Exploring the nascent personal data {portability, sharing, mobility} market models, players and positioning.

{portability, sharing, mobility} this is used to provide the widest possible coverage of models and thinking. Portability that the data can move, sharing data as the ability to have access but does not need to move, and mobility as in the data is decentralized


Any discussion about personal data leads to opinions being shared about what it means (to someone) based on the position you start from; a personal view is different from a groups view, which is different from a citizens view and different again from an enterprise views. Inevitably there is a heated exchange as one of the parties believes in the purity of their view(point) and model to create a utopia and panacea for everyone.

Once we grasp that there are massive gaps, voids and value in any of the starting positions; adding the complexity of assumptions, experiences and data itself, we can look at the different approaches and debate the wide range of solutions. The purpose of this post is to provide a framework to move on from a “single unified theory of personal data”

Below in figure 1, is not an exhaustive list, but one that sets out some of the issues which creates friction when talking about personal data (digital footprints, exhaust, pixy dust, whatever.) A critical one, which is endlessly debated, is the “ownership” of data, and as a specific topic it is explored in much more detail in this long post here at Data is Data

Figure 1. Dilemma’s of data

It is important to differentiate between a number of closely related ideas ahead of diving into the specifics of the data {portability, sharing, mobility} market. These are set out in figure 2 below. The focus here is Data {portability, sharing, mobility}, this is where the user requests their data (this is data about them, that they have given to someone) is given back as a copy. The copy should be secure and machine readable (GDPR.) If the company has added to a data set about you or performed analysis or acted on the analysis, this data is not covered for return to the user under existing legislation, as it was not created by the user and could easily be used to unpack investment and IP about a companies processes and algorithm. It is also highly likely that any data generated by analysis will mean little to an individual. Worth reading We Are Data as this explores how an algorithm will see you as 54% female and 38% male today - which may not align with your own thinking. Getting your own data back may not be that helpful (in itself)

Figure 2. Context

The focus of the framework presented later is just on data {portability, sharing, mobility}

The purpose of data {portability, sharing, mobility} is to grow the data economy by enabling the user to be in “control” of their own data. A direct consequence for a market full of data hungry companies from having access to data {portability, sharing, mobility} is that they can all get access to “better” data. In context better meaning: single source, wide, deep, rich, accurate, validated, proofed with providence, normalised. The individual data lake will be personal, private, secure and trusted. Sharing of this individual data is controlled by the user through consent.

A data economy will grow as the companies dependent on personal data will get access to richer data, whilst saving costs on storing, protecting and cleaning data. An excellent report on the status and market opportunity for data Portability was commissioned by DCMS and undertaken by CTRL SHIFT

Plotting the data {portability, sharing, mobility} market is difficult!

The two-axis selected for this representation of the market are about the user having control and the user experience of trust/ exploitation. Why these axes? If the purpose of data {portability, sharing, mobility} is to grow the data economy by enabling the user to be in control of their own data, then a base assumption is that growth will be fueled by (users/ consumer) feeling trust (in a company) and not exploitation (by a company), whilst feeling in more control of their choices/ data.

Plotting these as X and Y we get Figure 3 the Market Models and the effect / perception of branding and where the regulator wants the market to operate.

Figure 3 Market models

Opening observation. The majority of the existing models for data exist where the user does not feel in control and where the user feels exploited. Branding then takes this bottom left experience/ existence and makes the users (consumer) believe that we have more control or less exploited than we actually are. By example: Facebook gives the user preference controls over their data. Google gives you setting, Apple says data never leaves the phone. This does not shift any actual model, but through the power of perception/ trust and marketing many users feel more in control. Branding enables the players to provide an extension from where they actually operate. Google and Twitter per say gives services for free as part of a value exchange, so the user feels trust in the service (email) and not on how their data is exploited for commercial gain.

The regulators desire in this thinking is to provide a framework for a market where the user is in control and the user also feels trust in the service (for the right reasons).

The next step, before a mapping of the market, is to explore the intermediary models. Who are the intermediaries and why do they matter? The thinking is that whilst a handful of people in the world will be capable of collecting and collating their data ( and sharing it if they want) this is a such a difficult requirement that there will be a need for intermediaries who take this responsibility on, on behalf of the user/ consumer. In other words, a player who acts between the {data provider} (person with your data that you want a copy from) and the {data recipient} (the place where you want your data to go to)

There are lots of intermediaries already in the B2B space and a growing number in the B2C market. Therefore, the market will depend on intermediaries and we need to determine what they will look like – they are the brokers, agents, traders who enable data {portability, sharing, mobility} to happen without the user having to do anything.

Intermediaries have three types of infrastructure services which they can offer to the market, these are:

They act as a locker, store, vault/safe, or library of a consumer’s personal data.

The specific word chosen is very emotive and provide in the user’s eyes different ways of describing the same “type” of service – a place that the data resides. A locker being for the user like a locker with a key and unique to them. A store, like a store room – a big place where everything is keep and people have access. A vault/safe being a very secure place where only you have access and a library, somewhere that is well organized and your data is easy to find and share. They are all true and soon we will have a word that describes all these functions and that your data can be safely shared.

They act as a manager of your data

In this case the intermediary offers the user/ consumer abilities to control their data. These include rights (who has the rights to see, copy, share, delete, modify) data. Consent (whom have your granted consent to and on what basis) and Access Management (who can access raw data, all data, some data, just outcomes, or just receive results based on questions) The will also provide tracking and traceability of any changes and audit capabilities.

They act as a mechanism for monitisation

How your data goes from data to being valued to the individual. This can be direct payment, an indirect payment, a barter or trade or indeed more loyalty. The model for monetisation and how it works is just starting. Note – if the user does not receive any upside from their data, it means that the company benefits but the user does not. These monitisation models assumes the user gets to enjoy some of the benefit. If the user pays for a service, they are a different model.

These three capabilities, generate 4 models (as a matrix)

Model 1: the intermediary company only provides the Vault/ store/ locker/ library (the user will pay for this and there is no monitisation shown as the user does not benefit from the upside)

Model 2: the intermediary company only provides the Vault/ store/ locker/ library AND management solutions (the user will pay for this and there is no monitisation shown as the user does not benefit from the upside)

Model 3: the intermediary company only provides the Vault/ store/ locker/ library ND monitisation of data where the provider shares value with the user

Model 4: the intermediary company only provides the Vault/ store/ locker/ library AND management solutions AND various monetization models that are dependent on exploitation of the data where the provider shares value with the user

This is set out in Figure 4 below provides an overview.

Figure 4 The Matrix of capabilities and models

Opening up each of the capabilities up by examples of companies we can start to map the market.

Locker, Store, Vault or Library

As an intermediary in the data portability market, you have to provide a locker, store, vault or library where data from the data provider can be placed. It will have to be secure and private (these are basic hygiene factors and not explored here) This capability is the building block - without this basic capability there is no method to play. The options/ models for offering the locker, store, vault, library functions are:
  • You are a unique and different company to either the data provider or data receiver and act as an aggregator. You act as a new silo taking data in for the individual. (different company) Examples Google, Facebook
  • As a company you enable the individual to be their own aggregator, but act as a commercial enterprise in offering this capability/ service (personal but commercial) digi.me
  • As a service you enable the individual to be their own aggregator, but act as a non-commercial enterprise in offering this capability/ service (personal but non-commercial) Western Digital drive + Open Source s/w

A key tenet to the value of data portability [mobility] is that you have to be able to share the data. The problem with the language with lockers, stores, vault and library is that it does not imply sharing, they imply secure, private and long term closed storage. So we need to add to this basic function management capability for sharing.

Management capability

For any intermediary in the data portability market, management capability can be broken down into three core features ( there are many more but these are critical)
  • rights control. This is providing to the user the ability to have control over the rights of their data and that the rights are controlled from this service
  • consent certification. This is a store and management of consent receipts (approved or not) and consent passed on (layered)
  • access management. The control given to the user to determine who has access to their system to control their rights and consent

It is deemed necessary that an intermediary player will have to provide these three feature for them to have a credible offer in the market.

Monitisation of Data

It is probable that there are three core models which will support the Locker, store, vault/ library with management capabilities. There being
  • The user will pay for the service directly (paid for FIAT/ Crypto)
  • The user enters into a “fair” trade and or value exchange (trade / value exchange) (not free and give up everything)
  • The user is paid in a percentage or of the revenue/ contribution from the intermediary gaining an upside from the data (share %

Taking these models and plot them on a user (might/ could/ would/ should) feel about control and how that same user feels trust or exploited. Figure 5

Figure 5 Possible models


This is a framework and the purpose is to start the thinking and debate about the models, the regulators role and what the user wants. Indeed, many of the models you can place in every position depending on how you want to argue them, but if you argue one sits somewhere it means that the others move. The key point here is not the absolute positioning or if you agree, rather that the current models are not aligned to what the regulator or user wants, but there are models that do align – which is good news and they are the ones we need to unwrap and find support for.

Further reading

Trust needed is explored in this blog


Data Portability and some issues are here


Why Data Portability will change the Facebook Model