Before it became synonymous with Brexit, “take back control” was the catchphrase of London-based privacy startup Citizen Me.
The company allows users to collect their own personal data on an app, either by connecting it to their social media accounts or by completing surveys. Businesses can then pay users directly for this (pseudonymised) data.
Users are not getting rich: the global average remuneration is around £5 a month.
But the idea is that this gives the power over selling personal data directly to the customers, rather than the information merely existing somewhere in cyberspace to be hoovered by one tech giant or another.
The founder of Citizen Me, StJohn Deakins, describes his app as being “pro-privacy and pro-citizen” and says that the beauty of it is that businesses can easily tap into a network of willing participants.
“You mine it instead of it being in a lake.”
If you are a pet app, for example, Citizen Me can create a community of pet-owners, each individually contributing data from their personal data store. It is a different way of collecting data, says Deakins: “You mine it instead of it being in a lake.”
Stalk yourself on social media
Citizen Me is one of a number of personal data store startups which have the laudable goal of shifting control over personal data from data-gobbling tech companies like Facebook and Google, to the users themselves.
This comes amid growing unease among members of the public about the power that big tech companies wield by holding this data, and the benefits they reap. Personal data store startups hold that it should be consumers that “benefit” from their data — financially or otherwise.
Digi Me, another personal data storage startup in the UK, also has “take control” as part of its mission statement. The app downloads copies of user data from all online accounts, such as Facebook, your banking apps and health apps.
“One mother said that she just downloaded Social Safe and cried because she put her son’s name in and there was 4 years worth of memories.”
Before this venture, Digi Me founder Julian Ranger created SocialSafe, which now functions as an app within Digi Me and enables users to import all their data across social media platforms.
“People wanted a copy of their data, [just] to know,” said Ranger, who has a background in military IT systems. “I always remember one mother said that she just downloaded Social Safe and cried because she put her son’s name in and there was 4 years worth of memories.”
Now Digi Me users are asked to donate those memories to apps built on the platform.
Unlike Citizen Me and other personal data stores Meeco and Killi, Ranger’s app does not offer cash in exchange for insights. People distribute their data among different apps in return for services and analytics.
So far 100,000 users have downloaded and donated data to some quite niche apps including Retina Risk, an app that identifies sight-threatening retinopathy, FinLove, a dating app based on your spending habits and Happy Not Happy, an app that interprets your mood according to your social media posts.
According to Deakins, 50% of Citizen Me users download the app to earn cash but 50% want it simply to gain insights about themselves or to donate their data to charity.
As for concerns around data privacy, Deakins says that only “when people have had the application for a month for insights, the second driver becomes helping us take control of our data.”
Data isn’t an asset, it’s a liability
For an individual, having access to your data can be useful (e.g. a comprehensive and portable medical record) or just curious (e.g. what your Instagram food pics say about your personality).
But for companies, data is as much a liability as it is an asset, especially with the introduction of the European GDPR regulation on individual data protection. By keeping data on mobile phone devices, personal data store apps allow companies to extract insights from the crowd without needing to worry about data breaches.
“[Data] costs money to hold it and even more money to secure it.”
“[Data] costs money to hold it and even more money to secure it and if [companies] lose it they get big fines and you and I won’t do business with them,” says Ranger, adding that the decentralised set up encourages more sharing.
“You might be concerned about giving the data to a mental health app. But if the app is processing all of that data on your device and isn’t taking it off your device, why wouldn’t you share the data [analytics]?”
This, he says, would be especially helpful for startups without the infrastructure to store data or that don’t have the clout to negotiate access to sensitive data, for example, health records from the NHS.
Getting consent, shirking responsibility
While Digi Me and Citizen Me have put robust tiered consent-request systems in place, this does not automatically mean that the users have more power.
“It means putting managing privacy on individual users,” says Jennifer Cobbe, coordinator of the Trust and Technology Initiative at Cambridge University. “People are busy, leading complicated lives and you’re adding a cognitive load. Online privacy harms are systemic in nature. [This] individualises failures for data privacy.”
Non-expert users may not be able to break down the risks and responsibilities involved in giving away or selling their data to various companies via the personal data store. In the event of a security breach, Heleen Janssen says that there is a lack of clarity on who is to be held accountable: is it the app developer, the personal data store, or the consenting user?
“As soon as you share your personal data from your personal data store, you are no longer in control.”
Personal data stores are still based on the mining and monetisation of our online behaviour — it’s surveillance capitalism, decentralised and reshuffled.
Helen Janssen, a researcher at Cambridge University and former advisor to the Dutch government on data protection, queries the fundamental claim that personal data stores “empower” their users at all.
Now, the tagline on Citizen Me’s website reads “get real-life value from your life online.” The updated branding hints that the startup is primarily offering the user “value” — not control or privacy.
“They say data processing is in control of the user,” says Janssen, whose research centres on two personal data stores, Hub of All Things and DataBox. “[But] as soon as you share your personal data from your personal data store, you are no longer in control [of it].”
“It is hard to do data mining ethically because it involves mass surveillance.”
Deakins of Citizen Me counters that by using Facebook, our data is already being traded and so we may as well make it more transparent and open up the market.
However, Cobbe suggests that surveillance is a “toxic practice” that companies shouldn’t engage in: “It is hard to do data mining ethically because it involves mass surveillance and influencing of people’s behaviour, often without them knowing.”
Marcel van der Heijden, a partner at SpeedInvest, is open to the idea of moving on from surveillance. He said that he wasn’t considering investing in personal data stores but is interested in “approaches that aim to create different business models around personal data beyond the surveillance economy advertising-driven model, which may be starting to reach the end of [its] useful shelf life.”