CDC DraftCDC5

Digitteria has the vision of a human-centric ecosystem, where data services are provided by a competitive private sector operating under independent, ethically managed, citizen-centric standards and rules that allow users to manage their identity and act as personal data management hubs when accessing internet services.

We believe there is merit in separating out identity control and personal data management from individual corporate service silos and that the market is now calling for solutions that balance data protection with innovative services that enable legislation and benefit consumers. Market winners will be organisations developing technologies that meet the needs of both individuals and enterprises in a new framework which is transparent, secure and personalised.

To realize this vision a new generation of products is required which embed privacy and security as core values within the applications themselves. We call this user permission based data sharing model a ‘Clean Data’ model where data is cleansed by filters of user permission and consent.  We believe in the need for a ‘Clean Data Charter’ that clearly outlines the demarcating lines of ownership for different classes of data and the rules around who should be able to do what with which data classes under which circumstances.  The Internet Foundation,  our sister NGO leads an initiative to establish such a charter with a comprehensive body of stakeholder representatives.

The Internet Foundation is a trans-Atlantic Non Government Organisation (NGO) dedicated to advancing the sustainable use of personal data in commerce.   The Clean Data Charter is the Foundation’s self-regulating framework outlining how industry should use personal information in a manner that is responsible, fair and sustainable.

The Clean Data Charter  (Published under Creative Commons Copyright – The Internet Foundation 2013)

Preamble:

The Clean Data Charter is a set of self-governing principles to be used by companies that wish to use consumer data commercially in a responsible and sustainable manner.  The Charter is underpinned by the 1980 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, the European Data Protection Act, the US Consumer Privacy Bill of Rights, the EU Cookie Directive and pending legislation such as the European Commission’s General Data Protection Regulation.  The Charter also goes further than current and pending law to include principles that acknowledge that value should be attributed to personal data, value which people should be empowered to transfer from themselves to others in a fair and equitable manner.

At heart the Clean Data Charter embodies three core principles: Privacy, Ownership and Consent. It takes its definition of personal data from the European Commission’s definition of: “any information relating to an individual, whether it relates to his or her private, professional or public life,” which can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, a computer’s IP address to non-operational meta data for any of the aforementioned.

 

The Principles of the Clean Data Charter

1) Ownership and co-ownership (O)

Companies must respect personal data as people’s owned or co-owned property

2) Access & Portability (O)

Companies must allow people to easily access their data and freely move it to third party platforms should they so wish

3) Control (C)

Companies must enable people whose personal data they hold to restrict and control who can access, process and use it

4) Consent (C)

Companies must receive explicit consent before processing a person’s data, transferring it to a third party or using it for new purposes other than those declared at the time of collecting it

5) Value (O)

Companies must acknowledge and recognise the value of people’s data objectively or enable it to be valued by market forces

6) Fair reward (O)

Companies must fairly reward people for sharing their data

7) Transparency & Notification (C)

Companies must be transparent and notify people of changes in their data’s use

8) Fair and lawful (P)

Companies must process personal data with people’s consent in accordance with their rights and use it in non-discriminatory ways

9) Privacy (P)

Companies must be respectful of privacy, anonymity and pseudonyms and not re-identify people who have chosen to use anonymous or pseudonymous identities

10) Secure and protected (P)

Companies must protect and securely manage people’s data that they collect

11) Purposeful (P)

Companies must obtain personal data for declared and lawful purposes only

12) Contextual (P)

When acquiring data companies must collect data that is adequate, relevant and not excessive for the declared purpose of collection

13) Accurate (C)

Companies must endeavour to collect data that is accurate as determined by the data owner and people must have the ability to correct data and bring it up to date

14) Finite (C)

Companies must not keep data any longer than necessary and must remove and delete it on request from the data owner

15) Arbitration (O)

When data disputes cannot be resolved companies must empower a recognised independent third party to arbitrate on behalf of the consumer and enterprise to reach resolution as quickly as possible.

 

Legend: (O) Ownership | (P) Privacy | (C) Consent