The Business of Personal Data


Slack: #business

Short URL to this document:


Out from the silos - personal data for innovation

National platform to collect citizens’ data

Wrestle the GDPR – and WIN!

The Blue Ocean of Ethical Personal Data


Sitra IHAN®: Human-driven data economy

The Business of Personal Data

Will MyData be a thriving business ecosystem?

The track objective is to understand the possibilities of the MyData ecosystem to become mainstream and to create significant revenue within the ICT and digital services ecosystem. We are in the early adopter phases, no doubt. What are the possible future scenarios?

In the conference there will be one business track session on each conference day. These sessions build the core understanding of the emerging field of human centric personal data for the corporates, start-ups and investors.

Keywords: Disruption, venture capital, platform economy, business opportunities, digital transformation, value creation, personal data trade, personalised services, personal data exchange, Web 3.0


Wednesday: Alvar

10:45 - 12:00



Stuart Lacey, Pernille Tranberg, Jeremy Rollison


<b>Life after the Death of GAFA</b>

Stuart Lacey, Trunomi

GAFA have appealed to our most basic core instincts of our god (Google) our love (Facebook) our consumption (Amazon) and our vanity (Apple) – and have all lied to us: breaching privacy, intentionally breaking the law, avoiding taxes, eradicating jobs, destroying value.

Although they pay fines for, apologise for and blatantly claim otherwise – they do so to solely gain shareholder value acting more like lords over serfs and destroying the middle class.

At the root of all of this power play is OurData where we are the product. This session exposes the lies and corruption and explains the how, why and when of their imminent decline.

More importantly, it then sets the stage for the solution – the breakup of the big 4 and more importantly the rise for the next generation of competitors – those focused on the basic instinct of security – once taken for granted and now assailed from all sides with data breach, privacy, identity theft, disgust and ransom.

The bad news – it's about to get worse before the good news – in a non traditional and passionate call for a new paradigm. Where nation states decline, trust is the new currency, blockchain is a utility and sovereignty is individual.

Session is moderated by: Pernille Tranberg

Start        :                        10:45

Opening:                        10:47 (5 minutes, moderator)                 

Intro of presenter 1:                10:50 (3 minutes, moderator)

Presenter 1:                        ..

Q&A for presenter 1:                ..

Closing:                        11:55 (5 minutes, moderator)

End:                                12:00

More of a Q&A ->

Stuart -> sent over some questions /  emails

Jeremy ->

Program is a bit doomsday

-> should it be changed

17 mins each




Out from the silos - personal data for innovation

Wednesday: Elissa

15:00 - 16:15


Wil Janssen, InnoValor, host

Peter Eikelboom, Volksbank

TItus Sips, APG (t.b.c.)

Marlies Rikken, InnoValor


Human-centric control of personal data underpins the seamless flow of data between different services and domains. Breaking data out of the silos enables new innovations that can emerge also outside of the domain of the original data provider, but still serve the common customer. As an example: the customer might be willing to use her loyalty card data in a health app, health is not the business of a retail chain, but by opening up for external innovators, the retail chain may be able to create more value for its customer who uses the loyalty card. This session looks at why and how personal data could be opened for wider ecosystems and what is the disruptive power of such networked innovation, and looks at this question from a corporate perspective.

<b>Creating a personal data management commons</b>

Wil Janssen, InnoValor

PDM is a complex concept. Complexity can be reduced by creating a common, shared and open infrastructure of building blocks for personal data management.

In this session, we discuss different use cases and their relation with those building blocks. The uses cases cover both private as well as public scenario’s. Peter Eikelboom will sketch a pilot to transfer information on study loans through a PDM solution (Schluss) towards the bank for mortgages. Marlies Rikken will discuss a number of scenarios concerning applications for support from municipalities. Both types of scenarios will go live in autumn 2018 as part of the Digital We research project in the Netherlands.

Session is moderated by: Wil Janssen

National platform to collect citizens’ data

Thursday: Alvar

10:00 - 11:15


Jussi Heino, Pekka Kahri,  Jan Juslen, Teuvo Savikko, Pekka Mustonen, Ville Salaspuro, Markus Myhrberg, Risto Kaikkonen, Tapio Huomo


We have collected population based Surveys for decades in Finland. Mostly by Statistics Finland and National Institute for Health and Welfare. Moreover, other public sector institutes need interaction platforms to get the data from citizens. In Finland the most of the data collection concerns the patients health records after the contact in social / healthcare. The possibilities to use new IoT gadgets on this platform is also possible.

In the more recent projects like, KanTa services and mostly in ODA-project Finland has created a platform that contacts population. In this project there is possible to enlarge the scope cross sectional. This is the basic idea to put under discussion. Is there a general need that could be fulfilled with this "National platform to collect citizens data"? Moreover could we give more personal view and ownership to us as a citizen. This also gathers the basic idea of Sitras new launch of IHAN.


  • Jussi Heino, Statistics Finland
  • Pekka Kahri, National Institute for Health and Welfare, THL
  • Jan Juslen, Liikennevirasto
  • Teuvo Savikko, Espoon kaupunki
  • Pekka Mustonen, Duodecim
  • Ville Salaspuro, MediConsult
  • Markus Myhrberg, Lexia

Session is moderated by: Risto Kaikkonen and Tapio Huomo, Solita

Start        :                        10:00

Opening:                        .. (5 minutes, moderator)                 

Panel:                                ..

Closing:                        .. (5 minutes, moderator)

End:                                11:15

Wrestle the GDPR – and WIN!

Thursday: Studio

10:00 - 11:15


Keith Dewar, Minna Vakkilainen, Alex Cash


GDPR has presented challenges for many organisations – typically, knowing where to start in getting the data in their custody under control. There is not a one size fits all approach to complying. This session will explore the challenges that organisations face in understanding their data landscape and how they are attempting to meet the wider transparency needs of GDPR. Includes respect for the privacy of individuals’ personal data and their extended rights.


- Minna Vakkilainen, Kesko

- Alex Cash, OneTrust

Session is moderated by: Keith Dewar, MyLifeDigital

Topic Summary:

 GDPR has presented challenges for many organisations – typically, simply knowing where to start in getting the data in their custody under control. Consent is frequently reported in the UK press as the way to collect and manage data in order to “do GDPR right”. This gets privacy professionals up in arms: it is a blinkered approach to recording how the business is collecting, storing and processing personal data. Such lazy reporting ignores many of the most important aspects of GDPR:

  • the complexities of the regulation
  • the relationships that organisations have or want to develop with their customers
  • the fact that there is not a one size fits all approach to complying.

Justifying the processing activities of an organisation is a fine balancing act between tending to their business needs and respecting the privacy of an individual. If organisations are to take control of GDPR and make it work for them, individuals need to be given choice and control over the use of their data and be allowed to act on their rights.

This session will explore the challenges that organisations face in understanding their data landscape and how they are attempting to meet the wider transparency needs of GDPR, including respect for the privacy of individuals’ personal data and their extended rights.

A panel discussion with experts in a similar field would allow challenges faced and practical use cases to be explored.


J to introduce Minna and Alex and himself.  

Minna and Alex to provide a quick intro to themselves, their role and the organisation they work for.

Before we start – here is an impact question:

Please score the following statement?

GDPR with deliver a growth in consumer trust and increased revenues and profits for organisations who fully embrace it.

  1. Strongly agree, can see it happening already
  2. Agree, but 1-3 years away
  3. Agree, but at least 3 – 5 years away
  4. I can’t see GDPR impacting consumer trust or revenues
  5. No chance, it’s just a regulatory cost to organisations and therefore will impact profits  

Why Transparency, Accountability & Empowerment?  Use Twitter (if no slido, or similar for audience to ask questions, or hand up!)


How did your organisation, or clients [for Alex] view GDPR? Was it a case of retaining as much data as possible or seeing it as an opportunity to rid itself of unused data – concern of loss of revenue?

What was your organisations approach to identifying the personal data it held and the purposes it was using the data for?

Has there been a cost or operational impact on your business operations? What KPIs have you defined to measure the impact of the regulation? Have you identified any revenue/operational enhancements thanks to GDPR?

From a technology perspective, how have you helped organisations and what have been their challenges? [For Alex]


Whilst it is recognise that Consent is often seen as the most empowered route for the consumer and with so many ‘so called’ GDPR experts pointing their clients down the route of consent as the ‘only’ basis for processing personal data, what route did you take (or your clients).

How have they managed the consent / reconsent exercise? Has this led to a database decimation?

[Subject to answer above] - Was legitimate Interest, primary option for direct marketing such as analysis, (recognise consent is required under e-Privacy Directive for electronic communications).  J – provide his view from the Beyond Profit sector & Healthcare using Public Interest and Legitimate Interest.

Touch on training and documentation of processes, dpia, etc.


Minna: Are you intending (have you) to empower your customers to control their personal data relationship with you (or exercise their rights under GDPR)? Do you see this as an opportunity to build trust?

Alex: With regard to the organisations you have been working with, how much control do they want to give their customer? What are their challenges in the space?

What has been your approach to operationalising GDPR? E.g. overcoming data silos, Privacy by design?

Minna: Have you seen an uplift in SARs? How have you managed the right to access?

With data portability, there is the potential for loss of data, what are the expected impacts of this? How have you tried to mitigate this?

Has there been an uplift in engagement from customers? If these cannot be measured now, when do you anticipate being able to measure?

The Blue Ocean of Ethical Personal Data

Friday: Arkki

10:45 - 12:00


J Cromack, Arikia Millikan, Bianca Wylie, Kai Kuikkaniemi


The dominant, so far widely successful, business models in the field of personal data are based on mass data collection, analysis and targeting advertisements. We have seen evidence that the public opinion is turning more negative towards such practices and the models are also being challenged by regulators. On this mature market also the competition is fierce. This session gathers investors to discuss and debate on the potential of creating blue ocean markets where the strict data protection is not a hindrance, but the key driver for businesses. This session looks at why and how personal data could be opened for wider ecosystems and what is the disruptive power of such networked innovation, and looks at this question from a corporate perspective.

<b>The Great Data Takeaway: Loyalty programmes open to disruption?</b>

J Cromack, MyLife Digital

The Working Party 29 clearly states that any personal data (and associated data) collected and processed by automated means, and using consent or contract as the lawful bases, is subject to the 'right to data portability'. This will allow for data subjects to receive the personal data that they have provided to a controller, in a structured, commonly used and machine-readable format, and to transmit the data to another controller. For example, the titles of books purchased by an individual from an online bookstore, or the songs listened to via a music streaming service represent types of associated personal data that are generally within the scope of data portability - because they are processed under the contract lawful basis.

The presentation will seek to explore how disruptive this could be for traditional loyalty programmes. Transactional data collected by one controller could be transferred to another to demonstrate the data subject's value to them and immediately earn benefits. Together with the 'right to erasure' option available, we believe the loyalty sector will see significant disruption as previously unregulated markets suddenly need to open up their data - as already seen in the energy sector and the banking sector as a result of PSD2.

<b>Rescuing the News Media from the Entertainment Industry</b>

Arikia Millikan, CTRL+X

By adopting business models similar to the entertainment industry — using any means to capture the widest possible audience to profit from advertising revenue — the news media industry has crippled its ability to function in an evolving media landscape. I propose that the only way out is to explore and implement alternative online media business models to ensure journalism doesn’t go extinct.

<b>Sidewalk Toronto and Smart City Data</b>

Bianca Wylie, Centre for International Governance Innovation

Sidewalk Labs, sister company to Google, has partnered with a government agency in Toronto to create a plan for a smart neighbourhood, "built from the Internet up."  Nine months into the process many issues have been raised about data - what will be collected, how will it be used, who will own it, where will it be stored, and many more. As a Toronto resident that has participated in the process from the time it was announced I will share my experience so far, as well as five approaches to consider for residents and governments in other cities that may have a smart city development in their future.

Session is moderated by: Kai Kuikkaniemi


Friday: Alvar

13:15 - 14:30


Geoff Revill, Alastair Johnson, Masahiro Hanatani, Michele Nati, Mikael Rinnetmäki


This session will present latest advancements of MyData services from around the globe, with examples ranging from incubation of the data market to proof-of-concepts to revenue generating businesses. The presenters share key learnings and best practices for each phase, focusing on real scenarios, concrete data and key metrics derived from implemented business models.

<b>”Data Bank” in Japan</b>

Masahiro Hanatani, NTT DATA

Japanese government promotes “Data Bank” business in Japan. It is not the Personal Data Store. People “trust” their data to “Data Bank” with their consent. So “Data Bank” turns over it like fund manager. Why does Japanese government promote this business? Why do people in Japan accept this business? NTT DATA will support this business with our technology. So I explain what happens in Japan and how NTT DATA supports them.

<b>Citizen-centric innovation for the connected era</b>

Michele Nati, IOTA

IOTA Foundation is the not for profit foundation registered in Germany behind the Tangle, an open source permissionless distributed ledger technology. Known for its design fit for the Internet of Things and the economy of Things, IOTA is also engaged in MyData activities since 2016 and has in the past year expanded the spectrum of its industry focus to all smart industries it addresses including energy, mobility, ehealth, finance, smart cities and public sector. IOTA suggest presenting its recent work and universal and open approach to citizen centric innovation including engagements with research, startups, incumbents and public sector from Norway to Taiwan.

<b>Take back control of your data</b>

Alastair Johnson, Nuggets

Nuggets is an e-commerce payments and ID platform. It stores your personal and payment data securely in the blockchain, so you never have to share it with anyone – not even Nuggets. For consumers, Nuggets is a single, secure sign-on for payment, login and ID verification, with no tracking or selling of your activity.

For businesses, Nuggets will mean the end of vast, vulnerable databases of customer data, minimising the risk of regulatory issues.

<b>How to Build a Commercially Viable and Trustworthy MyData Social platform</b>

Geoff Revill, Krowdthink Ltd

The key to changing the internet towards a MyData model is to tackle the monetary driver, where for the most part we are currently the product that is traded and so we end up with a surveillance economy. We will walk you through how to build a social platform designed to demonstrate that respect for privacy can be adhered to whilst building a commercially valuable social platform, similar to Twitter or Facebook, yet at the same time fundamentally different, exploring opportunities incumbent platforms struggle to deliver. We will show how a MyData approach can unlock the commercial power of a personal data ecosystem.

Session is moderated by: Mikael Rinnetmäki

Start        :                        13:15

Opening:                        13:17 (5 minutes, moderator)                 

Intro of presenter 1:                13:25 (3 minutes, moderator)

Presenter 1:                        ..

Q&A for presenter 1:                ..

Intro of presenter 2:                ..

Presenter 2:                        ..

Q&A for presenter 2:        ..

Closing:                        14:25 (5 minutes, moderator)

End:                                14:30

Sitra IHAN®: Human-driven data economy 

(changed from Interoperability track)

Wednesday: Kultsa

12:15 - 13:30


Hanna Marttinen-Deakins, Mika Nikkola, Jussi Nissilä, Anni Ronkainen


Sitra, the Finnish Innovation Fund, the main partner of MyData 2018 conference, gathers together MyData-minded people to lunch session and panel Building blocks of the new “fair data” economy to hear about ideal data economy.


To fully tap the potential and opportunities that data bring, access to data needs to be improved. By creating an international protocol between end users, data providers and service providers, we can enable a data ecosystem where everybody wins. Companies can start to create and capture value by providing relevant services to customers by using data from one or more data sources with the consent of the individual – giving people control over how and what their data is being used for.

In this session we will discuss the main questions of how the data economy will create new business opportunities and benefit also the individual.

Anni Ronkainen, Executive Vice President, Chief Digital Officer from Kesko, will open the session.


Hanna Marttinen-Deakins, Business Finland

Mika Nikkola, Data Business Designer, Palmu

Jussi Nissilä, Development Director, Ministry of Economic Affairs

Anni Ronkainen, Executive Vice President, Chief Digital Officer, Kesko

Start        :                        12:00

Opening:                        ..                 

Closing:                        13:10

End:                                13:15

Call for proposals

To the above mentioned sessions we call for proposals that address issues including the following:

  • How do investors look at the space of personal data?
  • What makes or breaks the business opportunities of human centric personal data?
  • Cross the chasm, what is needed?
  • What will be business ecosystem look like?
  • Where are the market gaps?

We are interested in hearing from investors, institutional actors, GAFAs, corporation and startups about their views on MyData and personal data economy. What will the world look like in 5...or 25 years? We encourage industry insights from influential economic actors from traditional and digital economies, venture capitalists and public sector.

Workshop agenda 13.4.2018 Turin


Workshop agenda:

BIG PICTURE:  The MyData organisation only makes sense if it is benet to those, whose job it is to turn our vision of "empowering people with their data" into reality. Businesses like PIMS are in central role!

What is the connection of MyData movement and future organisation to the PIMS businesses?

SWOT of MyData for businesses.





SUBSTANCE: Let’s review the current plan from the PIMS perspective, does it make sense, what might be missing?

  • In Berlin we defined the common main goals for the network: Unified voice, Influence and Collective Knowledge. We decided to merge the PIMS round tables and the MyData conferences. We also decided to write the declaration of principles as the fundament of the network.

  • During the Aarhus meetup, we agreed to focus on use cases and interoperability, formalise the local Mydata hubs and advance towards incorporating the MyData organisation.

Let’s brainstorm the activities that would be important and meaningful in the future from the business perspective.

GET ORGANIZED: What to do next in practice. Mechanisms, governance issues, trusted environment (what makes you feel good & encouraged to discuss these questions within the network?) etc.

Turin workshop discussion notes:

Roundtable discussion: How do businesses present at the meetup perceive MyData?

  • [Slovenia] Create a good relationship between “activists” and companies so as to move ahead together. Most companies today see privacy as an annoyance and a cost. It can be converted into an opportunity if trust and shared value produces more sharing of data.
  • [Veronica, Italy] MyData could help small companies work with open data, anonymized aggregated data, etc. These data are very hard to access in Italy. How to get access to personal data.
  • Open corporate eyes, share information on what happens, discover new models.
  • [??, Italy] We create retail digital loyalty programs in a gamified way. Understand what we can do.
  • [NTT Data] Big companies in Japan all realize that Mydata is the future, however none of them want to be first. Small companies can be more proactive but… they don’t have market traction. So we need to show big companies some share of the dream; make them realize it’s happening, prototype very relevant cases, etc.
  • [Jogi] The Finnish and Estonian hubs always have practical cases presented during their meetups - and it is productive - however, there is a risk of running out of cases… However, many companies are unwilling to share before launch.
  • Is it a Blue Ocean, where the 1st mover gets a huge competitive advantage? Or is this an ecosystem game where 1st movers are caught in a chicken-egg loop: it the 1st-mover incentive actually low?
  • Can we get rid of cost-of-scaling issues thanks to blockchain / decentralized financing?
  • Are large companies passive, or are they looking and waiting for the right time to buy the 1st-movers (and either integrate or kill them)?
  • [Daniel, Fing, France] Scenario discussed with MesInfos’ corporate partners:
  • Thousands of companies whose business depends on processing data provided by customers of other companies: Personal finance managers, price comparators, lifestyle assistants, etc.
  • They use GDPR’s art. 20 to get the data (and this is viewed by customers not as enforcing a right, but as using a feature in order to get a valuable service to work): “In order to do <cool service>, i need your <data on XXX> currently held by <data controller YYY>”
  • Most corporations won’t be ready, so the companies whose business depends on this will sue them. And perhaps win.
  • OR we could decide this is the wrong way to go because (1) it allows for uncontrolled phishing, or (2) it’s open bar for Google and Facebook.
  • OR we could discuss what would be the right architectures / principles / etc. to get the best results and not the worst. Be the place where the questions are asked, the scenarios are mapped, the issues are identified, the solutions are looked for and compared, etc.
  • [Xavier, Fair&Smart, France] Meet researchers and experts to check my product is good; Meet suppliers and partners; Find corporate clients; Organize observatories, lobbying, …
  • [Ignasi, MyData hub Barcelona] Data ethics advocacy; Avoid data ghettos (rich pay for privacy, poor pay with data); Educate on what people can do with their data; algorithmic decision-making; Mixed commons-based / profit-based business models

So what should we be for businesses (acknowledging the differences between data controllers, 3rd-parties, etc.)?


  • Make it happen : build inside-out (help accomplices within large organizations) and outside-in (users, 3rd-party services) pressure; help actors play their roles...
  • Make it right:  so that it really empowers people and benefits are equitably shared), be a community with an ability for critical thinking, recognize mydata-washing or worse, perversions of the Mydata approach (eg, phishing)
  • Make it a place where the issues may be discussed, including when there are conflicts: issues such as monetization of data by users, limits to portability to prevent phishing or Gafa harvesting, control vs. empowerment, etc.

  • [Jogi] Be the place to discuss monetisation of data by people themselves; and discuss what business models are sustainable in economic and societal forms.
  • [Xavier] Lobby in Europe during the year where “doctrine” on GDPR interpretation becomes established - through trials, via local privacy authorities, etc. Identify 2-3 issues that will be discussed in courts in the future.
  • Share experience, thoughts, knowledge...
  • Before we look to build lobbying strength, figure what we want to lobby for. Or at what levels we lobby:
  • Inside-out pressure: Help the few people within large companies who are convinced, become change agents in their own organizations.
  • Outside-in: Help the 3rd-party applications exert pressure.
  • Help the platforms such as Fair & Smart grow (and they may need legal help).
  • Influencing: whom? Internally in big corporations; media; tech providers; judges...
  • Making it happen: outside-in and inside-out pressure (by consumers and/or external apps); needed outcomes (ex. Article 20 interpretation, existence of APIs…)
    and Making it right (so that it really empowers people and benefits are equitably shared), be a community with an ability for critical thinking, recognize mydata-washing or worse, perversions of the Mydata approach (eg, phishing)

Getting rid of the Gollum effect [WTF is that?]

2nd part of the workshop: Value network mapping

What value I get out of Mydata

What value I provide


MyData as an organization:

- Awareness

- Information on rights and tools

- Class actions (guidelines, connexion…)

MyData as a concept:

- Reduce abuse (control, security)

- New knowledge and abilities

- Convenience, seamlessness

- Economic value thru savings, etc. (eg, price comparisons, intentcasting)

- Measurable gains in time

“Sci-fi”: The network as an oracle that knows more about ourselves / Perfect, eternal copies of ourselves

MyData as an organization:

- Moral support (signing)

- Engagement

- Sharing of data, participation in actions and studies “for good” (MyData as a label, organizer…)

MyData as a concept:

- Participation

- Data / consent

- Money; Share of savings/values

- Time to learn/help learn new technology

- Trust?

Data source

External benefits:

- Better customer experience

- Better image

- More trust, more business

- Identify partners and collaborations, new value proposals

- Follow new trends via requests for data

- Money for data provision (eg, SLAs…)

Internal benefits:

- Better quality data

- More data

- Innovation capabilities

- GDPR compliance

- As consequence, higher corporate efficiency

Data (obviously):

- Data, depending on history, processes, structures, collection methods…

- Service that is the origin of the data

“Negative gains”, direct or indirect costs

- Competitive advantage of being exclusive owners or the data?

- APIs and additional infrastructure to make data accessible

- Image risks if data reusers abuse data

Data using service


- Middleperson in [or - better image? - Common space for] data interactions and flows

- Reputation as a trusted party

- Flexible business model combining revenue flows from the other 3 roles on the market


> Enabling:

- Connectivity (many data sources, people, players…)

- APIs and a layer for exchange and interoperation of data

- Metadata

- Data cleaning, data transformation between data models

- Security...

> Ecosystem facilitation:

- Aggregation of data, clustering

- “Driving” the ecosystem

- Standards, data models

- Interoperability between operators

- ...

- Insights out of data usage

- “Outsourced” legal clarity / compliance