1 of 1

A user-driven checklist based on MyData principles

MYDATA PRINCIPLES	Indicative checklist for organizations, to consider MyData principles from users perspective"
HUMAN-CENTRIC CONTROL OF PERSONAL DATA	Does the user know & understand what data is captured/available about them & why? Can the user fully manage & control their data? Can the user easily understand how to manage & control their data? Does the user easily understand who has access to their data and how they use it? Can the user give, deny or revoke the consent to share their data with others? Can the user ask their data to be removed and/or stopped from collecting or going forward Can the user ask a machine readable copy of their data for themselves? Can the user negotiate the terms of how their data is used with organizations & service providers?
INDIVIDUAL AS THE POINT OF INTEGRATION	Does the user have a (central) ‘hub’ where all their data is viewed, managed & controlled? Does the user have a decentralised model of control? Can the user rest assured their data is not used improperly or against her/his wishes?
INDIVIDUAL EMPOWERMENT	Are users the agents of their own data? Do users have all the tools, skills and assistance to transform data into useful information? How can the users use their own data to make better decisions?
PORTABILITY: ACCESS & RE-USE	Can users obtain and re-use their own data from the different services providers? Can users practically and easily enable the flow of data between organisations & service providers? Can users easily download and transmit their data?
TRANSPARENCY & ACCOUNTABILITY	Can users easily track and make organisations using their data accountable? Can users easily understand how and why decisions are made based on their data? Do users get alerts if there are any issues threatening their privacy or misuse of their data? Can the user understand how the algorithm processing their data works and challenge it if necessary?
INTEROPERABILITY	Can the user enable transfer of their data easily between different service providers? Can the user easily understand the standards, legislation protecting their data? Is the user protected against data lock-in?

3.1 HUMAN-CENTRIC CONTROL OF PERSONAL DATA

Individuals should be empowered actors in the management of their personal lives both online and offline. They should be provided with the practical means to understand and effectively control who has access to data about them and how it is used and shared. We want privacy, data security and data minimisation to become standard practice in the design of applications. We want organisations to enable individuals to understand privacy policies and how to activate them. We want individuals to be empowered to give, deny or revoke their consent to share data based on a clear understanding of why, how and for how long their data will be used. Ultimately, we want the terms and conditions for using personal data to become negotiable in a fair way between individuals and organisations.

3.2 INDIVIDUAL AS THE POINT OF INTEGRATION

The value of personal data grows exponentially with their diversity; however, so does the threat to privacy. This contradiction can be solved if individuals become the “hubs” where, or through which cross-referencing of personal data happens. By making it possible for individuals to have a 360-degree view of their data and act as their “point of integration”, we want to enable a new generation of tools and services that provide deep personalisation and create new data-based knowledge, without compromising privacy nor adding to the amount of personal data in circulation.

3.3 INDIVIDUAL EMPOWERMENT

In a data-driven society, as in any society, individuals should not just be seen as customers or users of pre-defined services and applications. They should be considered free and autonomous agents, capable of setting and pursuing their own goals. They should have agency and initiative. We want individuals to be able to securely manage their personal data in their own preferred way. We intend to help individuals have the tools, skills and assistance to transform their personal data into useful information, knowledge and autonomous decision-making. We believe that these are the preconditions for fair and beneficial data-based relationships.

3.4 PORTABILITY: ACCESS AND RE-USE

The portability of personal data, that allows individuals to obtain and reuse their personal data for their own purposes and across different services, is the key to make the shift from data in closed silos to data which become reusable resources. Data portability should not be merely a legal right, but combined with practical means. We want to empower individuals to effectively port their personal data, both by downloading it to their personal devices, and by transmitting it to other services. We intend to help Data Sources make these data available securely and easily, in a structured, commonly-used and machine-readable format. This applies to all personal data regardless of the legal basis (contract, consent, legitimate interest, etc.) of data collection, with possible exceptions for enriched data.

3.5 TRANSPARENCY AND ACCOUNTABILITY

Organisations that use a person’s data should say what they do with them and why, and should do what they say. They should take responsibility for intended, as well as unintended, consequences of holding and using personal data, including, but not limited to, security incidents, and allow individuals to call them out on this responsibility.We want to make sure that privacy terms and policies reflect reality, in ways that allow people to make informed choices beforehand and can be verified during and after operations. We want to allow individuals to understand how and why decisions based on their data are made. We want to create easy to use and safe channels for individuals to see and control what happens to their data, to alert them of possible issues, and to challenge algorithm-based decisions.

3.6 INTEROPERABILITY

The purpose of interoperability is to decrease friction in the data flow from data sources to data using services, while eliminating the possibilities of data lock-in. It should be achieved by continuously driving towards common business practices and technical standards. In order to maximise the positive effects of open ecosystems, we will continuously work towards interoperability of data, open APIs, protocols, applications and infrastructure, so that all personal data are portable and reusable, without losing user control. We will build upon commonly accepted standards, ontologies, libraries and schemas, or help develop new ones if necessary.