honestlyreal

The BIS consultation on the next stage of midata has been announced. Obviously it’s a no-brainer that making nasty old companies do more, for free, for nice-us-the-consumers is a Good Thing, innit? Well, maybe… But it kinda depends how widely you look at the issues involved. I wrote about some of these last year.

Below is my answer to question 1: (in which I do that thing of tucking most of my exam answers into the opening statement, then just referring back to them for the next 20-odd questions)

Q1. Do you agree with the principles of midata? Have you any comments on the proposed approach?

The principles fall clearly into the “what’s not to like?” camp, at least if viewed solely from the customer perspective. As that is the most appealing perspective, it generally gets the most attention. But the issues behind these principles are wider: they set up a tension around a business’ freedom to manage customer relationships in a way that maximises shareholder interests.

All business processes reflect this tension to some extent: call-centres and automated call handling didn’t arise with the primary goal of improving customer experience, for example. The business-customer relationship is subject to some regulation, of course, such as fair trading provisions. So we are not starting from any point of ideological purity about state intervention in business, nor of the preferment of consumer rights over that of businesses.

Midata will place an additional cost burden on businesses (to make system changes), reduce competitive advantage (through enabling greater customer portability and reducing the exclusivity with which one business can build a consumer history) and generate consumer benefit in some cases. These effects are listed dispassionately: removing friction in a customer’s choice to move is neither good nor bad of itself. It is what it is: part of the fabric of a consumer-business relationship. Change it, and other things change too.

In my view the most pernicious bit of midata is the “mi” bit. It borrows from the language of personal data (which is itself a complex definition, but for simplicity think of name, address, data of birth etc.) and extends it to include “data about my transactions with you”. Fallacy 1 is to assume that because you have transacted with someone, you own, or have a right to, that information. Illustration: I bought a new tyre last year. My name was taken, and typed into a computer by the garage (thus creating an electronic record and avoiding a §1.10 exemption).

Do I have the right today to ask the garage owner to delve back and release to me the precise manufacturer code for the tyre and the type of credit card I used? Wasn’t our transaction confined to the exchange of money for a tyre? If a record of other information was created, wasn’t that the record of something else: an internal accounting transaction for the purpose of retail management? This is more than a philosophical point. Certainly, the claim that “the data was related to me, so it is of me” is a weak one.

But then there is the issue of electronic record-keeping itself. We see the argument made that because the internal transaction record exists, it is (or should be) a trivial, low-cost matter to release that in a format that is digestible by and useful to a consumer. These arguments are generally made by people who have never had to manage a development budget for IT system changes.

Fallacy 2 is that publication is a simple matter of pressing a back office system button and generating a non-proprietary, machine-readable file. (To say nothing of the wrapping of requestor verification and security that would be needed, even for the most innocuous-seeming datasets. Where we’ve been, who’ve we’ve spoken to, what we’ve bought – all these are part of a very private mosaic).

And we also need to be careful in our assumptions of usefulness. Utilities consumption is a very understandable use case: here, a very structured dataset which though complex in its patterns can ease the movement of customers between competing providers – matching need to product – removing the legwork otherwise required from the customer.

Does this also apply to more sporadic retail consumption, where there might be no realistic use case, but the burden of compliance falls on the business anyway? Costs may be pushed up, and passed on, even where direct benefits are not apparent.

And trying to draw sectoral boundaries to say that “power companies must, tyre companies don’t have to” will be an implementation nightmare. We may also see more companies anonymising their internal records through the use of a proprietary reference, rather than a name, for example, to try and duck out under §1.10. And if we try to argue that any computerised reference that can be pinned back to an individual constitutes electronic information about individual, as per §1.10, then suddenly anyone that’s paid with a credit card, anywhere, for anything (if it’s been recorded), falls into scope. Not the intention of the principles, I’d suggest.

So with these considerations, the principles should be redrafted to clear up this implied point about a “right” to any transactional data – but instead to set out very specific data types, industry sectors (and illustrative use cases – though naturally new ones will appear with data availability) along with a compelling impact analysis that demonstrates benefits outweighing costs. This assessment should continue through the early life of enacted policy: if customer benefits outweigh the burden to businesses, then it’s working.

But midata is far from the simple, crowd-pleasing “here’s a free thing which will save you, the consumer, money and have no external consequence” that’s featured in some of its public presentation so far.