venue for the MyData conference was in the Katajanokka harbour area, at a venue called Wanha Satama. It’s a former trading goods warehouse building built in 1897, so it was fitting as a place to trade ideas, opinions and passions about a human-centric approach to personal data. It was a new venue for the conference this year and it worked well in hosting the various concurrent streams.
It was great to see a very diverse crowd. There were approximately 1000 attendees from 45 countries, with a wide range of expertise from business, legal, technical, design and societal perspectives.
MyData, as a movement, has been growing steadily since the first event in 2016. Regional organisations, called ‘hubs’, have been formed in 23 locations, as far and wide as Brazil and Australia. Everyone is focused on a common challenge that spans borders, legal jurisdictions and cultures. This was the fourth MyData conference in Helsinki – the momentum is continuing!
The conference is not based on any one product, protocol or technology, but more about the discussion around the handling of personal data in any ethical way. Cutting-edge ideas, prototypes and emerging implementations all have a space, including a lunch time demo arena. The name badge (see image above) underlined the understanding that this is not just a technical problem to solve – it is legal and societal – and must be backed by sustainable business models. Some also pointed out that, in many ways, an emphasis on ‘design’ must also be included and was missing from the badge.
The programme was very diverse, with every item in the agenda ranked towards the four aforementioned perspectives on the badge – ‘business’, ‘tech’, ‘legal’ and ‘society’. I thought this was a clever way to guide attendees on the focus of each session.
Of personal special interest were the sessions touching on Consent Receipt – a Kantara Initiative Information Sharing Working Group specification for a way to record evidence of what, when and with who a user has made an agreement with for their data processing.
Lots of demos!
I love a good demo! In conjunction with the lunch breaks on Thursday and Friday, an entire room was devoted to allow participants to see hands-on demonstrations of various products, initiatives and ideas.
Kantara Initiative’s Andrew Hughes was showing Consent Receipt demos in various forms, including Ubisecure‘s contributions of a prototype consent dashboard and API for Consent Receipt storage and querying.
I was happy to spend time with Mark Lizar and get a hands-on demo of Open Consent‘s privacy broadcasting technologies – creative solutions controlling online surveillance and securing our privacy at internet scale.
The data rights of children
The data rights of children and the responsibilities of their parents was discussed in a stream hosted by John C Havens – the Executive Director of IEEE. Through practical examples, he made the audience think of the current and not-so-distant future in which digital personal assistants and robots are recording and processing not the data of your household, but that of friends and visitors.
Powerful emerging building blocks for identity systems were also on show. Ken Ebert, Software Architect at Sovrin, presented Verifiable Credentials – a specification he is authoring as part of team, coordinated within the W3C. The specification is aimed at presenting multiple credentials by combining parts of individual credentials from multiple issuers, called Derived Credentials, into a ‘Verifiable Presentation’.
The standard supports the masking of data fields for selective disclosure using Zero Knowledge Proof techniques and the mapping of credential values into Boolean (for example, date of birth can be mapped into ‘over 18’ or ‘over 21’). Masking data fields is made possible through the Zero Knowledge Proof (ZKP) signature scheme by signing individual attributes as well as the entire credential. For more information, check out this page. The use cases are great to illustrate the complexity of some of the problems to be solved with this approach.
Lots of talk – but lots of action too!
At the end of each session, the audience was invited to comment on what practical steps could be taken to advance the topic of the session. I really liked this approach of a call to action and invitation for involvement. The event this year was, again, a great success and something for the MyData organisation to be proud of. Looking forward to MyData 2020!