We are entrepreneurs, activists, academics, listed corporations, public agencies, and developers. For years, we’ve been using different words for what we do – MyData, Self Data, VRM (Vendor Relationship Management), Internet of Me, PIMS (Personal Information Management Services) etc, while sharing a common goal: to empower individuals with their personal data, thus helping them and their communities develop knowledge, make informed decisions, and interact more consciously and efficiently with each other as well as with organisations.

Together, in recent years, we have formed a network whose participants share experience, develop common projects, meet at the MyData conference, and take part in collective endeavours towards a human-centric approach to personal data.

It is now time to take this work out in the world and prove its potential impact on individuals, society, and the economy. Today, we believe it is time to publicly assert the values that drive us – and call on those who share those values to act upon them. Join us in reversing the paradigm of personal data. Join us in creating the MyData movement.

DECLARATION OF MYDATA PRINCIPLES

(v1.0)

As the importance of personal data in society continues to expand, it becomes increasingly urgent to make sure individuals are in a position to know and control their personal data, but also to gain personal knowledge from them and to claim their share of their benefits.

Today, the balance of power is massively tilted towards organisations, who alone have the power to collect, trade and make decisions based on personal data, whereas individuals can only hope, if they work hard, to gain some control over what happens with their data. The shifts and principles that we lay out in this Declaration aim at restoring balance and moving towards a human-centric vision of personal data. We believe they are the conditions for a just, sustainable and prosperous digital society whose foundations are:

  • Trust and confidence, that rest on balanced and fair relationships between people, as well as between people and organisations;
  • Self-determination, that is achieved, not only by legal protection, but also by proactive actions to share the power of data with individuals;
  • Maximising the collective benefits of personal data, by fairly sharing them between organisations, individuals and society.

 

1. MYDATA SHIFTS: WHAT NEEDS TO CHANGE

Our overriding goal is to empower individuals to use their personal data to their own ends, and to securely share them under their own terms. We will apply and practice this human-centric approach to our own services, and we will build tools and share knowledge to help others do the same.

1.1. FROM FORMAL TO ACTIONABLE RIGHTS

In many countries, individuals have enjoyed legal data protection for decades, yet their rights have remained mostly formal: little known, hard to enforce, and often obscured by corporate practices. We want true transparency and truly informed consent to become the new normal for when people and organisations interact. We intend access and redress, portability, and the right to be forgotten, to become “one-click rights”: rights that are as simple and efficient to use as today’s and tomorrow’s best online services.

1.2. FROM DATA PROTECTION TO DATA EMPOWERMENT

Data protection regulation and corporate ethics codes are designed to protect people from abuse and misuse of their personal data by organisations. While these will remain necessary, we intend to change common practices towards a situation where individuals are both protected and empowered to use the data that organisations hold about them. Examples of such uses include simplifying administrative paperwork, processing data from multiple sources to improve one’s self-knowledge, personalised AI assistants, decision-making, and data sharing under the individual’s own terms.

1.3. FROM CLOSED TO OPEN ECOSYSTEMS

Today’s data economy creates network effects favoring a few platforms able to collect and process the largest masses of personal data. These platforms are locking up markets, not just for their competitors, but also for most businesses who risk losing direct access to their customers. By letting individuals control what happens to their data, we intend to create a truly free flow of data – freely decided by individuals, free from global choke points – and to create balance, fairness, diversity and competition in the digital economy.

 

2. MYDATA ROLES: WHO DOES WHAT

Please note: “Roles” are not “Actors” an individual or organisation may fulfill one or more roles at once.

MYDATA ROLES

PERSON

An individual that manages the use of their own personal data, for their own purposes, and maintains relationships with other individuals, services or organisations.

DATA SOURCE

A data source collects and processes personal data which the other roles (including Persons) may wish to access and use.

DATA USING SERVICE

A data using service can be authorised to fetch and use personal data from one or more data sources.

PERSONAL DATA OPERATOR

A Personal Data Operator enables individuals to securely access, manage and use their personal data, as well as to control the flow of personal data with, and between, data sources and data using services. Individuals can be their own operator. In other cases, operators are not using the information itself, but enabling connectivity and secure sharing of data between the other roles in the ecosystem.

 

3. MYDATA PRINCIPLES: WHAT WE WANT TO ACHIEVE

In order to produce the shifts that are needed for a human-centric approach to personal data, we commit to working towards and advocating the following principles:

3.1 HUMAN-CENTRIC CONTROL OF PERSONAL DATA

Individuals should be empowered actors in the management of their personal lives both online and offline. They should be provided with the practical means to understand and effectively control who has access to data about them and how it is used and shared.

We want privacy, data security and data minimisation to become standard practice in the design of applications. We want organisations to enable individuals to understand privacy policies and how to activate them. We want individuals to be empowered to give, deny or revoke their consent to share data based on a clear understanding of why, how and for how long their data will be used. Ultimately, we want the terms and conditions for using personal data to become negotiable in a fair way between individuals and organisations.

3.2 INDIVIDUAL AS THE POINT OF INTEGRATION

The value of personal data grows exponentially with their diversity; however, so does the threat to privacy. This contradiction can be solved if individuals become the “hubs” where, or through which cross-referencing of personal data happens.

By making it possible for individuals to have a 360-degree view of their data and act as their “point of integration”, we want to enable a new generation of tools and services that provide deep personalisation and create new data-based knowledge, without compromising privacy nor adding to the amount of personal data in circulation.

3.3 INDIVIDUAL EMPOWERMENT

In a data-driven society, as in any society, individuals should not just be seen as customers or users of pre-defined services and applications. They should be considered free and autonomous agents, capable of setting and pursuing their own goals. They should have agency and initiative.

We want individuals to be able to securely manage their personal data in their own preferred way. We intend to help individuals have the tools, skills and assistance to transform their personal data into useful information, knowledge and autonomous decision-making. We believe that these are the preconditions for fair and beneficial data-based relationships.

3.4 PORTABILITY: ACCESS AND RE-USE

The portability of personal data, that allows individuals to obtain and reuse their personal data for their own purposes and across different services, is the key to make the shift from data in closed silos to data which become reusable resources. Data portability should not be merely a legal right, but combined with practical means.

We want to empower individuals to effectively port their personal data, both by downloading it to their personal devices, and by transmitting it to other services. We intend to help Data Sources make these data available securely and easily, in a structured, commonly-used and machine-readable format. This applies to all personal data regardless of the legal basis (contract, consent, legitimate interest, etc.) of data collection, with possible exceptions for enriched data.

3.5 TRANSPARENCY AND ACCOUNTABILITY

Organisations that use a person’s data should say what they do with them and why, and should do what they say. They should take responsibility for intended, as well as unintended, consequences of holding and using personal data, including, but not limited to, security incidents, and allow individuals to call them out on this responsibility.

We want to make sure that privacy terms and policies reflect reality, in ways that allow people to make informed choices beforehand and can be verified during and after operations. We want to allow individuals to understand how and why decisions based on their data are made. We want to create easy to use and safe channels for individuals to see and control what happens to their data, to alert them of possible issues, and to challenge algorithm-based decisions.

3.6 INTEROPERABILITY

The purpose of interoperability is to decrease friction in the data flow from data sources to data using services, while eliminating the possibilities of data lock-in. It should be achieved by continuously driving towards common business practices and technical standards.

In order to maximise the positive effects of open ecosystems, we will continuously work towards interoperability of data, open APIs, protocols, applications and infrastructure, so that all personal data are portable and reusable, without losing user control. We will build upon commonly accepted standards, ontologies, libraries and schemas, or help develop new ones if necessary.

 

4. ACTIONS: WHAT SHOULD HAPPEN NOW

  • Sign the Declaration, as an individual and/or as an organisation. This Declaration is written in the future tense: if your organisation isn’t quite there, but is committed to moving into this direction, it should still sign it!
  • Comment on the Declaration. This Declaration will evolve over time, based on your ideas and practical experience. There will be an initial review after 6 months.
  • Use the Declaration to further your own projects and intentions. Base your trust framework, or your terms of services, on it. Use it to lobby and convince clients, partners, stakeholders etc.

REFERENCES

This Declaration of Principles draws upon many sources of inspiration, the most significant ones being:

ABOUT THE MYDATA DECLARATION

The MyData Declaration emerged out of the “European PIMS (Personal Information Management Services) Community” which met in Brussels (November, 2015), Paris (April, 2016), Helsinki (August, 2016), London (December, 2016) and Berlin (March, 2017). More specifically, the Berlin meetings produced a memorandum that stated two complementary goals:

  1. To establish a MyData Global Network as a legal entity
  2. To start by developing a common set of principles for the human centric personal data

This MyData Declaration is the response to the second goal.

HOW THE DECLARATION WAS WRITTEN

This initial version (1.0) of the Declaration was written by three persons who are all heavily involved in the PIMS Community as well as in organising the MyData Conference:

  • Antti “Jogi” Poikola (Finland), researcher at Aalto University and founding member and former chairman of the Open Knowledge Finland association, also the main organizer of the MyData Conference and leading author of the Finnish MyData white paper.
  • Daniel Kaplan (France), cofounder and scientific advisor to Fing and France’s MesInfos project, member of the MyData Conference’s core team and core contributor of the MesInfos Self Data Charter.
  • Tanel Mällo (Estonia), head of Research Administration Office at Tallinn University, lead of MyData Estonia network, member of the MyData Conference’s core team, in charge of MyData 2017’s Tallinn events.

This initial drew inspiration from a thorough reading of 20 existing charters and statements of principles, and was prepared by a workshop in Berlin which organised and prioritised the central ideas.

A draft version was sent for comments to the Founding members of the MyData Global Network, as well as participants to the Berlin workshop. It received more than 90 comments. After a 2-weeks comments period, the current version of the Declaration was fixed in its current state.

HOW THE DECLARATION WILL EVOLVE

This Declaration is the founding text of the “MyData Global Network” (whose name might change) and will be managed by it as soon as this organization is more formally established.

The published version of the declaration is now stable and can be signed by individuals and organisations.

In the future, new versions of the text will certainly need to be written based on experience, as well as on the advancement of technology, markets, uses and regulations. A set of issues has explicitly been left open for future discussions <LINK?>. The next MyData community meeting (Aarhus, Denmark, Nov. 23-24, 2017) will define a formal review process.

Also, a discussion is already underway as to how selective and binding this Declaration should be, so that organisations can’t just sign it without actually committing to implementing it. We want the Declaration to be open for all to sign, but we also want it to herald a significant change in the “normal” way in which all organisations handle personal data.

PARTICIPATE

  • Sign the Declaration, as an individual and/or as an organisation.
  • Use the Declaration to further your own projects and intentions. Base your trust framework, or your terms of services, on it. Use it to lobby and convince clients, partners, stakeholders etc. And please, let us know, so we can all benefit from your experience!

The MyData Declaration’s future versions will be produced in an open manner and everyone is welcome to contribute. The conversation takes place on the MyData Declaration mailing list. This list is currently facilitated by Antti “Jogi” Poikola, Daniel Kaplan and Tanel Mällo. A list of issues left open in the v. 1.0 of the declaration can be accessed here. The next MyData community meeting (Aarhus, Denmark, Nov. 23-24, 2017) will define a formal review process.

TRANSLATIONS

We are happy to receive translations of the MyData Declaration in different languages. We will update the declaration website with new language versions just before the Aarhus meeting (Nov. 23.-24. 2017).

If you can use git, clone the MyData Declaration repository, add your translation under declaration/1.0/languagecode/index.markdown eg declaration/1.0/FR/index.markdown for French, then submit a pull request.

More traditionally without git knowledge you can simply download the original english version here, translate it, and send to declaration@mydata.org.

 

CONTRIBUTORS

The following contributors took part in workshops and/or provided comments to the initial versions (1.0) of the declaration:

David Alexander, Malte Bayer-Katzenberger, Simon Carroll, Fabien Coutant, Paul-Olivier Dehaye, Katryna Dow, Harri Honko, Viivi Lähteenoja, Joss Langford, Hubert Le Lièpvre, Joachim Lohcamp, Maarten Louman, Maciei Machulak, Robert Madge, Jack Mitchell, Michele Nati, Tristan Nitot, Kei Ohashi, Juuso Parkkinen, Julian Ranger, Geoff Revill, Clara Schmitt, Doc Searls, Tarmo Toikkanen, Luk Vervenne, Colin Wallis.

SIGNATURES

188 Mihael Modic Slovenia DataFund Nov 09, 2017
187 Christian Kronborg Denmark Nov 09, 2017
186 Christina Sereti Greece Nov 06, 2017
185 IOANNIS STAMELOS Greece Nov 06, 2017
184 Guilherme Otávio de Oliveira e Silva Brazil Nov 05, 2017
183 Brigitte Lutz Austria Nov 03, 2017
182 Johan Goris Belgium Oct 30, 2017
181 Marju Lauristin Estonia Oct 29, 2017
180 sneha das Finland Oct 29, 2017
179 Palle Michael Nielsen Danmark Oct 29, 2017
178 Peter Hanečák Slovakia EEA s.r.o. (member of PROFIT project) Oct 28, 2017
177 WJ Tseng Taiwan Oct 27, 2017
176 Christian Schmidt-Madsen Denmark Oct 26, 2017
175 André Bryde Alnor Denmark Oct 26, 2017
174 Flavia Cerruti Brazil Oct 25, 2017
173 Sara Madariaga Spain Oct 24, 2017
172 Fernando Campo Guardiola Spain axonConsultores Oct 23, 2017
171 Eric Maininnen Denmark Finvest Oct 23, 2017
170 Jens Jensen Denmark Oct 23, 2017
169 Mahsa Kiani Canada Oct 22, 2017
168 Daren Williams UK Consorticon Oct 20, 2017
167 Jeferson Ferro Brasil Curitiba Oct 18, 2017
166 Enrique Jimenez Brasil Oct 16, 2017
165 Danilo Gomes Brazil Oct 16, 2017
164 Saulo Nascimento Brasil São Paulo Oct 16, 2017
163 Jamerson Albuquerque Tiossi Brazil Oct 15, 2017
162 Eurico Matos Brasil Oct 15, 2017
161 Scott Nelson Canada Human Data Commons Foundation Oct 11, 2017
160 Annabelle Lambert United Kingdom Ethos VO Ltd Oct 11, 2017
159 Crt Ahlin Slovenia Oct 10, 2017
158 Simon Crossley UK Oct 09, 2017
157 Lambros Kastrinakis Greece Oct 09, 2017
156 SEJOON PARK South Korea ToBeWAY Oct 09, 2017
155 Adolfo Ruiz Calleja Estonia Tallinn University Oct 04, 2017
154 Oscar Ramirez Finland Startup Commons Global Oct 03, 2017
153 Valto Loikkanen Finland www.prifina.com Oct 03, 2017
152 Pierre Vandekerckhove France Cozy Cloud Oct 02, 2017
151 Fredrik Lindén Sweden Hamling IT AB Oct 02, 2017
150 Casandra Grundstrom Finland Oct 02, 2017
149 Christian Renard France Aximark Sep 30, 2017
148 Kazue Sako Japan Sep 29, 2017
147 Dominique Boudin France Sep 29, 2017
146 Sechang Oh South Korea ToBeWAY Sep 29, 2017
145 Ranjit Menon India Sep 29, 2017
144 Patrick Andrews United Kingdom ClaimyourData Sep 29, 2017
143 Berit Skjernaa Denmark Sep 26, 2017
142 Signe Mällo Estonia Sep 26, 2017
141 Thorbjørn Konstantinovitz Danmark Sep 24, 2017
140 TH Schee Taiwan Open Knowledge Taiwan Sep 24, 2017
139 Nanda Sitepu Indonesia Sep 21, 2017
138 Vincent Chen Taiwan Sep 21, 2017
137 Seema Khinda Johnson United Kingdom Nuggets Sep 20, 2017
136 Özhan Sağlık Turkey Sep 20, 2017
135 gerard b france Sep 20, 2017
134 Jim Willeke United States Sep 19, 2017
133 Iris van Diest Netherlands HelloData Sep 18, 2017
132 Jari Porrasmaa Finland Sep 17, 2017
131 John Sperryn Finland Sep 13, 2017
130 Tim Rosborough Canada Zaudi Corporation Sep 12, 2017
129 Kim Hamers Netherlands HelloData Sep 12, 2017
128 Francois Larche United States Xidentix Sep 11, 2017
127 Alan Mackworth Canada Sep 10, 2017
126 John Havens United States Sep 10, 2017
125 Scott Steinberg USA Data Does Good Sep 10, 2017
124 Marcin Betkier New Zealand Sep 09, 2017
123 Les Chasen United States Sep 09, 2017
122 Walter Pienciak USA Sep 09, 2017
121 Joan Rodon Spain Sep 09, 2017
120 Mayank Agarwal India Sep 08, 2017
119 Trent Larson Sep 06, 2017
118 Brenda Francis United States Sep 06, 2017
117 Mikko Lampi Finland Sep 06, 2017
116 Annemette Broch Denmark Data for Good Foundation Sep 06, 2017
115 Teemu Ropponen Finland Sep 06, 2017
114 Miguel Benavent de B. Spain B-Ecosystem Sep 06, 2017
113 Kirsten Fiedler Internet Sep 06, 2017
112 Chris Rohrer Switzerland Sep 06, 2017
111 Ming-Syuan Ho Taiwan Taiwan Association for Human Rights Sep 06, 2017
110 Ying-Chu Chen Taiwan Sep 06, 2017
109 Mohammad Abdul Sami India Sep 06, 2017
108 Nicholas Ris United States Sep 05, 2017
107 Brent Zundel United States Sep 05, 2017
106 Steve Tolman United States Sep 05, 2017
105 Ron Hammond USA Sep 05, 2017
104 Daniel Hardman United States Sep 05, 2017
103 Katarzyna Szymielewicz Poland Panoptykon Foundation Sep 05, 2017
102 John Wunderlich Canada John Wunderlich & Associates, Inc. Sep 05, 2017
101 Luca Belli Center for technology & society at FGV Sep 05, 2017
100 Hubert Le Liepvre France Ze Profile Sep 05, 2017
99 Sean Bohan United States Hyperledger Indy Sep 05, 2017
98 Madis Tiik Estonia Sep 05, 2017
97 Jayne Hilditch United Kingdom Sep 05, 2017
96 Gavin Starks United Kingdom Dgen Sep 05, 2017
95 Hanno Wagner Germany Sep 05, 2017
94 Iain Henderson United Kingdom Sep 04, 2017
93 Fabio Hofer Austria Sep 04, 2017
92 Nikesh Balami Nepal Open Knowledge Nepal Sep 04, 2017
91 Geoffrey Delcroix France Sep 04, 2017
90 Michael Davis-Marks United Kingdom Sep 04, 2017
89 Vladimir Kuparinen Finland Smart Paper Sep 04, 2017
88 Brian Schildt Denmark Findx.com Sep 04, 2017
87 Robert Pye United Kingdom Sep 04, 2017
86 Irene Maxwell France Sep 03, 2017
85 Steffen Rytter Postas Denmark Sep 03, 2017
84 Michael Chen United States Sep 02, 2017
83 Philip Sheldrake United Kingdom Sep 02, 2017
82 Adrian Gropper United States HIE of One Sep 02, 2017
81 Pernille Tranberg Denmark DataEthics.eu Sep 02, 2017
80 Markus Sabadello Austria Danube Tech Sep 02, 2017
79 Jose Matos Spain Sep 01, 2017
78 Jouko Salonen Finland Sep 01, 2017
77 Pekka Kohonen Sweden Sep 01, 2017
76 Heli Sirkiä Finland Sep 01, 2017
75 Kirsi Halttu Finland University of Oulu Sep 01, 2017
74 Harri Honko Finland Sep 01, 2017
73 John Callahan United States Sep 01, 2017
72 Hyunggun Kim South Korea Korea Data Agency Sep 01, 2017
71 Meelis Kerbo Estonia Sep 01, 2017
70 Ramon Sangüesa Spain Data Transparency Lab Sep 01, 2017
69 Meeco .me Australia Sep 01, 2017
68 Mikko Sierla Finland Sep 01, 2017
67 Katryna Dow Australia Meeco Sep 01, 2017
66 Shaun Conway South Africa Global Consent Sep 01, 2017
65 Pia Adibe Suomi Sep 01, 2017
64 Xavier Lefevre France Fair & Smart Sep 01, 2017
63 Christian Kunz Switzerland Sep 01, 2017
62 William Heath UK Sep 01, 2017
61 Mariana Salgsado Finland Migri Sep 01, 2017
60 Jouni Tuomisto Suomi Sep 01, 2017
59 Steve Castle United Kingdom Sep 01, 2017
58 Wil Janssen Netherlands InnoValor Aug 31, 2017
57 Teemu Ropponen Finland Open Knowledge Finland Aug 31, 2017
56 Maritta Perälä-Heape Finland Centre for health and technology (CHT) Aug 31, 2017
55 Mikael Seppälä Finland Aug 31, 2017
54 Masahiko Shoji Japan Aug 31, 2017
53 Phillip Windley United States Sovrin Foundation Aug 31, 2017
52 Timo Ruohomäki Finland Aug 31, 2017
51 Matti Kiviluoto Finland Aug 31, 2017
50 Endo Viires Estonia Professional Human Being Aug 31, 2017
49 Franc Paul South Africa LifeQ Aug 31, 2017
48 tim de winkel Nederland Aug 31, 2017
47 Sami Laine Finland Aug 31, 2017
46 Walter Palmetshofer Austria OKFDE Aug 31, 2017
45 Vassilis Chryssos Greece FOSS Office Aug 30, 2017
44 Dimitris Kosmidis Greece Aug 30, 2017
43 Ignasi Alcalde Spain EquipoCafeina.net Aug 30, 2017
42 Pieter Ennes Netherlands Authentiq Aug 30, 2017
41 Jacob Baytelman UK Krowdthink Aug 30, 2017
40 Céline Steyer France Cozy Cloud Aug 29, 2017
39 Yannis Kotronis Greece Aug 29, 2017
38 Michalis Vafopoulos Greece Aug 29, 2017
37 Marko Turpeinen Finland Aug 29, 2017
36 Alexandros Nousias Greece GFOSS-OPEN TECHNOLOGIES ALLIANCE Aug 29, 2017
35 Antti Kettunen Finland Aug 28, 2017
34 Joss Langford United Kingdom Coelition Aug 28, 2017
33 Andy Harrison Norway Egde Consulting Aug 28, 2017
32 Freyr Ketilsson Ice Dattaca Labs Aug 28, 2017
31 Serge KRYWYK France AEVATAR Aug 28, 2017
30 Bala Kamallakharan Iceland Dattaca Labs Aug 28, 2017
29 Drummond Reed United States Evernym Aug 28, 2017
28 Colin Wallis Estonia Kantara Initiative, Europe Aug 27, 2017
27 Mantas Zimnickas Lithuania Aug 27, 2017
26 Karine Durand-Garçon France Aug 27, 2017
25 David ROBERT France ÆVATAR Aug 27, 2017
24 Paul Mundt Germany Adaptant Solutions AG Aug 27, 2017
23 Kai Kuikkaniemi Finland Aug 26, 2017
22 Herve LE JOUAN France Privowny Aug 26, 2017
21 Ludovic Dubost France XWiki SAS Aug 26, 2017
20 Henrik Biering Denmark Peercraft Aug 25, 2017
19 Geoff Revill UK Krowdthink Ltd Aug 25, 2017
18 Charles Hunter United Kingdom Modalgo Aug 25, 2017
17 David Alexander United Kingdom Solutions - Make the Difference Aug 25, 2017
16 Philippe Régnard France Aug 25, 2017
15 Tristan Nitot France Cozy Cloud Aug 25, 2017
14 David Dickinson UK i-Space Navigator Aug 25, 2017
13 David Alexander United Kingdom Mydex Data Services Community Interest Company Aug 25, 2017
12 Michele Nati United Kingdom London Aug 25, 2017
11 Ziad WAKIM France KUMBU Aug 25, 2017
10 Maarten Louman Netherlands Qiy Foundation Aug 25, 2017
9 Juuso Parkkinen Finland Aug 25, 2017
8 Daniel Kaplan France Fing Aug 25, 2017
7 Robert Madge Switzerland Xifrat Daten AG Aug 25, 2017
6 Sille Sepp Estonia Aug 25, 2017
5 Julian Ranger UK digi.me Aug 24, 2017
4 Paul-Olivier Dehaye Switzerland PersonalData.IO Aug 24, 2017
3 Tanel Mällo Estonia Aug 24, 2017
2 Salla Thure Finland Aug 24, 2017
1 Antti Poikola Finland Aug 24, 2017

Feedback on the Declaration

Feedback on the Declaration

  • If you can not sign the declaration as it is, or if you sign, but feel that there is something to be improved please leave us feedback.