V2024-04-01 [5 min read; 17-minute video primer; 2-minute Perseus video]
Market-scale governance for secure, trusted data sharing
Introduction
Huge amounts of data are being generated worldwide: from our financial systems to energy, water, transport, our built world and our environment. To make the most of its value we need to connect it with those who need it and put in place the right protections for everyone.
We help people make rulebooks that everyone can use to trust each other when they are sharing data. We also help them apply these rules in ways humans and machines can understand.
This process is not static: it needs constant monitoring, reporting and verification. We aim to make it easier for organisations to share data, and help sectors enforce rules when needed.
IB1 delivers services that enable data sharing at sector, national and international scales.
- The first step is robust data-sharing governance (which we call Icebreaking), to define the rules for how data can be shared.
- The second step is a system that codifies what these rules are (known as a Scheme) and controls how they are followed (which is applied using a Trust Framework).
We are a non-profit. We operate a membership model to fund and deliver our services. Note that we never see or touch the data: the rules are centralised, the data is decentralised. Both our services are ongoing. The rules of data sharing evolve and change over time. Trust Frameworks (as-a-service) provide ongoing monitoring, reporting and verification of their implementation, at market-scale. Our services also help Member’s define and implement Assurance and assess Data Sensitivity.
Which sectors can this apply to?
Our approach is sector-independent. We work with you to design and operate solutions for any one sector, or across sectors. For example, smart energy and water solutions need collaboration and data sharing between sectors. As each sector also has its own needs, sector-specific Trust Frameworks and Schemes can address their particular rules too. The rules address the commercial, consumer, legal, regulatory, and technical needs of that sector.
We are already developing solutions for sectors, including:
- Energy Sector Trust Framework — leading in the UK with Open Energy
- Water Sector Trust Framework — with the UK Stream consortium as the pioneering Scheme
- Cross-sector/Core Trust Framework — with Perseus programme as an exemplar
We are exploring work across finance, the built world, transport and agriculture with partners to unlock opportunities across the economy.
Video introduction (17-minute overview)
- Scene setting (from 41s): how can we think about data?
- Connect don’t collect (from 2m12s): how policy, the real economy and financial economy connect
- Can we unlock £100B? (from 4m58s): example of a live programme
- Collective action (from 11m58s): how data sharing governance can help humans and machines collaborate
- Get involved (from 16m24s): be an Icebreaker
Why ‘connect don’t collect’
Data must, of course, be collected for analysis. The key is that data is spread across millions of different systems, organisations and billions of sensors. We propose a Trust Framework approach as the first step to harmonize the rules, standards and governance at the start (which will have to be done anyway). This is a cost-effective, secure and scalable process that can enable scale, security and proper controls.
Most initiatives we see start with tech and add governance later. This is, in our experience, high friction and high cost. It does not yield truly open markets that can scale in the same way as the open web does. There are more machines online than there are people on Earth.
This is especially true with climate impact, where we need to enable cross-sector, cross-border data sharing at an unprecedented scale. To address privacy, security and proprietary data needs, we must have a decentralized way of enabling (and blocking) data sharing.
We need to support an open market architecture.
The good news is that if we get that right, building centralized, specialist databases for analysis becomes easier, and open to many thousands of use cases, instead of a huge collection of siloes and monoliths. Connecting enables fluid, adaptive market innovation and competition, and reduces the brittleness of ‘big-data-first’ approaches.
Learn more about designing data-sharing infrastructure
IB1 Trust Frameworks do as little as possible
Data sharing at scale requires the separation of ‘the data’ from its governance and the technology used to host and transfer it. A critical design feature of a Trust Framework is that it does as little as possible. This balances the building of trust, while reducing transactional friction. The Trust Framework doesn’t define the rules, nor does it touch the underlying data, or know who the end users are. It just verifies that rules have been agreed and can enable their enforcement.
The approach has three elements:
- Co-design of the rules for data sharing (both technical and non-technical)
- Implementation of the rules in a machine-compatible and enforceable manner
- Infrastructure access via verified permission-based trust to enable data to be shared directly between organisations.
- From a data user’s perspective, they want to know ‘can I find data, access it and use it for this purpose?‘
- From a data provider’s perspective, they want to know ‘can users find my data, access and use it with the right permissions?‘.
Both want to know ‘can we [legally] trust each other, and what do we do if something goes wrong?‘
In the diagram above,
- On the left, humans come together to define rules (rights, standards, policies)
- In the middle, those rules are codified into a Trust Framework
- On the right, organisations (and their machines) can check they have agreed to the rules
In this diagram, we illustrate that this can include the explicit permission of an end user. The end user doesn’t need to be in the Trust Framework but they do want to know the organisations handling their data are in it – so they can have trust in the processes and mechanisms of redress if needed.
The Trust Framework also supports two other models of implementation: where data rights are predefined and don’t need user consent, and where usage rights are waived using an open data licence.
To summarise, there are three types of use-case:
- Open data from verified sources
- Shared data between members of the Trust Framework based on predefined access rules
Shared data between members of the Trust Framework where permission of a data owner outside the Trust Framework is required.
Open banking is an example that is used by millions and generated £billions
By way of example, in Open Banking, a customer’s current account data can be shared directly from their online bank to an online accounting provider to automate the creation of a tax return. The bank and accounting solution are both in a Trust Framework which protects both of them, and the end customer. It is co-designed by industry and regulators and is implemented via an independent non-profit body. This independent body operates the Trust Framework. It never touches the user’s data, nor knows who the user is. It manages the trust relationship between the market actors and, as a regulated sector, can aid enforcement (e.g. excluding bad actors from the ecosystem).
Learn more about Trust Frameworks and related services
Trust Frameworks: detailed narrative
Icebreaking: A proven process for the collaborative design of Trust Frameworks
Assurance: Building trust and confidence with clear assurance levels