Designing for data ownership, control and regulatory compliance - for enterprises and individuals

Since its adoption in 2016, the General Data Protection Regulation (GDPR) has provided the inspiration and template for other regions to design and prepare similar regulatory approaches. In addition to conceiving and defining roles within a data economy, the text of the GDPR also lays down the principles which empower the individual (or, “data subject”) to exercise granular control over their data.

The changes required to be put in place by businesses as a result of GDPR have brought into focus both the pervasive nature of personal information and that the “data economy” is heavily dependent on unfettered access to such information - in aggregated and non-aggregated format. The presence of large data streams raises issues around data ownership, rights, consent, exchange and authenticity of data. And how each of these aspects is recorded and stored alongside the actual data streams in order to demonstrate a higher degree of compliance and good data governance.

At The Fifth Elephant, there are continuous efforts to understand and explore how the practitioners are dealing with the emerging challenges of data governance - both for businesses and enterprises as well as for the individual. The MyData Operators Framework is one approach which takes conceptually simple building blocks, uses a principles-based approach and offers data intermediaries a robust way in which to handle digital identity, permissions and the exchange of digital data. This human-centric approach - which puts the data subject front and centre - is necessary to build complex data governance flows which can be subsequently consumed under specific business and process domains.

In India, the recently published text of the Digital Personal Data Protection Bill (DPDP, 2022) has led to extensive conversations around the concept of “data protection”. The approach taken by the MyData Operators Framework is one model which can be examined to offer refinements to the text by ensuring there is robust recognition of the needs of the individual while balancing the needs of the industry which thrives around collection, processing, analysis and exchange of the data. This is important especially now that emerging technology trends grouped under Web 3.0 make it necessary to have a better grasp on the verifiability of data alongside the quality of the data available. The MyData Operators Framework also offers data intermediaries a new way in which to view the business processes - by elevating the focus on data verifiability in addition to the usual actions of data collection.

The two talks around MyData Operators Framework present a comprehensive “starter kit” - beginning with a deep understanding of the framework itself and then complementing it with an actual case study. These conversations are designed around ongoing efforts at The Fifth Elephant about creating better outcomes in the domain of data governance.