Throughout grades 1 through 6 at Public School 79 in Queens, New York, the teachers had one universal command they relied upon to try to quickly gather and organize the students in each class during various activities. They would announce “Single file, everyone”, and expect us all to form a straight line with one student after the other all pointed in the same direction. They would usually deploy this to move us in an orderly fashion to and from the lunchroom, schoolyard, gym and auditorium. Not that this always worked as several requests were usually required to get us all to quiet down and line up.
Just as it was used back then as a means to bring order to a room full of energetic grade-schoolers, those three magic words can now be re-contextualized and re-purposed for today’s digital everything world when applied to a new means of bringing more control and safety to our personal data. This emerging mechanism is called the universal digital profile (UDP). It involves the creation of a dedicated file to compile and port an individual user’s personal data, content and usage preferences from one online service to another.
This is being done in an effort to provide enhanced protection to consumers and their digital data at a critical time when there have been so many online security breaches of major systems that were supposedly safe. More importantly, these devastating hacks during the past several years have resulted in the massive betrayals of users’ trust that need to be restored.
Clearly and concisely setting the stage for the development of UDPs was an informative article on TechCrunch.com entitled The Birth of the Universal Digital Profile, by Rand Hindi, posted on May 22, 2018. I suggest reading it in its entirety. I will summarize and annotate it, and then pose some of my own questions about these, well, pro-files.
The Need Arises
It is axiomatic today that there is more concern over online privacy among Europeans than other populations elsewhere. This is due, in part, to the frequency and depth of the above mentioned deliberate data thefts. These incidents and other policy considerations led to the May 25, 2018 enactment and implementation of the General Data Protection Regulation (GDPR) across the EU.
The US is presently catching up in its own citizens’ levels of rising privacy concerns following the recent Facebook and Cambridge Analytica scandal.¹
Among its many requirements, the GDPR ensures that all individuals have the right to personal data portability, whereby the users of any online services can request from these sites that their personal data can be “transferred to another provider, without hindrance”. This must be done in a file format the receiving provider requires. For example, if a user is changing from one social network to another, all of his or her personal data is to be transferred to the new social network in a workable file format.
The exact definition of “personal profile” is still open to question. The net effect of this provision is that one’s “online identity will soon be transferable” to numerous other providers. As such transfer requests increase, corporate owners of such providers will likely “want to minimize” their means of compliance. The establishment of standardized data formats and application programming interfaces (APIs) enabling this process would be a means to accomplish this.²
A Potential Solution
It will soon become evident to consumers that their digital profiles can become durable, reusable and, hence, universal for other online destinations. They will view their digital profiles “as a shared resource” for similar situations. For instance, if a user has uploaded his or her profile to a site for verification, in turn, he or she should be able to re-use such a “verified profile elsewhere”.³
This would be similar to the Facebook Connect’s functionality but with one key distinction: Facebook would retain no discretion at all over where the digital profile goes and who can access it following its transfer. That control would remain entirely with the profile’s owner.
As the UDP enters the “mainstream” usage, it may well give rise to “an entire new digital economy”. This might include new services such as “personal data clouds to personal identity aggregators or data monetization platforms”. In effect, increased interoperability between and among sites and services for UDPs might enable these potential business opportunities to take root and then scale up.
Digital profiles, especially now for Europeans, is one of the critical “impacts of the GDPR” on their online lives and freedom. Perhaps its objectives will spread to other nations.
- Can the UDP’s usage be expanded elsewhere without the need for enacting GDPR-like regulation? That is, for economic, public relations and technological reasons, might online services support UDPs on their own initiatives rather than waiting for more governments to impose such requirements?
- What additional data points and functional capabilities would enhance the usefulness, propagation and extensibility of UDPs?
- What other business and entrepreneurial opportunities might emerge from the potential web-wide spread of a GDPR and/or UDP-based model?
- Are there any other Public School 79 graduates out there reading this?
On a very cold night in New York on December 20, 2017, I had an opportunity to attend a fascinating presentation by Dr. Irene Ng before the Data Scientists group from Meetup.com about an inventive alternative for dispensing one’s personal digital data called the Hub of All Things (HAT). [Clickable also @hubofallthings.] In its simplest terms, this involves the provision of a form of virtual container (the “HAT” situated on a “micro-server”), storing an individual’s personal data. This system enables the user to have much more control over whom, and to what degree, they choose to allow access to their data by any online services, vendors or sites. For the details on the origin, approach and technology of the HAT, I highly recommend a click-through to a very enlightening new article on Medium.com entitled What is the HAT?, by Jonathan Holtby, posted yesterday on June 6, 2018.
1. This week’s news bring yet another potential scandal for Facebook following reports that they shared extensive amounts of personal user data with mobile device vendors, including Huawei, a Chinese company that has been reported to have ties with China’s government and military. Here is some of the lead coverage so far from this week’s editions of The News York Times:
- Monday, June 4, 2018: Facebook Gave Device Makers Deep Access to Data on Users and Friends
- Tuesday, June 5, 2018: Facebook Back on the Defensive, Now Over Data Deals With Device Makers
- Wednesday, June 6, 2018: Facebook Gave Data Access to Chinese Firm Flagged by U.S. Intelligence
2. See also these five Subway Fold posts involving the use of APIs in other systems.
3. See Blockchain To The Rescue Creating A ‘New Future’ For Digital Identities, by Roger Aitlen, posted on Forbes.com on January 7, 2018, for a report on some of the concepts of, and participants in, this type of technology.