Privacy

Helsinki becomes the first city to employ new open-source data trust network

David Strom, Feb 19, 2021 1:15:12 PM

MyData Global is on a mission to enable more privacy-focused societies across the globe

A novel experiment in deploying large-scale trusted data networks has begun in Helsinki, a city of over 600,000 residents and the capital of Finland. A variety of city services have been linked together using the open-source MyData Global solution, which was announced earlier this month. Let’s examine the announcement, its significance for the rest of us, and what it means for our own data privacy.

In general, cities are at the forefront of how countries gather data from its citizens and how it stores and uses their data. The goal is to give each person control over how their data is shared with various city agencies. Until now, governments had two basic choices about this data: either centralize all data in a single repository or duplicate it across various data silos. Both carried risks of breaches, as we’ve seen with previous breaches in Texas and Georgia just to name two incidents that involved leaking millions of personal records. Additionally, the 2018 ransomware attacks on Atlanta were infamous for the size and scope of their breach.

MyData Global's role in protecting today's citizens

MyData Global is an award-winning non-profit organization built to "empower individuals by improving their right to self-determination regarding their personal data". It has developed an entirely new set of protocols, processes, and application programming interfaces to try to improve cross systems' trust and make it easier for various municipal agencies to share personal information while keeping it protected.

The organization has put together a declaration of principles to guide their operations and partnerships. Their efforts have been ongoing for several years, and the Helsinki project has been two years in the making.

I spoke to Mika Huhtamäki, the head of MyData operations for the Vastuu Group, about their current efforts. Vastuu is the main contractor for the city and has been working on another Finnish project to coordinate the hundreds of sub-contractors building a subway system. The purpose of this project is to be capable of sharing data while maintaining the privacy of the different business entities involved in the construction. The Helsinki project is the largest scale municipal implementation to date, although there are others in the works, including a countrywide MyData effort in Japan.

Making use of PDS technology for better societies

At the heart of what Helsinki is doing is the Personium personal data store (PDS) technology, which enables secure data sharing among interconnected data stores. Personium is one of the dozens of companies supporting the MyData Global project. Personal data from all city operations is stored in a MyData digital wallet and shared across those city agencies or indeed, anyone else that have enabled the software. “Trust is in the essence of data usage: the citizens need to trust that the city is using data on their behalf and with their consent so that it benefits both, the citizens and the city,” says the Mayor of Helsinki, Jan Vapaavuori.

Here's a simple visualization of how the data sharing works:

Ux-Onecub-1

Image via OneCub.com

“Before MyData, Helsinki had services with siloed data in different city departments,” says Huhtamäki. “MyData will help to easily exchange data across these silos.” He mentioned that as more cities implement their system, a single wallet can be used to exchange information (to be used, for example, if someone lives in one city and works in another). The benefit of MyData is that it “adds a layer of control to how this common data can be accessed by various applications, and limits placed on particularly sensitive data such as healthcare-related.”

As another example, a city employee who needed to use a city-owned vehicle would not need to re-enter his driver license information when requesting the vehicle. Instead, the license data would remain in place, and the driver simply sends the necessary authentication tokens to allow the car to be reserved. What's nice about what Helsinki is doing with MyData is that all of the data sharing and privacy is happening under the covers users don’t have to alter their behaviors and things should happen automatically.

The MyData project began in 2016 but got a boost from the EU’s digital services regulations last year. The biggest tenet in these regulations is the right for individuals to control their data privacy and access, which is one of the foundational guiding principles in MyData. Huhtamäki mentioned that other cities in France and Holland are either planning or implementing MyData in a similar manner to that of Helsinki.

Additional efforts around safer data sharing

MyData isn’t the only effort to expand privacy and data access. The San Diego-based Community Information Exchange uses a specialized kind of encryption called homomorphism to allow multiple social service agencies to share data about their clients without revealing their personal information. While the exchange is not completely open-source, it has similar properties to preserve a client’s privacy when requiring services from multiple agencies (such as a housing benefit, food stamps and medicines).

Lastly, Google also has its Private Join and Compute open source projects on GitHub. These are also based on homomorphic encryption concepts, but require a graduate-level understanding of the underlying math. MyData Global has reduced the level of specialized knowledge so that most developers can more easily build supporting applications.