Managed Data Shadows

Managing our disconnected personal data footprint in the connected world.

In the developing world, caring about data protection and privacy is a luxury that many cannot afford. To most of the citizens of the Global South, giving up personal data in exchange for services both from the private sector and the government has become such a norm, that questioning this practice is generally frowned upon. For many, sharing their Personal Identifiable data carries no implication as no commercial value has been placed on this data. Hackers are not interested, advertisers aren’t using it, so why worry?

This trend is becoming dangerous as the developing world moves more and more into joining a globally flat and connected world, especially because governments and private sector players alike are requiring citizens to share a lot of their data through very disintegrated systems, with some moving into the collection of biometric data with no clear communication on its use or storage.  As more secure data interventions are being put in place in the global northern country systems and making it more difficult to access use or misuse the data, the hackers and malicious data users are moving into the global southern countries where not much thought or legislation has been put in place towards protecting personal data.

With the proposed solution, Managed Data Shadows, we intend to map out all services, both public and private, requiring citizens to give up their personal identifiable data and provide a platform where the citizens can check this information and even make requests for their data to be deleted from the systems in case they have no confidence in the gatekeepers of their data or the need for this collected data is no longer active. This will allow the citizens to have greater oversight and control over their data and hence reduce their data footprints and likelihood of unnecessary exposure and attacks.

The solution is a new process for solving the problem of disintegrated personal identifiable data being unnecessarily collected and unnecessarily exposed beyond the intended purpose of first collection. Through this solution, users will for the first time have a one stop solution for understanding who collects their data and making request for the data to be destroyed if the intended purpose of collection is no longer needed or the citizen loses confidence in those that have collected their data.

This solution will minimize the exposure of private data by allowing users to take ownership of their data by making requests for their data that no longer serves the purpose it was collected for to be deleted. Currently, the policies on discarding data after intended purpose of collection and use do not exist and with this, the citizen has the power to dictate who has custody of their data and by extension, a great way to minimize data collection.

The solution can be incorporated into digital identification systems as a last mile solution for custodians of citizen data to allow for requests for their data to be corrected or removed. This will be done by sensitizing custodians of personal data to receive and respond to claims for data updates. This will act as the last mile solution in the data collection and use pipeline, allowing citizens to take back the power of deciding who should have access to their personal identifiable data.

The proposed solution will be very user friendly as all that will be needed is someone responsible for communicating with and responding to the citizen requests over email. There will be no need for complex APIs that might pose a challenge especially if the digital identification systems are not designed to interface with 3rd party applications.

APIs will be provided although from experience, most corporate and government systems in the developing world are not designed to interface with 3rd party applications, especially given the nature of the sensitivity of the data collected. 

For this reason, we have opted for an email interface that will be used for the communication.

The solution will be deployed as a simple easy to use website that is accessible on all devices from feature phones to smart phones to PC. In addition to this, a hotline will be provided for those with digital illiteracy to call in and make their requests, which will be forwarded on their behalf to the affected institutions.

Our vision is to have citizens take back their power in the ownership of their data. For many years, citizens of the developing world have been at the mercy of their governments and corporate institutions which have taken advantage and collected more data than they need and in turn exposed citizen data to vulnerabilities that make them more susceptible to hacks and identity theft. Our hope is that this work will create awareness on the need for laws that govern how citizen data is collected, used and stored.

With initial in Kenya and later to other African countries.

We at Data Science LTD™ are not currently working with any other organization.

CEO - Research, policy, computer science

Research Manager - Mathematics and statistics

Software engineer - Computer Science, software engine, data modeling

Project Manager - Business and IT management

In the longterm, we would like to bill for the use of the service. When a citizen uses the solution to make an application for their data to be removed from a particular custodian, they will make payment for each use of the solution.

We have been working in the data protection space for a few years now and the Mission Billion Challenge presents an opportunity for us to enhance our work and create more sustainable solutions. Through our participation, we believe we can get the much needed guidance on what would work, what would not and now to make our solution better.

1. Awareness of the need for the solution - we shall overcome it by doing more sensitization among the users.

2. Resistance from information custodians - this can be overcome by creating more awareness on the need to reduce data that is collected and the dangers of exposure of sensitive personal identifiable data.