Who owns my data?

Schluss, a Dutch startup, is not exactly a company; it is a movement as well. Schluss is developing a new data solution in which the individual is in control of providing access to personal data. The concept of their ambitious plan: companies and institutions should no longer store personal data in their own systems; citizens and customers are in control over their own personal data.

A consumer buying a new car nowadays, should probably read the contract carefully that comes with the new vehicle. A spare tire and an old-fashioned car key may not be included anymore, but modern cars will be loaded with software instead – software for motor management, monitoring technical systems and parts, and communication with the car manufacturer. They are much more than just four wheels and an engine. These days, cars come with apps and an IP address and behave like a computer on wheels.

How to keep track?

Similar to the car buyer, patients visiting a hospital, consumers creating a Facebook account, inhabitants registering for affordable housing, tax payers filling in their tax forms and consumers enrolling in loyalty programs: they all share personal data, most often without knowing exactly what happens with the data they provide. They use facilities, products or services that include the exchange of data. Institutions and companies are subject to privacy laws that define what they are allowed to store, process and share with others. These companies and institutions are well aware that they have personal data in their possession. But for us, as individuals, it’s very hard to keep track of which data we have shared with third parties. Indeed/In fact, in most cases, after many years we don’t have a clue of what we have shared or even who knows about our existence.

SchlussMarie-Jose Hoefmans, a Dutch startup based in Amsterdam, is trying to deal with this issue by introducing a data solution in which the individual is in control of providing access to personal data. “We’re not exactly a company, we’re a movement as well”, says Marie-Jose Hoefmans, one of the founding partners. You could consider their strategy to be extreme ambitious. Their solution would imply that companies and institutions should no longer store personal data in their own systems. So, each Schluss user has its own data safe and would have the final say as to what data a company is allowed to use. In this reversed model, individuals instead of companies have control of their own section within the Schluss data center. Furthermore, they have the opportunity to withdraw permission to use specific data. The same model would apply to other companies, e.g. health insurers, car manufacturers and utility companies.

Managing your personal data: promising business model

The concept Schluss is developing is not unique. A few years ago, Qiy, another Dutch company, launched a similar concept with the privacy issue as the catalyst for starting up. A few years ago, ANWB, the Dutch automobile association, introduced a virtual ‘data safe’ for its members, where personal and official documents such as insurance policies can be stored. The reason for doing so was to save time for all parties involved during the administrative hassle after an incident. Similar services, which focus on convenience and efficiency, are offered by certain banks. In other branches as well, convenience and efficiency are the main drivers for centralization of data. In healthcare for example, institutions and insurers have been working on the introduction of nationwide electronic patient record systems. Western governments, well aware of the fact that different parts of governmental departments are using the same type of information, have even come up with policies and laws that explicitly prohibit governmental organizations to ask more than once for the same type of personal information.

Data make the world go round

schlussThe idea behind the Schluss concept that each individual is owns his or her personal data, sounds sympathetic from a consumer’s point of view. However, the Schluss model is being introduced at a time when companies are coping with digital transformation. In order to stay competitive, businesses can no longer just rely on product quality and/or cost leadership. One could say that data is the ‘oil’ of the 21st century while software is the engine that adds value to that data. Fast and full access to data is crucial for businesses. To increase their capabilities in responding quickly to ever changing market conditions, companies are rationalizing their IT landscape, e.g. getting rid of legacy software, and migrating to cloud computing, which offers more flexibility than traditional IT solutions.

Cloud computing implies that data is no longer stored on the company’s premises. Companies using cloud computing share data-center capacity with other cloud users. They don’t know the exact location of their data; they only know the name of the cloud provider and how to get access. How does the Schluss model fit into this ‘data allocation challenge’? In general, boards prefer private cloud solutions when sensitive data is involved. So, a private cloud is – in effect – ‘your own data center outside the company premises’, managed by a third party. Companies do feel that cloud computing is here to stay and they are in the midst of migrating to the cloud, taking adequate measurements with respect to data security and privacy. The Schluss solution might be too radical at this point in time. Firstly, companies would have to move their data to another cloud and, secondly, they would ultimately have to hand over the authority to consumers as data owners.

Consumers: privacy paradox

Companies might be reluctant to take these steps, as can be concluded from the difficulties Qiy is encountering at present. Unlike Schluss, Qiy does not store personal details centrally. The Qiy software gives individuals full control of the way in which companies and institutions are allowed to use personal data that is stored in company systems. Until now, Qiy, which was founded in 2007, does have many co-founding partners, but it seems to lack actual users. Are companies really willing to hand over control to customers when it comes to access to personal data? For consumers, the opportunity to control personal data should be important. However, to date, consumers seem quite satisfied with the current situation, i.e. not knowing what data companies and institutions have in their systems.

Hoefmans is convinced that this opinion towards privacy is changing. She refers to recent research of TNO (2015), which demonstrates that Dutch consumers make balanced decisions when it comes to data sharing. Consumers take into account what they will get in return when sharing data with companies. When a third party is just making money with consumer data, resistance to share data increases. On the other hand, TNO concludes that people care for privacy, but don’t act accordingly. This is called the privacy paradox.

Younger generations don’t care for privacy

Millennials Other research amongst Dutch students, aged 18-25 and carried out by Qrius (2016) shows that students appreciate their privacy, while at the same time are reluctant to take adequate measures such as frequently changing passwords or avoid using open wifi networks. Students also tend to underestimate the possibilities of employers when it comes to check work related communication (e-mail or WhatsApp messages) on company issued devices. Merely 9 per cent of the students knew about a new law on data leakages, effectuated in January 2016.

Meanwhile, Schluss will carry on, step by step. The end goal is “to give back the Internet to its users”. Winning the hearts for this idea might be possible; changing the minds might be more difficult. Changing actual online behavior? Time will tell.


Leave a Reply

Your email address will not be published. Required fields are marked *