Open up to the GDPR and the IoT

The bridge to GDPR compliance

During our round-table on the General Data Protection Regulation (GDPR) we explained technological compliance in terms of a bridge metaphor. It’s 50% about Alice, our name for the citizen, and 50% about the organization, referred to as BizCo.

The GDPR tells organizations that Alice takes primacy when it comes to personal data. Yet Alice cannot be best served by a panoply of enterprise IT solutions for her side of things (the clue is in the name, “enterprise IT”). We need to help Alice help us by equipping her with her own half of the bridge. Indeed, doing so amplifies the investment the organization makes its side of the bridge, as anyone who has tried to cross a chasm with just half a bridge will testify!

The BizCo attempt

If each and every BizCo attempted to bridge all the way to Alice, that would leave her in the impractical position of maintaining dozens of different instances of privacy parameters, each designed and presented under varying interpretations of regulation. Just imagine she decides to tweak her parameters; she faces having to invest hours of her time, effectively leaving us all with nothing but a mess of meaningless compliance.

The third party attempt

Now imagine some companies take it upon themselves to offer “GDPR solutions” to BizCo, say every EU mobile operator for example. (I’m talking about Alice’s side of the bridge here, not BizCo’s internal systems.) Not only is Alice not tied to any one of these per se, but now we’re in the impractical and potentially expensive situation of BizCo having to subscribe to them all in order to make sure to have the one Alice uses. There are more than 500 million EU citizens.

The open approach

How much simpler, cheaper and more valuable to develop and adopt non-profit, non-differentiating technology to help every Alice help every BizCo comply. Technology that every BizCo can seed with Alice simply because they already feature in her digital life. And because it’s part and parcel of the deeper hi:project vision, it disintermediates the (data-oriented) relationship between Alice and BizCo, indeed between us all, improves accessibility and inclusion, and re-decentralizes the technological architecture to boot.

Subsequent to the round-table we drafted the following table to portray the differences between three approaches to technological compliance with the GDPR. The row titled “complication” reflects the main thrust of this post so far, and I finish here reflecting on the last row.

in-house proprietary hi:project
openness closed closed open
community solitary solitary community, inclusive
collaboration none n/a collaborative knowledge sharing
centricity org-centric org-centric human-centric
complication complication for Alice complication for BizCo, and probably Alice too simpler for both Alice and BizCo
context narrow narrow central to the deeper hi:project vision
competence not core competence core competence core competence
leadership merely compliant merely compliant compliant and demonstrating leadership beyond today’s regulatory environment
standards process observing via vendor the perfect forum to co-lead standards development
geographical intent EU EU global
marginal cost (toll) per relationship pa $ zero > $0.50 $ zero

Citizen-centric or brand-centric Internet of Things

This week Google announced Brillo. Perfect timing to exemplify that last table row.

Google’s ARPU (average revenue per user) in 2014 was US$45. If we all do business with 90 different organizations that means our attention via Google is worth $0.50 to each organisation per annum on average. We could easily contend that our consent and corresponding data is worth magnitudinally more than our occasional attention, but let’s take $0.50 per person per annum as our baseline.

How many millions of EU customers do you have?

Brillo is the perfect vehicle for Google as Internet of Things tollkeeper, a move straight out of the Android playbook, literally. As the Wired article (the link above) states, “Google also wants to use Brillo to refine the IoT user interface.”

With the hi:project, everything gets an interface because the citizen brings her own. She does not then need an intermediary to share some personal data with others.

What do you think? (Please note that we moderate comments to keep quality up. We always accept comments made politely, in good faith, and preferably quoting references in support of any assertions. The use of disposable email addresses in this context tells us you consider your contribution disposable too.)