Global Data Protection Tsunami on Horizon
The biggest shakeup in European data protection regulation for twenty years will come into force in May 2018. The changes will affect any business that processes the personal data of European Union(EU) citizens. Those that fail to comply will be subject to fines of up to €20 million and risk significant reputational damage. The General Data Protection Regulation key changes are as follows: Firstly, the jurisdiction is global. Processing the data outside of the EU will not provide an exemption. Secondly, Businesses that fail to comply will be subject to fines. Thirdly, it must be easy for citizens withdraw their consent. Fourthly, citizens have the right to access their data and transfer it to another service provider. Fifthly, citizens can demand that their data is deleted and lastly data processing systems must incorporate privacy by design.
How should businesses respond and what are the solutions? One approach that is particularly relevant to the areas of wearable technology and digital health is to adopt the Coelition standard. This is a new open standard which attempts to balance the desire of businesses to exploit the opportunities of big data with need to protect the privacy of the consumer. This is primarily achieved by requiring that the data processing organisation(data engine) is a separate business entity from the service provider. Data processed by the data engine is identified with a unique personal identifier provided by the Coelition service. Only the service provider knows the identity of the consumer. This approach ensures that if data is illegally accessed from the data engine's servers, it will be extremely difficult to identify the consumer.
As well as incorporating privacy by design, Matt Reed and Joss Langford who lead the creation of the standard have taken a novel and valuable approach to encoding the data. Partly inspired by Virginia Woolf's essay on modern fiction it turns out that our lives at one level can be described using just a few thousand "atoms of behaviour". Similar in concept to a plant taxonomy, the Classification of Everyday Life(COEL) "atoms" include sleep, brush teeth, and play musical instrument for example. As well as the unique personal identifier and the behaviour, each atom also has a start time, end time, location and states how the data was collected. The responsibility for creating the atoms is placed on the device such as the smartwatch that collects the raw data. This is an inspired choice because it dramatically reduces the amount of data that must be sent to the cloud by approximately five orders of magnitude. This in turn means that the wearable's battery requirements are significantly reduced and if widely adopted could save our planet significant amounts of energy and resource on the server side. Their book "Data to Life" fleshes out the rationale behind COEL and deserves to be widely read amongst the wearable tech. and digital health communities and beyond.
Mark Catchpole. All rights reserved. Mark is a wearable technology consultant with Wearable Consultants based in Cambridge, UK. Please get in touch via firstname.lastname@example.org