We must talk about Data
A conversation with the Hub of All Things (HAT) about individual privacy in a digital world
The WorldLabs team sat down with Jonathan Holtby from the Hub of All Things. We had an extensive conversation about their mission to empower internet users to regain control over their data.
By Rute Costa
The WorldLabs team sat down with Jonathan Holtby from the Hub of All Things. We had an extensive conversation about their mission to empower internet users to regain control over their data. In an age where data privacy boundaries are blurry, and big corporations seem to know everything about our lives, it is reassuring to know that researchers are working on alternatives, and crucial that we learn as much about them as we can.
Rute Costa: The first and most obvious question is, what is a HAT?
Jonathan Holtby: The most concise answer is that a HAT is a way to own your own data. It’s a piece of technology that an individual can own, and that they can use to log in to websites, or apps, or services, instead of having the company that built the website, app, or service store that information on their behalf.
Data today is corporate-owned. The end result of that is a slightly more restrained digital economy than it could be, and a slightly less empowered individual consumer. If we shift the balance, giving the individual consumer the capability to store information on their own behalf, they gain a little bit of that power back. If we then build infrastructure around that consumer, so that they can use their information for themselves in whatever way they choose, they gain more and more power. So that’s the core of what we built.
RC: What is the story behind it?
JH: Four or five years ago now, almost four million pounds of research funding came together from the EPSRC and UK Research Councils to investigate challenges in the digital economy. Since then, a lot has happened – changes to the European regulatory landscape, the advent of GDPR (the General Data Protection Regulation), the growth of large-scale data breaches in corporate organisations.
Our conclusion has been that there is a fundamental imbalance between the value of information on a mass scale to organisations, and the understanding that we as individuals have about what our data is being used for, how it works, what it even is, and how valuable it can be. The individual, we found, is sometimes something of a silent actor in the digital economy: they don’t get to choose to play a role, they’re forced to. They want a service from Facebook, and so they give away all of their information (not knowing what they are giving away), and think they’re getting that service for free.
We could fIx that imbalance by giving the individual more power, which is what has led us to creating HAT technology. We now have a suite of software that lets any organisation build software in a way that allows the individual to be the person who owns their own data. The corporation can still do all of the things that they want to do as a corporation, but the locus of control, the centre of power, is now in the hands of the individual customer rather than in the corporate database.
“The individual, we found, is sometimes something of a silent actor in the digital economy: they don’t get to choose to play a role, they’re forced to.”
RC: So the HAT is a personal microserver for owning your own data, a database that you own and control as an individual. But what happens when you are a HAT user and you want to share your data with an organisation like Google – is it a loan, do you get it back? How does that work?
JH: Today in tech, information normally flows from one place to another in exchange for something of value – commonly a good or a service that provided by an app or a website. Under the status quo, information flows from the individual to the corporation (say, Google, for example) when a user carries out an action like filling out a form, or accepting an account or license agreement.
Now, if I wanted to say to Google, “here, take all my banking information and see if you can find me better search results when I’m looking for car insurance”, it’s not physically possible for me to do so. I don’t have access to my banking information in a way that Google can use it for myself. I would have to go to my bank, ask for it, and then somehow plug the banking information into Google, and make them talk to each other.
HATs are intended to fix that. They are supposed to be a place where a person can say for themselves: “I have all my information in my HAT, I want to give some of it to somebody else”. They set up specific permissions with Google, and when those are set up, Google can access it straight from them, the source of the data – they don’t have to go to the bank. This way we’re always in the loop.
Technically how we do that is fairly straightforward: the HAT is a containerised database, and sticking out of it are what are called “open APIs”. Apps and websites that have permission can access HATs through those APIs to download information out of them, or HAT owners can go to the organisations that have data about them and request that those organisations put it in a HAT so that they have a copy for themselves as well.
RC: But answer me this – once data goes out of a HAT, is it out for good?
JH: Personal data that is outside of a HAT is out for good – you have to trust that the company who owns it at that point is doing responsible things with it. The individual has to take on the heavy burden of trying to understand how private they want to be in the world.
There’s a lot of information about me that I don’t actually want to be out there. And if I had a choice, I could say to whatever company I was working with: “the services that you’re offering are not worth me giving away this information”. But we don’t have the ability to even make these decisions right now. So, the HAT is primarily an empowerment tool, the ability to make some of those decisions for ourselves.
Shifting the way we think about data is only possible when the individual has a data resource that they’re keeping for themselves. We provide that empowerment layer.
Flavio Signorelli: You can give access to corporations to get part of the data. Is there any way to say: “I don’t want you to get that data anymore”? Let’s say Facebook stored my data and now I no longer want that data there.
JH: Yes there is. One of the most interesting things about how the economy happens to have evolved today is that we have these user license agreements that you have to sign upfront to get a new service, and when you do those services are given more or less carte blanche control over that information. We sign things with one little checkbox and everything goes out the door.
An individually-empowered data resource would offer different kinds of engagements as an alternative. You can still have user license agreements that give that carte blancheaccess, but neither corporations or individuals are forced to. Instead, perhaps, you might sign an agreement with a Facebook-like entity that says, “I want you to have this information for the amount of time that we’re working with each other, I want you to have it only in these increments, and if you do anything bad with it, I want to know and be able to end the agreement”. Functionally, those contracts might even look exactly the same to the individual as they do now. But with them, because the individual would be the ultimate owner and controller of their data, they would be able to take it away if they felt mis-served.
There is a term that our Executive Chairman likes to use: ‘the lost generation’. It describes an entire generation of people who grew up in a time when privacy laws were not well-enough defined, but technology companies were becoming pervasive. The information that is out there about that generation is not coming back. That’s now their reality. The next generation sort of recognised what had happened to the generation before, and is now more conscious about how they use their data, and who they share it with.
Our goal is to ensure that every generation after that has that level of empowerment. And that means not so much solving things on the individual side – though that’s important – but more solving things on the business side. If I am a credit provider, I want information about you to be able to give you a brilliant credit score that is cheaper, faster, better than anyone else’s. I need the information to be able to deliver that service, but the data is actually a liability for me. So, if we can make it possible for companies to access the data without compromising their privacy and security, then we will.
“There are very good reasons why tech giants would want their individual customers to own and control their own data.”
FS: Companies like Facebook and Google have this massive amount of data, that they are getting for free, and it’s a massive profit centre for them. Why would these companies change to HAT technology, why wouldn’t they oppose it?
JH: There are very good reasons why tech giants would want their individual customers to own and control their own data. The closer Google – or any company – gets today to who we are, the weirder we feel about it, because these technology companies are essentially stalking us when we’re online. Even if we give them permission to do it, we don’t like it.
But if we inviting these into our house, rather than having them peering in through the windows from outside, then it becomes a different relationship.
It can also be a massive liability to companies to store and protect personal information. Every year, we see this ongoing fight between the companies that build walls (encryption software, etc), and the people who try to scale them (hackers, etc). At some point we may well find that even Google will say that it’s just too much of a liability to hold all of this data themselves. They want access to it, so that they can provide good services, but they don’t actually need it, it’s not valuable to them. If all that data is just purely sitting in a database somewhere, not in use, it is pure cost. Data is only valuable in use. And so ultimately I don’t think it will be a very big decision for most companies to say: “you’re going to give me the same level of access to information that I had before, plus access to some brand new information I never had access to before, and you’re going to wipe that whole cost of maintaining these server farms and security processes off of my balance sheet? Yea, that sounds cool, let’s do that”.
Jonathan is hopeful yet always realistic. The HAT team are aware that we, as human beings of this ‘lost generation’, are inevitably digitally and technologically bound, and that any change at this point for us would merely loosen the ties. As I write this, I notice that Facebook is showing me, on their suggested adverts, the kitchen lamp model that my mother researched on her iPad the other day. I don’t remember ever looking it up on my online account, and I have no understanding of how Facebook got that information. It is scary, vast and complicated. The HAT (Hub of All Things) is a glimpse into what the future of the internet could be: one where the individual has control over their own data, and is less scared that Big Brother may be watching them. Jonathan observes that, ultimately, as internet users, we have to ask ourselves: ‘How important is information about who I am as a human being to the creation of a vibrant digital economy?’
Jonathan Holtby is the Community Manager for the HAT Data Exchange Ltd, and the early-stage growth lead for Startups at the HAT Accelerator.
Rute Costa is the Communications Lead at WorldLabs.
Flavio Signorelli is the CTO at WorldLabs.