Last week more than 700 professionals from all over the world gathered at Kultturitalo (The House of Culture) in Helsinki for the third edition of MyData conference. I was there.

What is MyData?

Yes, what is MyData? That was a question I asked myself for a while. In a nutshell, as their website explains, MyData is a community of professionals from various disciplines who follow a common goal: to empower individuals with their personal data, thus helping them and their communities develop knowledge, make informed decisions, and interact more consciously and efficiently with each other as well as with organisations. The core idea is that we, you and I, should have an easy way to see where our personal data goes, specify who can use it, and alter these decisions over time.

It sounds like a great cause that both Ubisecure and myself should be part of. MyData even has a podcast, hosted by Molly Schwartz who was emceeing the sessions at the main stage during the event.

After attending a few sessions of the conference, I heard a recurring point rephrased in many ways: every project should follow the “MyData Principles.” These six principles are:

  1. Human-centric control of Personal Data
  2. Individual as the point of integration
  3. Individual empowerment
  4. Portability: access and re-use
  5. Transparency and accountability
  6. Interoperability

The very first Consent Receipt interoperability demo

As you just saw, interoperability is one of the six MyData principles. In the last years Ubisecure has been actively participating in working groups lead by Kantara Initiative, a standardisation body focused on digital identity. In late February 2018 Kantara published the Consent Receipt Specification Version: 1.1.0, and in order to swiftly move from words to action, the Consent and Information Sharing working group decided to present an interoperability demo at MyData 2018.

Ubisecure participated with a demo web application “Ubisecure Bookshop” in which a buyer is asked if they consents to receive marketing emails in the future. At the consent page, the user had the choice to select “I consent and I want a consent receipt.” When that was the selected choice, the system generated a receipt so the Consent Receipt file was downloaded through the web browser. In order to visualise the contents of the file, there was a “Consent Receipt Viewer” application designed by Open Consent. Voilà, that was the very first time people could see this live. Other companies participated in this demo session too; either exporting or importing consent receipts. At the end of this fabulous demo session, the audience could see how organisations could import and view consent receipts generated by completely different organisations. Ubisecure firmly believes in open standards like Consent Receipt Specification, which will make consent more transparent for people.

Consent Receipt

Andrew Hughes from Kantara Initiative

The Future of Web

When I browsed the list of presenters, I was glad to see Mikko Hyppönen on the lineup. Knowing he is one of the best speakers not only in cybersecurity and privacy but also in the whole tech arena, I didn’t want to miss this chance. Hyppönen’s talk was on Thursday and titled “The Future of Web.” As user of the very first web browsers (Mosaic, Netscape) himself in the 90s, he asked himself and to others: “how are we going to pay for Internet?” He assumed that in the future all browsers would have a “Buy” button that would allow us to pay for content. That sounded logical, but never happened. Instead, today we’re paying with our privacy: companies track us and sell our data for money. My favorite story of the talk was about a guy who tweeted during a major Amazon S3 failure, and said “I can’t turn off my IoT oven.” Funny in some way, but scary too. We depend too much on a few dominating Internet companies. Fabulous talk, I wished we had many talks like this in every single conference.

Consent Receipt

(screenshot from

Interesting ideas and their realisations

On Wednesday, Kaliya Young from IdentityWoman gave an engaging and eye-opening talk “The Domains of Identity & Self Sovereign Identity” at the main stage. Someone in the audience asked: “how we ensure that no big company (Facebook, Google) will hijack the term self-sovereign identity and ship a product that offers just more about their current business models?” Young replied that we must define the term and protect it. As an analogy, she cited open source. Today no product can claim open source without receiving scrutiny by both a community and the open source initiative.

I also liked a laudable display of demos and PoCs of organisations that are taking the first steps to deliver MyData in Finland and in other countries too. Trafi – Tilaajavastuu have a MyData Wallet trial you can play around. Another is the Finnish National Agency for Education’s project KOSKI, which for instance a student can use to prove to her local Public Transportation Agency that I am a student without bringing a printed certificate. In another session Adrian Gropper showed a health project in the USA called HIE of One Trustee, which uses public blockchains, standards, and open source software to enable patient-controlled independent health records that can last a lifetime.

Since its inception, MyData has talked about how business, technology and laws can create this utopia. This year the organisers made sure that one more actor was added: Society. Fair inclusion, as nothing will happen if the society isn’t willing to adopt these solutions beyond what a bunch of well-meaning professionals will create. Now MyData is about BTLS.

MyData also had an unconference section called Open Space. It seemed it was lot of fun.

Overall, I had a positive feeling of the conference. Worth to mention the good number of female speakers (around one third) compared to other technology-dominated conferences. The best thing was seeing realisation beyond ideas and discussions: real organisations and companies showing their PoCs or upcoming products. Next MyData conference will be held in Helsinki on 25-27 September 2019. See you next year.


Want to know more about consent receipt? This blog explains all you need to know.