#4 Data Governance: Sharing data in a trusted way
Data Governance
7 min readThis is the fourth in a series of articles called “Nevermined: Big Data. Small effort”, meant to outline the current challenges companies face in handling data and the very simple, but highly effective solutions offered by Nevermined, a cutting-edge data sharing blockchain technology. #1, #2, #3
Having covered important data-related challenges where Nevermined comes to the rescue in our previous 3 articles, like sharing, monetizing and using data to create new business streams, we move forward with one more key element we need to explore in this series, and that is Governance.
Capital G, indeed. Because it’s the single most pressing issue that comes up in every conversation we have with organisations.
CONTROL AND PROVENANCE
The main obstruction to creating value with data is a so-called defensive data strategy. Given the regulatory and compliance challenges, it is understandable that most organisations have developed a strategy that is risk averse. However, the consequence of such a culture is that data is seen as a liability, rather than an asset.
We’ve all posed and/or heard these kind of questions:
- Who has access to what data for how long and for what purpose?
- How can I easily define the conditions of data access? And how to control them?
- Can I trust the systems in place to be compliant with the regulators’ requirements?
- But what if the data gets copied? Leaked? Hacked?
- etc. ad infinitum
This problem can be summed up in one word: Trust.
Capital T, indeed.
To create that trust between different organisations, between Data Owners and Data Consumers, organisations have so far used a rather limited ‘technical’ solution: i.e. a process of lengthy, manual, repetitive approval workflows.
With Nevermined, we change that dramatically.
Because of the way our technical architecture is designed and the way it incorporates blockchain features, Nevermined can provide High-fidelity Control and Provenance. In other words, with Nevermined we create digital, automated trust, at scale.
CONTROL OVER DATA
First of all, as a Data Owner, you are always in control of your data. Nevermined allows you to share data without having to copy or transfer the data. This is a key technical feature as explained in article 3. The concept is simple, but the impact is huge from a Governance point of view. Because…
- If data doesn’t get transferred and third parties don’t get to ‘see’ your raw data, it can’t be leaked, nor copied.
- As data remains in your current data environment, it is protected by your current security set-up. Using Nevermined doesn’t affect the security risk. So the hacking risk remains the same.
These are major governance bottlenecks that you can remove with Nevermined. You no longer need to cover these aspects with legal terms and post-factum audits.
TLDR: The data doesn’t move. The other party doesn’t ‘see’ the raw data.
CONTROL OVER ACCESS
Not only do you, as a Data Owner, keep control over your data, you also have the power to define the conditions that you want attached to your data sets.
This could take the form of pretty much anything, but typically these are parameters like:
- Only known parties with a defined ID can access. This can be programmed on a granular level, using Role-Based Access Control (RBAC).
- Everyone who pays X [insert data monetization objective here] can bring their algorithm to your data
- Only certain kind of algorithms are allowed
In article 3, we explained that these conditions are stored in the form of blockchain smart contracts. This means they are set up to be executed automatically when the conditions are met. If This, Then Absolutely That. And the ‘Absolutely’ is crucial, as this effectively creates a Service Agreement between the parties that engage in data sharing.
Nevermined is designed to be compliant with privacy regulations like GDPR, CCPA, etc. First, Nevermined itself does not store any personal data. Secondly, a Data Consumer interested in your data doesn’t get to ‘see’ the data. And, on top of that, we integrate privacy preserving techniques with the highest industry standards, including Multi-Party Computation and Differential Privacy.
These burning governance issues around access control and conditions can be dealt with in an easier and a more secure way.
TLDR: You define the conditions of access. They are formalised in a blockchain-based smart contract and this acts as an automated gateway.
IT’S ALL ABOUT THE PROVENANCE
Apart from control and conditions, Governance is also about documenting what exactly happened, in order to be able to prove certain parts of that value chain, for instance to a regulator.
In the context of data sharing, this comes down to the following question: ‘can you prove who accessed what data under which conditions’?
In order to do this in a trusted and secure way, Nevermined implements the W3C Provenance specification and combines this with the W3C specifications on Decentralised Identifiers.
More specifically, this means that the system:
- Assigns unique IDs to users, assets etc.
- Records all events or actions in the format of digital signatures
- Stores all these digital fingerprints on a blockchain
The main benefit of implementing these standards is that it creates guaranteed traceability. The complete record of actions is kept in an immutable and decentralized place. This creates a transparent source of truth for any party that needs to have access to this provenance data. If you’re interested to find out more, feel free to dive into our documentation.
TLDR: All actions taken by any participants in this act of data sharing are immutably stored. All parties with the right access can check this single source of truth.
UP A NOTCH, ECOSYSTEMS
“So far, so simple”, we hear you say.
Yes, we know governance can be a minefield. But we also believe that organisations currently exaggerate the complexity.
We want to show that the 3 elements mentioned above (Control Data, Control Access and Provenance) really show their benefit in more complex governance issues.
We see a lot of scenarios where data sharing will create major value if more parties are involved. More data = more insights. However, with more stakeholders involved, the governance complexity increases exponentially. Relying on manual, repetitive and expensive processes will certainly create exponentially more painful bottlenecks.
With Nevermined, we can create environments, data ecosystems if you wish, where all stakeholders are integrated digitally into the platform. This means
- Everyone is part of creating the rules
- Once everyone agrees, they are formalised into smart contract logic
- Data Owners and Data Consumers can ‘work together’, using this automated business logic.
When we say ‘data ecosystems’, we mean any group of parties that want to share data in a more secure and trusted way:
- It could be a series of medical labs who can’t share data across geographical borders, but could set up a Nevermined environment to prove to the regulators they’re not moving the data.
- It could be a few competitor banks, who set up a Nevermined environment to give each other access to their credit card data in order to train their risk algorithms.
- It could be a joint venture of a telco and an insurer who want to create a new service, based on the combination of their data.
You’ll agree that these are collaborations of the sensitive type. Remember: it is about trust or the lack thereof. So, apart from our technical set-up, we have extensive experience with the real world and human element of Digital Ecosystem Governance. So not only do we deliver a piece of software, we also support the on-boarding of members, the definition of responsibilities and the setup of the Governance committee, with all the parties or authorities involved.
One final note on authorities, aka The Regulator. With Nevermined, there is a major opportunity for organisations and data sharing projects to involve the regulators in a much more direct and fundamental way. In many legislations, regulators give approval on data sharing projects on a case-by-case basis. Again; slow, repetitive. Value obstruction rather than value creation. With Nevermined, they can become an active stakeholder in defining the conditions, approving them and monitoring them, in real-time.
TLDR: THE GOVERNANCE ISSUE
As stated in the introduction, it’s a question of ‘You can trust it to happen’. And Nevermined delivers exactly that.
Every party can trust they keep control over their data and assets.
Every party can create or agree on conditions and trust that the rules that everybody has agreed to, will be executed.
Every party, including regulators, can trust that the system will provide High Fidelity Provenance.
The business potential of data sharing is huge. Nevermined removes the current bottlenecks and makes data sharing easy, trusted and secure. The businesses that understand this and embrace this will be the ones that can pivot their data strategy from defense to offense. They will capture that value.
If you have more questions or would like to set up a demo/call with our tech team, do get in touch.
Originally posted on 2021-11-26 on Medium.