The API of Me

Here’s an interesting fact: If you live in the EU your personal data is yours. You are the owner of your data, a fact enshrined in law under the General Data Protection Regulations (GDPR). As owners of data and citizens of many economies — internet, application, information, API — we have a myriad of tools and technologies available to mine, mash up, and generally manage our data as we see fit. Moreover, we can exploit our data for our own benefit, selling it to the highest bidder for our own profit.

However, as consumers we don’t often consider how we can exploit our data. Typically we are only concerned with data security and are not as conscious of using it for our ends. Perhaps this is because the banks, insurance companies, and other corporations that hold our most valuable data are not naturally disposed to making it easily accessed or shared with whomever we see fit.

Enabling the sharing of our personal data in a manner controlled by us is at the heart of some unique concepts. This would allow us to create a Personal Data Store to better visualize personal data, and would also enable the API of Me, the endpoint by which we can share our valuable personal data in a digital world.

The data revealed by the API of Me is not a single plane; there are different types of personal data from a variety of sources that make up our dataset and describe who we are, what we do, and what we touch. They come with varying connotations and likelihoods of being exposed to an external audience. In this article, we’ll explore these types of personal data that if unlocked could finally enable the API of Me — the programmable endpoint to our digital lives.

For a look at how Open Banking might enable the API of Me, watch the session from the Platform Summit:

Confidential

Confidential data is the data most important to us. These attributes uniquely describe us and allow important things to happen in our life, from our birth to our death. It also includes subsets of information that we would prefer to be extremely closely guarded; data about our health and ongoing health records, for example.

It goes without saying that confidential data is extremely sensitive, and when obtained by miscreants can be used to impersonate us and falsely make applications for bank accounts or mortgages without our consent. Most countries and regions have established extensive laws and regulations, like GDPR, to safeguard confidential data. Though safeguarding this data is crucial, selectively making it available can aid our daily lives by simplifying the process of data exchange.

In general, due to data privacy constraints, organizations that hold our confidential data limit it to a specific, authorized realm: The owner of data themselves, or a third-party who is expressly authorized to access this data. The majority of APIs that access this information are therefore either private or partner APIs, with little or no public access. Enrollment, authorization and access are tightly controlled. Such private APIs include the closed APIs that power our online banking platforms, or partner APIs that are the heart of price comparison websites for insurance or other products.

This closed approach to confidential data introduces considerable friction to us as consumers, and requires us to endlessly confirm our identity using physical artifacts like a driver’s license, passport, or proof of address. Only where a formal scheme exists for sharing our identity and confidential data digitally (such as the schemes in the Nordics like NemID and BankID) does that friction disappear. The technology also exists to extend the scope of the platforms that hold this information and to share this data on our behalf; both in terms of protocols or products like Trunomi. It remains to be seen whether we as consumers have the appetite and trust to allow this information to be shared via an API to unlock it for our own benefit.

Financial

Our financial data consists of the transactions we make, our banking history, and creditworthiness. Like confidential data, it is of considerable value to us as consumers. Exposing this data to applications like personal financial management (PFM) tools can provide helpful visualizations that the atomic data doesn’t necessarily deliver.

Our financial data also has intrinsic value to businesses who attempt to sell us products and services based on what we spend our money on. Such data is essential to market analysis and demographic trends. Obtaining such data is easier for major retailers, especially those with loyalty schemes who can easily correlate spending over time with a real individual.

Financial data and APIs presents an interesting juxtaposition for consumers: Having this data available to PFMs or accounting packages like Xero that help us make sense of our spending is extremely valuable, but often only private APIs (such as online banking) expose it. Gaining access to the data therefore becomes a question of using workarounds such as screen-scraping, which can contravene the terms of use for the services we access. Moreover, this data is also not available to businesses who might sell us a product or service we are truly interested in. This can negatively affect our perception as consumers of businesses who resort to spamming us based on either spurious correlation deduced from limited data or no analysis at all. Controlling how we expose financial data via APIs is therefore highly valuable to us, but again we are frequently thwarted by those who hold our data on our behalf.

Tactile

It’s more difficult for consumers to comprehend the value of tactile data: It’s what we ‘touch’, both in the physical and virtual world. Tactile data includes:

  • The sensors we activate when traveling on public transport, using either a travel or contactless card or a mobile or smart device (which may indeed present a cross-section with our financial data)
  • Our GPS movements as tracked by our smartphones;
  • The items we browse at a clothes store that are labeled using smart tags;
  • Our browsing history that shows what we view online;
  • Qualified data we catalogue about ourselves, such as calorie information collected through apps like MyFitnessPal.

These events tie us to particular locations and activities and provide a clearer view of us as an individual. If we chose to share tactile data with the organizations we want to do business with, we could exploit unique offers specifically tailored to our daily activities, which could bring about fantastic consumer experiences.

At the time of writing tactile data is only sporadically available to us as consumers and indeed subsets of that data are tightly controlled in most countries, such as the geographic tracking of an individual. There are exceptions in certain subject areas of course, like the Garmin Connect API (although being able to access this data carries a considerable price tag!). Browsing data is also becoming the subject of intense scrutiny with more tools being created to protect it. Few, however, are allowing consumers to exploit it for their own purposes. As consumer awareness of tactile data increases we will value it more and thus our desire to exploit it will become greater. However, exploiting it and making it available via APIs, given the regulations and laws involved, may be extremely difficult for the foreseeable future.

Aggregate

Aggregating our confidential, financial, and tactile data helps to build a picture of our lives that is extremely valuable to us: It could be a way to exploit the Intention Economy, a concept described by Doc Searls that he later expanded upon on his book on the topic. The Intention Economy focuses on the fact that consumers come ready made, and that advertising is unnecessary: As buyers of goods know what they want, they can make rational decisions in approaching the market to make a purchase, allowing sellers to “bid” for them. This is incongruent with the vast majority of markets today, as they are seller-orientated and based largely on advertising.

The Intention Economy has yet to come to fruition in a universal sense, but pockets of behaviors that loosely follow the idea have emerged. Examples include price-comparison websites for insurance, energy supplies or credit cards, but these only bid in silos i.e. the companies offering deals don’t overtly attempt to outperform each other. The concept and implementation of Personal Data Stores is becoming a reality through software like Meeco and Mydex, enabling us to corral, organize, and allow specific access to our data.

We are on the cusp of being conscious of our real value as consumers. However, the architecture, protocols, and networks to support the ready aggregation and interchange of our personal data is in a nascent state, with some of the key tools like vendor relationship management (VRM) software (a means to manage our relationship with the vendors we wish to do business with) under relatively early development. The API-of-Me concept will need to mature for us to truly elicit the value of our personal data.

Final Thoughts

The ownership and stewardship of consumer data is a subject much wider than the API economy: It covers all areas of technology, and for the majority is a subject that only surfaces in conscious thought when a business or organization uses their data in a way that they should not.

However, as the population becomes more tech-savvy, consumers will begin to understand that their data (whether exposed by an API or another means) has intrinsic value to them and controlling it can deliver them significant benefits. Generally speaking, we are at a standoff between the desire to access this data for our own means, the willingness of the organizations that harbor our data to make it available, and the manner in which we can correlate it, understand it, and disseminate it for our own benefit.

The cross-section of this data forms a picture of us as individuals that is hugely interesting to potential consumers of this data. That value must be controlled and safeguarded for our own benefit. We are on the verge of utilizing the data we create for completely new ventures — both the API of Me and the APIs that allow us to access our data will certainly provide a vehicle to help this opportunity become a reality.