Since the adoption of the GDPR, we all expect developers to embed privacy into existing and forthcoming software applications. But ask a thousand people to define what privacy is and you’ll get a thousand different answers.

For some, privacy is nothing more than secrecy. For others, it is everything related to their lives. Yet somehow, we expect developers to know what the “right” answer is for everyone. Arguing that all they have to do is to “respect users’ privacy” when developing personal data collecting apps. But how exactly? This is the part that we never talk about: how privacy should effectively be embedded into existing and forthcoming designs.

Hacking the privacy principles: turning legal requirements into 1s and 0s

If it is easy to say that developers should respect users’ privacy, hardcoding these principles into software systems is certainly not. Still, that is precisely what is expected from them, as the GDPR provides numerous privacy principles for developers to implement. What it does not provide though, is a clear guidance on how these principles should be implemented.

As a result, we observe that GDPR concepts like “data minimisation” are still a blur for lots of people. Indeed, according to the regulation, “Personal data shall be: adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)”. But what is adequate and relevant to someone might be interpreted in many different ways. So how can developers know that they have it right?

Mostly, they don’t. In their study Why developers cannot embed privacy into software systems – an empirical investigation, researchers Senarath and Arachchilage specifically recognize this fact as one of the main problems developers face when attempting to embed privacy into their designs: they simply don’t know how to verify that they’ve done it right.

Now if they would go deeper into the GDPR, developers would know that: “appropriate technical and organisational measures, such as pseudonymisation […] are designed to implement data-protection principles, such as data minimisation” (art. 25 § 1 GDPR). The thing is: do you know many developers who actually have read the 88 pages of the GDPR? Certainly not. And even if they did, would they be able to keep track of all the data protection principles that it refers to and understand how to interpret them?

We don’t expect lawyers to be able to implement technical solutions. So why expecting developers to be able to understand and navigate the law?

Minding the gap between tech and privacy experts: a collaborative approach

Clearly, this situation requires a collaboration between all these different subject-matter experts – lawyers and developers – so that they can build digital solutions that are both legally rightful and technically feasible.

At Pryv, we understand the burning need for such solutions, which is why we provide any developers with a ready-to-use software foundation on which they can build their own personal data collecting apps. Call it GDPR, CCPA, PIPEDA or any other existing of forthcoming regulation that regulates privacy and individuals’ rights, our software was built to help developers address the complexity of such privacy-by-design legal requirements and meet business constraints such as short-term deadlines and restricted resources.

Expectations can equal Reality

Today, we have set-up high expectations to have everything available on a click away. While it is easy to blame why privacy is not respected, it is yet difficult to challenge the reality of the situation…

So really? Are developers lawyers to be? Might be not, as solutions are there to help: 

Check out our work at Pryv: embedding privacy into software apps

Now available for free in open source: [github-link].

https://pryv.github.io/www

Stephanie & Evelina @ Pryv

Sources:

• https://arxiv.org/ftp/arxiv/papers/1805/1805.09485.pdf
• https://eur-lex.europa.eu/eli/reg/2016/679/oj

The post Are developers the new lawyers to be?  Embedding privacy into software apps appeared first on Pryv.

Once upon a time we used to think of banking as private safes and white collars. Today, it is certainly one of the most promising areas for data-driven innovation. Each time a user pays online, it leaves behind a digital trail of information, allowing for infinite data-fueled possibilities. Yet just like banknotes, personal financial data needs to be kept safely. This means in this case: in compliance with the GDPR, Swiss DPA or any other relevant data protection regulation. 

Open Banking: Mastering privacy & consent  to unlock the personal data superpower

The growth of personal data usage is exponential and affects almost any industry. On one side of this growth, there are the users who keep calling for more on-click personalised offerings and “fluidity” of data transfer. On the other, businesses that are striving to deliver on these demands in the best possible way. Some of these businesses, however, are just kicking off in the personal data economy services accessing. This has been core for the banks and financial industries.

Banks online & payments: guardians of trust

While the pandemic casted a harsh light on the notion of personal data collection and privacy respect, it also further strengthened the boost towards contactless and online paying services. Unlike other industries operating with personal data, the banking industry is fortunate to be one step ahead when it comes to trust: people trust banks and other financial entities to safeguard their personal data more than other organizations. Perhaps for this reason, digital banks and mobile financial applications have been growing like weeds in the past few years; trust being the “magic” seed of their super-fast expansion.

« Bank 4.0: banking everywhere. Never at a bank »

As banking services are being digitized, paying cash is becoming a thing of the past. Twint, Revolut and other “one-click” solutions are becoming the new way to pay for anything, anywhere. And online banking apps are the new go-to for managing bank accounts anytime, “stay home”-compliant and safe. So, if banks were long seen as closed physical places with thick walls and locked doors, they are now becoming prime actors of the rising personal data economy. A rise reinforced by the recent introduction of Open Banking: a practice that provides third-party service providers open access to consumer banking transactions and financial data through the use of application programming interfaces (APIs).

Open Banking Poker Face: Superhero or Supervillain?

Open banking introduces a new paradigm that opens up many business opportunities. Whereas initially seen as a way to enable exchanges between financial institutions, it is now spreading faster and even beyond expectations. Unforeseen personal data offerings in a cross-industry corporation arise indeed when personal and financial data is derived and aggregated. And in a world where everything can be bought a click away, derived applications are endless. 

Applications, “Sur-mesure”.

Just to mention a few, service providers already suggest personalized offerings based on correlating financial and personal data, like targeted budgets for monthly shopping, savings and loans. Thanks to the data collected through open banking, the app can be made perfect for any user: depending on the stage of your life whether you are a student, a parent, buying property or planning retirement, it will provide you with an offer which suits you best.

Privacy-first (un)locks Open Banking

Still, if Open banking is great for business, it is also referred to as a nightmare when it comes to privacy. Especially, the system raises questions as regards to the privacy of the users whose data is being shared: do they understand what their data is being used for? Are they given the opportunity to give explicit consent as required by the GDPR? To ensure that open banking will benefit the users and not foster discrimination, strong safeguards have to be put in place.

Solution: Beyond secrecy, use Pryv.io personal data and consent management solution to enhance your users privacy.

“Personal data aggregation, sharing and processing should be as effective, secure and trustworthy as online banking.” – Pryv

If one could argue that not sharing any data would be the best solution to ensure users privacy, we beg to disagree: Privacy doesn’t have to be only secrecy. At Pryv, we envision a world where privacy is the ability to share personal data with awareness, trust and control.

“Giving explicit consent to collect and share personal data has per core requirement that users understand which data we are talking about. Trust comes with the ability to check the content of these data and the exchanges between all parties. Like banks that provide detailed reports of all transactions in time, classified in bank accounts” – Pierre-Mikael Legris, CEO of Pryv

Enhancing trust requires rethinking consent. In this new paradigm, privacy is not a compliance tick box but an opportunity to break data silos, differentiate products and services, and attract end-users with trust, transparency and empowerment.

“Pryv.io data model provides all data in “time series” contextualised and classified in streams. It is designed to provide the same readability and transparency as your bank report. So anyone could make decisions and check its execution with a minimum of effort.”

Beat the “get-user-consent” fear: start managing your users’ data exactly as the bank manages your money! Learn more about how Pryv.io can help you win users’ trust by collecting and using their personal data rightly.

Yours,
Stephanie & Evelina

Additional Sources:

• https://fintechnews.ch/open-banking/open-banking-in-switzerland-an-overview/32199/
• https://www.finextra.com/blogposting/19282/the-value-that-open-banking-brings-to-each-market-player
• https://medium.com/@nordigen/5-future-open-banking-use-cases-e5168c233bff
• https://tarabutgateway.com/open-banking-use-cases-beyond-banking/
• https://www.linkedin.com/pulse/data-governance-what-truly-means-manage-asset-julien-tagnon

The post Open Banking: Mastering privacy & consent  to unlock the personal data superpower appeared first on Pryv.

Positioning itself as the next industry standard for personal and real-world data standard, Pryv is looking forward to participating in the Pistoia Alliance Community to promote collaboration as many organisations would benefit significantly from industry-wide pre-competitive collaboration.

Still, one of the biggest challenges the industry has, is transforming the growing number of collected data sets into meaningful insights via developing and implementing machine and deep learning systems.

Pryv addresses this challenge by providing the industry with a technology solution that enables data collection and standardization, storage and distribution, while allowing different and multi-algorithms to be used to identify patterns and outcomes.

Used as a foundation of R&D products development, Pryv eHealth Middleware technology ensures fast access to data and its compliant usage cross-borders. Easy access to acquiring real-world data, designing real-world data platforms and delivering real-world evidence, while ensuring the data is managed properly: preserving data privacy and security first is the promise Pryv brings to the wider Life Science community.

Benefiting from the ready-to-be used Middleware solution of Pryv, Pharmaceutical and Life Science companies can focus now primarily on their research and deliver real benefits to patients while being sure the data management is done right under their control.

The blockchain technology Pryv developed, and implemented in its Middleware is used to validate data set genuineness through its full life-cycle and provide a data trail audit, while the unique data ontology allows for granular data distribution to each stakeholder respecting Ethical, Legal and Clinical Data Requirements.

About Pryv

Pryv is an independent Swiss SME founded in 2012 with the mission to promote, develop and implement Health IT patient-centric solutions across the healthcare industry.Pryv developed and sell licenses of a trusted Swiss-made and validated eHealth Data Middleware to empower Pharmas, Hospitals/ Clinics, Medtech, Digital Health, Insurances to build compliant, innovative and scalable data-driven eHealth products with confidence, reduced time and IT expenses while respecting complex Data Privacy Regulations.

About The Pistoia Alliance:

The Pistoia Alliance is a global, not-for-profit members’ organisation made up of life science companies, technology and service providers, publishers, and academic groups working to lower barriers to innovation in life science and healthcare R&D. It was conceived in 2007 and incorporated in 2009 by representatives of AstraZeneca, GSK, Novartis and Pfizer who met at a conference in Pistoia, Italy. Its projects transform R&D through pre-competitive collaboration. It overcomes common R&D obstacles by identifying the root causes, developing standards and best practices, sharing pre-competitive data and knowledge, and implementing technology pilots. There are currently over 80 member companies; members collaborate on projects that generate significant value for the worldwide life sciences R&D community, using the Pistoia Alliance’s proven framework for open innovation.

The post Pryv joins The Pistoia Alliance to lower the barriers of adopting innovation in life sciences research and development appeared first on Pryv.