 Thank you very much, Amit, for the introduction because I think you stated the problem very well due to recent events like the COVID, but also to technological advances, it became clearer and clearer that data protection rules are closed when maybe simply not enough. And I think you placed the discussion at exactly the right level that I will try to address today. It also reassures me because I know I was speaking to an audience of technologists, so I was hoping that you don't expect me to show you codes about how governance should be done. It's really more the vocabulary language on higher level, how it should be described. So I'm Philippe Page, I'm the third co-founder of the Human Colossus Foundation with Fall on Robot, which you heard in the previous weeks, and my background is actually not in governance directly, but had the chance to witness two big changes in the digital transformation, the first one in the 90s in the scientific area, where the importance of actually sharing accurate data within the scientific community was working close to CERN in Geneva at that time, was something really important and I could witness how important it was to create really global cooperation on science. Then I turned to banking, as many Swiss physicists do actually, and within the banking sector for about 10 to 15 years have been always involved in developing new processes and new organization and that the governance of the bank itself was really impacted by the digital transformation itself and this is the experience I bring into the Human Colossus Foundation. So this talk is really appending, the first two talks that were given by Paul on Robot, no knowledge for this talk is necessary to understand the talk I will be talking about, except for the fact that the first two talk really gives the technological substance to our distributed data governance model. And here on this slide I just want to stop for a second on the word distributed, it's not a typo, it's clearly different from decentralized because as I will show you in a few minutes I think that's something that is very important when we speak about data governance, the distributed element of many users, many people in actually multi-jurisdictional ecosystem, interlacing with each other, which makes it very hard to actually build a proper data governance. So in the set of three talks here today we are at the top of the pyramid where we are really dealing with governance, which basically we see as the element giving veracity on every information coming from an information system. Veracity is really purely human word that a human decision maker will have to decide whether the information they get or they're dealing with is the right one, is sufficiently good to be able to decide. So the talk really focused right to give a flavor what type of governance model needs to be applied when you are working really in an environment that has a multi-stakeholder policy making, for you need to define different rules that have to work together and that's why it's more for distributed data ecosystem. For a large company it could also be useful inside the more closed-in environment because multinationals, for example, also face this multi-jurisdictional questions when they develop internal systems. So what is data governance? Well, data governance, there are many type of definitions here. We can just quote one, which is actually one we are not using every day, but we find it pretty good and it comes from the Data Governance Institute and it's basically stated in very simple, not simple, but that's the general term what data governance is. The system of this decision writes an accountability for information-related processes executed according to agreed upon models, which describe who can take what actions with what information on when, under what circumstances and using what methods. So that's a wishful thinking when we develop a system, having all these aspects contained into a set of rules that we know the system will follow. But if we want to go to a more functional description of what is data governance, I think we have to start with something that is a little bit more known, so that's why I will start with the concept of an enterprise, a company, look at a company of any size, because data governance is something very tangible. It's a set of policies, of rules, of regulation within the enterprise, which the enterprise is somehow free to develop themself, because these are internal rules, these rules obviously are within a jurisdiction, they have to respect external laws, but it's still the enterprise that decides its governance model in function of its goal. But it also goes with all the procedures to enforce that. And the point I wanted to stress is data governance is not only a document, it's a set of documents or maybe rules, but there is also this enforcement aspect. And but also the human aspect of this, that is, to make the governance has work, you need the involvement of many layers of the company that goes from the steering committee, which usually have the involvement of some senior management, because it's about defining which risk level we want to take within a company. And then representative, which is called here data representative, but it's really representative from every piece of the company with their own perspective about how information, which is digitally represented with data is used within the company. So many companies that have spending a lot of money actually in building this data governance. And the point I want to stress for the discussion of evolving data governance into the new open world of internet we have currently is that this data governance is always balanced with the business interest. I mean, the two things on other concept are part of the overall data management strategy of the enterprise. And the point here is that enterprise are not designed to make the perfect data governance. In the end, the best to be simple to be simply stated, the goal is to do better business for an enterprise. So there's this joining of a different aspect that will also influence the data governance that our governance is not simply something that is standing on its side. Things get a little bit more complicated when you have obviously sharing data between enterprise, which these days is most probably almost all the time because data is flowing between third parties and the larger company have also to be responsible about how they share the data. So this is usually done through data agreements, which is maybe another layer of complexity to add each company enterprise that the governance has legal aspect, commercial aspect, but also simply operational aspect, how can we actually share this data? But here again, it's another layer of business interest that we mix with data governance to define better business. Then things get more complicated when you are looking at the ecosystem in which enterprise are working. And because on top of this business and governance interest, you also have the ecosystem interest. Think, for example, the airline industry or the travel industry, where you will have enterprises in very different jurisdictions, even within a single country. I mean, I come from Switzerland where tourism is a huge industry. Well, even different states in Switzerland have not slightly different rules. So as a hotel chain, you have to follow up with your number of different business practice. So here I put simply business code of conduct because it's not not always enforceable rules, but they could also be professional best practices. And all these actually influence the data governance. Obviously for the people that have to build a system that must respect the data governance, the interaction becomes even more complex. And all this up to now I didn't even mention that the protection regulation, because this was like enterprise language, how an enterprise actually deals with the data, without really looking at the customers or the city zone, if you look at the state as an enterprise. And the data protection regulation are actually one of the largest misnomer in the field because data protection, it's not about protecting data, it's about protecting the people, and which gives the personal data that's how it started. So when it comes to include into this set of data governance rules, the protection of the customers, the protection of the citizens, that's where you drive the whole concept of the regulation of the ecosystem in which the citizens or your customers are living. And this is something a bit more complex that started to really become important about 30 years ago. And we all, I mean, Amitz was mentioning before the discussion you're having in India right now. In Switzerland, we do not have a discussion on data protection laws. This date has been revised last year. It was great. There was one in 30 years, but evolution required a significant revision. And I found kind of amusing to see that currently we're still speaking about it. And I put this quote of an American pollster, Lee Harris, and an important point on this quote I think is the date 1979. In 1979, he put this quote out, most Americans these days feel that unless something is done urgently, we might collectively arrive in 1984 on right on time. Here 1984 was a reference to George Orwell's book 1984 and the Big Brother threats of system that will be a total surveillance system. And I feel well, more than 30 years later, well, we are still discussing it while the landscape has completely changed. Remember, 1979, this was the first IBM PC personal computer, the first Apple II came out around that time. So the landscape was totally different. And already at that time, some people felt this was a problem. So if we want to go back to, because we are actually discussing it from a technological aspect, not from an economic or political aspect about what needs to be done with data protection laws, it is clear that this mess, this mesh of values, low, low regulations, whether they're entity based enterprise based country based people based, this is very difficult to isolate something that you can call data protection on that simply deals with personal data. Just looking at that, people involved in the personal data regulation know that it's not enough that you need to go further than that. And so I tried to summarize some, by the way, can you see my slides? Yes, hello. Okay, yeah, because I just got a message on my screen. I just got a message from my screen saying that now you can see my slides. Do you see them before? Yeah, everything did for you. Okay. So the problems of data governance could be summarized as follows. There is first the micro level, which is the road I took before, because that was a very tangible world, what to release data governance to data protection. And that this micro levels really seems how things happen in an enterprise, how things happen with citizen customers. Here, the numbers of regulations and complexities on interaction really give rise to a highly complex ecosystem. And this is translating to rising costs, not only monetary term, but in human terms, you need more and more people in compliance or in various areas to actually take care of these data governances. But the worst problem is I think the eroding trust that people have in actually these data governance, because the protection is often not felt. It is very hard to convince someone, for example, a patient in the medical sector, that his data that he's willing from proposing to share for research purpose will be shared only for research purpose and will not go further and maybe be used for other purposes not aware of. So this erosion of trust really slows innovation because it's getting very hard to get adoptions. And it is also behind actually the threat of having new innovation, sharing more data as the technology will allow. And this has very practical consequences. For example, bring back to a medical sector example. Now, we could bring so much data on your mobile device that your mobile device actually become a medical device. Medical devices are being regulated very differently than mobile phones. I'll let you imagine the complexity of some people that are developing apps that actually bring this type of information on mobile devices. So that's the micro level. And by the way, I didn't touch the cybersecurity aspect, the simple stealing of data. This is I think a different topic, but it's also part of all the question that are rising costs on slow and eroding trust in information system. But I think we also have a more macro level problems when it comes to governance is that because we are living into a world that is more and more interconnected, most of the application developed today will require the connection with another stakeholder. And this multi stakeholder environment translates very often into a multi jurisdictional environment under the best example which I don't have to explain much was the travel path related to COVID-19. It was very hard actually to be the travel path that will be available globally without either centralizing the data into a provider or into a trust provider in that everyone has to agree. So you need to get everyone agreeing that this is the center of trust. And usually the center of trust doesn't want to take this responsibility globally. So it slows down the process. And also it doesn't really take into account the detailed needs of every user of a system. People who are simply traveling didn't maybe have the fear of data protection. They just wanted to travel. So it creates really a tension between the user need, the user demand and what actually could actually be done. And this is what I mean, but growing complexity on the macro level being attached to these multi jurisdictional agreements being slow. And by the way, this is not only relevant for digital transformation. If we look at another aspect which we worked on was the global passport for vaccination. We even Colossus Foundation, one of our first projects was regarding the yellow fever vaccination because the WHO had created about 20 years ago the first passport. This little passport is a yellow booklet that ensures that you can travel because it proves you have been vaccinated against yellow fever. This little booklet had never been properly or adequately digitalized despite it's a very small piece of cardboard. And the reason it was never properly digitalized was no one could actually build one global framework where the things would be available globally. And WHO could just do what they could have it in five languages. Initially it was only for this vaccination because this vaccination was the only one that was agreed upon all over the world. And this is important to note that depending on any data governance, depending on any authentication, any exchanges, there is usually an existing trust element that allows system to be built. And this trust element are between governments, between independent legal entities. And they must exist usually before you go to the digital space. And this is sometimes forgotten that it's not the digital credential that will give you the trust, it's actually a digital representative of an existing trust. And obviously it is another point coming as a problem in the erosion of trust. It's more on the economical side because of the way trust is enabled in digital system. We see a centralization of trust on a certain number of platforms. Some of these platforms, when we think in social media, are usually concentrating power on users. So the network effect is something to bring some kind of platform locking, which is then creating a problem for all the businesses or not. So these are, I think, the two side micro level problems, micro level problems, but they are both reflected in really a growing complexity that is very hard to build anything on it. But also, and I think more importantly, this erosion of trust that really blocks the development of information system at the time, we all expect actually digitalization to help against big problems like global warming. All these problems that require collaboration at the scale of the planet will benefit of sharing more and more data. Now, if you want to have a look at the technological aspect of what we think are the origin of the problem on here, this is really the work we have been doing for the last two years as part of the Human Colossus Foundation, is to develop this thinking that there is something, two designs of the current internet that have not been scaled fast enough to respond to the actual success of internet. Remember that internet is about 30 years old on half of the world population is now connected and on top of that, now you have all the IoT devices. So I think in less than a generation, a huge impact on the society as a whole was created by this internet protocol. This protocol was the evolution of the IT, but we can use 1964 as maybe an important date. That's the publication date. I took this graph from Paul Barrand in his run corporation notes on the subject. At the time, they were trying to create a physical network that would secure the communication that was in the US. The threat was the nuclear threat and they wanted decentralization. They choose decentralization of the network as the response to secure the networks, going from centralized networks to decentralized network and distributed network. So on the information on the physical networks, I think we clearly have reached the distributed level in many areas. When you look at the number of mobile devices and the amazing computation power that are in these devices, and I will even say that compared to these 1964 pictures, the connections are even bigger than what was expected because every node we see on the right is actually potentially connected to every other node, not simply to nodes in its neighborhood. So this led a transition from a very static system, which were dependent on a centralized source of calculation to very dynamic system that are actually evolving coherently. But I put almost in red because we are not almost there and we feel that today when you deal with your, especially when we speak about personal data, which we can always think about, data that sits on, that can sit potentially on your mobile device, we know that we have to always go through platforms to always pay some, you're not totally free to basically peer to peer transaction or calculation or communication as this diagram will imply. And the reason for that I think are known by most technologists is it's related to the authentication. We are still living in the world, the old world of the login, the account, which makes total sense when you have a centralized system, the centralized system knows its users simply by having an account and logging on the user. There was no problem with that. Obviously, authentication followed the evolution to the decentralized system and I think the self sovereign identity, authentication system, this movement is one of the most advanced currently that try to push the authentication on the networks into decentralized methods. But interestingly, for the authentication losing this concept of login and account is very hard. Well, it's a hard engineering problem, that's for sure. But it's an even harder economic problem because a lot of the platforms or a lot of the businesses that have been built around the internet this day do need actually to concentrate on the authentication on their platforms to keep their customer or in that that's maybe the worst problem, the reuse of the data because they actually make the benefits or the value for the platform is not actually the value for the user of the platform. It's the value of the data of the user of the platform. So the secondary usage of data has an important economic impact for many businesses based on using many digital businesses. And that creates back a certain centralization that in the sense that there's platforms still around on bigger platforms get tends to get bigger. So that's why I put the arrow basically going both ways. Technologically, we could go to self sovereign identity. There's an economic burden that slow this problem. And that goes back to concentrate basically the authentication to global provider. And obviously, I didn't mention that it's kind of abuse to issue the more you centralized these these authentication methods, the more risk you have the cyber security side but also simply on the failure risk because you have a single point of failure in your system. And I will say this is this authentication decentralized authentication question is rather natural questions because this self sovereign identity movement has expanded. There is experiment taking place in virtually in many countries in Canada in US in Europe and part of some open source discussion basically we have members from all over the world. Discussion that is not taking place. So openly, it's the one on semantic because it is a so many problem. It's harder maybe to grasp what's the meaning but we can use the same same diagram. The same diagram semantic on the left centralized basically you have a standard. In the sense it's easy every node is connected to a same standard that works perfectly well when you are in a totally centralized fashion. When it gets decentralized and here you can think about actually different networks having to interact and share data. I'm going back to the medical sector where actually the the data standards will be share per jurisdiction or per the main of the industry. Pharmaceutical industry doesn't use the same standard as the hospital or the healthcare industry health provider industry. So yeah so that the solution you see some standards like HL7 that are becoming more and more important but having one standard globally basically makes it harder on harder to respect the diversity of each of the environment of each of the jurisdiction which it is applying. So it is getting costly. Importance is this interconnection between standards and usually the the work of being able to connect two nodes on the networks without referring to a standard was studied since sometimes but it is much harder to define the the meaning of the data if you don't have a standard to directly adhere to. So this is where the at the Human Colossus Foundation that was the topic of the presentation of Paul about decentralized semantics and this solution which we are looking at this layered architecture that would provide actually a way for having a higher level of decentralization in the semantics. So the aim in that area as Paul declared is really to have in peer-to-peer relationship this possibility of defining which standard you are using peer-to-peer not relying on a platform. So this is fine and we see technology is going the right way to the decentralized where we have more and more power to the entities so when we come to personal data this will explain why we have basically put more and more power into this data protection node but actually there is an important fact to realize is governance is about how people interact how people cooperate on the evolution whatever society you are living in whatever culture that's not how humans evolve humans always evolve in the other sense they start individual tribes gathering that started to be larger and larger community and the centralization here is actually the authority against which the tribe gather or cities in the run the country and then more we advance the more we have centralized structure the biggest one I think I could think of will be now the united nation where basically every country is supposed to follow the rules that it's very complex one but the life of everyone is not dictated only by the top level of the most centralized one these whole layers of of governances that are put in a values level but the point is here it's all starts with from the other side it starts really from the the central node the the humans if you want the human create structure which are more and more complex and then each structure becomes the node from the next level and this what I mean by that is that humans will create a company like certain and a company then when it deals with other company it's company to company you don't go down to the human all the time so that means that when you are designing governance we should not follow the technology road the technology road started from centralized to distributed to build physical networks but governance is more about how humans exchange information and should go the other way around start with individual and build strong arms larger and larger community and I put this complexity a role because to show really the complexity goes in both in the opposite direction so whether we want to address both the micro level or the micro or the macro level of the governance problem it might be well to start first with the the existing trust framework the existing human trust framework that start with the individual and build larger and larger structure and that was the idea we have worked on between behind this distributed governance system so to have a quick explanation why the two first call actually make this model actually buildable is that through the first bottom layer the semantic layer it was all about object integrity we have tools now to better preserve the context when data is being captured and when the data is being kept is being harmonized at the capture level it helps actually to be very clear about which data is being so the meaning of the data is being more deterministic which means you have tools to better capture the context in which the data was captures before it's being reused and the next the input layers that was presented by by robot it's all about decentralized authentication yes but not authentication only of the people or the actors or the controllers as we see on the networks it's also about the authentication of the events so this is why we spoke about authentic events and from the governance people's aspect you can build a decentralized system of authentic events which looks a lot like causality causality in the real world allows everyone to judge that this event happens before the next or after and context and causality are the two fundamental aspects of any legal framework you can't build try to build a legal framework where you don't know who did what and when that's not possible so this is why if you think of in in these terms first of object integrity and then of event authenticity you can rebuild these two core aspects of governance and how we actually phrase that is actually it creates this notion of digital self digital self meaning that a governance can apply like a regulation to that person at that time in that context and then you can define this so equipped with this concept of digital self which at the most basic level will be like an active wallet that holds some credentials that can but by active wallet that will mean the wallet will know whether the credential is used in the correct or so this is not the we don't really use the term wallet but it's at the lowest level that's how you could think of it this is what's protecting actually the entity that is living and subject to this governance whether it's an individual or company or government dealing typically always come back to the covid passport the travel pass dealing at international level with other peers with other governments so having isolated that also flash here these pictures that people that were on the first two tools will see the governance domain is clearly split but depends on intimately connected with the inputs and semantic domains that's where we define the rules and how these rules are connected to object and regions so our aim in actually building this concept of distributed data governance that starts with from the individual is really to provide a powerful solution for all multi stakeholder collaboration but we want this collaboration to be based on transparent rules and regulation whatever they are there must be a way to embed them whether they come from contract law from privacy law from international regulations and this will enable actually the sharing of the data across the ecosystem so the presentation I think will be available online so I will not go to the details but the important point is that the distributed data governance is really like an operational framework in which the solution could be built the visible part of the the data governance distributed data governance is what we call the data governance administration that's where we have I'll say a few words after that where really the action takes place where we connect actually the stakeholders to specific registries or where some governance is enforced or some credential are being issued so to go we'll not go too much into the technology but how does it work actually this notion of distributed data governance model that starts really with the individual me as an individual I'm part of why you say ecosystem I'm a citizen of India I'm a father I'm a mother I am working in that company I'm traveling in another country we are always interacting with multiple governments but how does this user actually can connect to these values uh governances and this is where we have this concept of ecosystem so my user we have to be very clear on the networks what distinguishes us from a machine is very little we are all bits of information traveling on the network so here human closest we redefine slightly the world autonomic agents autonomic agent being this notion that the agent is actually capable of free will deciding and this is crucial for governance there is no governance if you don't have an implementation an enforcement of the governance which leads to accountability and if you think of it this is somehow related to the choice you are making when you do an action or not so that's why what we call autonomic agent actually agents which have a free will so it's obviously for individuals but it's also for an organization that within its ecosystem has the will to decide to do this business or to do another business or for a sovereign entity to develop this relationship with that entity or not so there is some kind of free will at the entity level that applies when you have this mechanism of choice so this is what we call this agent which are represented here in this diagram as the data subject and the the ecosystem has basically then you have enterprise or companies people doing stuff let's put it simply like that but we speed them into do you have the purpose do you even service provider the companies that have free have a purpose to do something you will exchange data for them but for a specific purpose which has separate from the insights based service provider which are just analyzing the analyzing this information i think that's an important speak when you want to clarify the governance aspect because on one side you have the data captures but on the other side you have the data analysis and these are two things that needs to be bound together by the protocol governance this is what the data governance is important about so here the blue circle represents the legitimate authority that as part of if you are part of an ecosystem maybe you don't agree but you recognize a certain authority that governs the ecosystem you most probably never interact with the authority but the authority will issue the constitution will issue the regulation will issue the things that the data governance administration can work on and then an ecosystem is simply a set of members any members these are all the valley in green which is glued together by this administration data governance administration itself responding in the visible face of the authority behind and two important point first everything in this ecosystem has to be peer-to-peer the data subject discussed with the purpose difference service provider the way he wants he doesn't rely on the data governance authority to be able to discuss with the purpose driven provider typically in the health sector again i can go to a medical doctor and i have my chat with him it's only when i want to check that this doctor he's actually a certified doctor that i will need data governance administration to be able to have issued in this case a credential to the doctor that he can share with me okay this is actually a doctor from from that following that type of focus so the the important aspect is that everything is based on peer-to-peer connection to respect this individual aspect but the other important point is that the the data subject can will be member of multiple ecosystems mostly at the same time so you're not attached to one single ecosystem for your entire digital life and an example that we can say where this will be useful to this type of system is to respond to this type of question how can we integrate the digital consent to exchange data for a given purpose into existing rules and regulation across multiple jurisdictions with this peer-to-peer relationship between here the citizen and the squadron maybe we can discuss later and and a specific purpose driven service provider like an airline company hospital what data is actually available to be exchanged for a company that will actually use analytics on that has to be governed on this could be actually built with data governance administration that's a little bit the use case we are following an example we can give of this multi ecosystem belonging of each individual let's take the case of a patient the patient is the the data subject the principal most of the actions healthcare taking place with the doctor that's where we have this guardianship relationship also available in the digital thing wardens in the center the doctor has a specified specific relationship concerning only your health data so she can actually act on your behalf in some cases this is why we use the term guardianship and how they interact with hospital if you think here the example I will we can use is simply how a birth certificate will be issued with some analysis so you have the hospital that is healthcare purpose based service provider and the governance to this example from the work we are doing in Europe where in Europe we have the European medical agency that is basically the regulator of the healthcare sector so they would define what that could be shared for that profession but in this healthcare environment and the WHO might do a statistic on which data they will be able available for that statistic with the proper analysation will actually be defined actually at the level of the governance for that specific purpose but the same person same patient will have a different governance administration when it comes for example to the production of his birth certificate when your child here in the case of a child birth the patient birth is not a disease so it's not a patient that the baby is represented by his parents the guardian the hospital that's where you get your birth attestation but it's the French government that defines what is a birth certificate that is issued by the state departments which here could be seen as the insides paid service provider so it's this interaction of multiple governances but on the same person in the end that we aim to to build and here we to make it where this decentralised this data governance administration have to respect a certain number of principles to be able to determine which are the repeatable actors the accountability aspect what data can be searched and the monitoring of the data request is an important aspect to avoid the surveillance in places where you don't want to do that on all the consent measurements and in the end because we had this world of consensual veracity at the top of our pyramid it's simply to indicate that when you start your data your governance model from the individual moving down the moving up the complexity ledgers with multiple ecosystem this concept of digital self allows you to connect with multiple governance which are maybe totally independent they might be related but you don't care because you are the one actually to choose how to share some data from one governance from one information system to the other one which might depends on different information different self-governance so as a conclusion it's more to let you know the status of the work we are doing now the model has been basically established in terms of blueprint based on the work done on decentralised semantic and decentralised authentication and now we are building the base component of what we call the data governance administration here I put October 2022 so that you no one asked me to do a presentation on that before because we are actually building these things based on the on use case which we have around us in the medical sector where we hope actually to to demonstrate how you can build data governance starting from the individual and respecting the existing trust frameworks whether the data protection law but also contract law or the attack of laws that will be around I feel like this was really great thank you so much for sharing sharing this overarching view around that so I think we have we have a few questions I think Sankashan is posted on the chat but let me kind of say it out for for everyone on the stream you know so one of the challenges around this topic is that usually we start with these conversations around data management but not governance so let's say we talk from the bottom up like we talk much more about the schemas we talk much more about maybe authentication but not so much about the the top part of it right and we kind of get too much into let's say the tooling you know the the schema sharing mechanism this the around efforts around that and how would you think are there any directions in which we could elevate this conversation around data governance um you know to start top down as opposed to bottom up or is that not the right way I mean you know is that uh I was about to say yes and no so I think there must be a top down approach to realize that the standard way of doing data protection might not be sufficient for the next level of interaction we want to have so that that's more top down you need to have actually the willingness to to try to change but then it somehow from my point of view it stops here because you have first to try it out on a small scale to detect every possible what it means for you enterprise so this is actually not if I agree that the word distributed governance might sound a little bit disruptive actually the the the management theory to actually implement it is already known it has been around for some years if you follow for example principle like the cutter model dual cutter model this if you look into the details of how these things work out where you create this first quick win localize you involve your enterprise you involve everyone in the in the change management one of the big problem when you apply the cutter model is how do you make the information flow because suddenly you mix managing directors with technicians basically you create the team to create this little pocket in the enterprise of change management so the here again that the the the the distributed governance model works perfectly well because instead of having simply individual you basically have your employees and you the top management defined the vision the longer term goal and then there is this smaller team that will work and start sharing on there you will meet the engineers that work on the schema meeting and I think that's that's the methodology which we follow here when we have to to provide uh advices this this idea which is basically uh I mean we are putting our creativity into into the data management's not really into the change management model there is one which I had the chance actually to to know a little bit more detail that was perfectly well because there is this decentralization element so I think one of the one of the teams that I kind of want to talk about is or at least question about is um is this only relevant for a largely regulated services right so or is it also you know businesses that are really private and are looking at data which is saying not medical which is you know under say regulated or sovereign data like my identity documents like a passport or not but I'm a business and I'm trying to think about how to do this governance and build this ecosystem around the data or the topic that I'm collecting or I'm trying to manage and you know the typical challenge that private or businesses don't do this is because of what we in the open source world call ossification right you any standards any regulation ossify and people want to move faster than what the standards can move at pace so they try to you know don't want to adopt into a regulated standard they want to build their own things stay separate unless there is you know regulation or rules around a lot of these topics and I think one of the question I have is like really if I'm a private business in a non-regulated business uh like not say financial services or medical services other than taxes and health and I'm trying to build this system what would you approach like how would I how would I how should I go about it because it's always faster to do it on my own right like if I don't so the the good clearly the good thing about the approach is that we start peer to peer so that means you want your customer whether you this you have a small business it's you and your customer now the first hurdle is okay how does my customer knows this type of standards but the and it's basically around this digital self because you as a small company you want to be sure that this small customer you whether it's regulated on will pay you and you don't want necessarily to have to deal with the complexity of digital payment or other stuff right so I think for small businesses this uh this is the challenge how we actually can be discovered on this system without having to be on facebook without having to be how do the customers will discover you that's that's the biggest challenge but once this what we call this ambient infrastructure is in place normally small businesses will be able to innovate without having to think about that the governance they will just have to think about the governance in their own world and if it's a unregulated sector it's going to be a great asset for them because they don't have necessarily to be as I said before on facebook on google or on amazon to be visible by the customers because as part of this peer to peer uh a mechanism the idea is you really don't want to have an intermediaries to authenticate yourself you don't even want to have a blockchain in which your customer wants to be so it's all about let me challenge that question a little bit notion a little bit I mean the and maybe that that topic is for kind of the fourth layer which is the incentive and economics but you know when we talk about peer to peer you know the power ratio between the service provider the purpose driven service provider insight driven for service provider versus the end customer is really imbalanced right so the the ability of the audience to know what they're trying to do you know what's happening behind on all of this is really hard and I think we can I see that in you know at least in the Indian context and payments and all that we're happy to use the payment infrastructure that's built but what's the role around you know where that data is going is it you know is it being managed properly all of that stuff is really opaque and a little bit of opaqueness especially to the end customer who may not even care about unless the rules and regulation are on that so I was going from that and saying even in regulated industries really hard to do this and I'm trying to think about how do we incentivize businesses to to pick up and I think Paul here mentions the first question is to really talk about what's the purpose of that distributed data ecosystem can be you know before we can pull in multiple stakeholders into the data governance administration and then we can define what the data capture should be to kind of do that so maybe maybe I'm not asking the right question but anyway that was like kind of some of the thoughts that were emerging as you were talking three years maybe maybe just to check if I understand well the question we can take the example of the in the tourism industry like a hotel industry for the moment in a hotel industry currently as a customer if I want to to go somewhere there's a high chance that I will end up in one of the the booking platforms that are wrong why because of simplicity and I don't really care about my data it's only after the trip that when I start to get to realize that actually there's much more spam coming to me but the initial thing you go and you just why don't I go to this hotel that the friends told me about because it's harder to find you could google it but it's still harder to find so this platform has certain use to find out but this has a price for for the hotel industry that is they have to be on that on selected platforms and there's more than one so they have to be visible on all platforms and there is negotiation behind the thing so that that's why you get on some of these platform rooms that are cheaper than if you go directly to the hotel here the idea of the distributed governance is that they could go on these platforms that's perfectly fine if this platform adds actually advices or current all the stuff but why is the hotel not able to be visible simply for me as a user searching for hotel in Delhi I've come from Switzerland I don't know anything about Delhi but my trusted digital assistant this digital self that's where I was speaking about active knows that I'm looking for that and advising on the system like if you google simply the the basic of google why you just have this information this is where we want to extend with the big difference is that instead of having simply an information coming back it is the information validated from the hotel and by simply thinking having this simplification ensuring that the research is not simply a search coming google so that anyone could have created a template no I'm getting the hotel I'm expecting to get and this is technology based on legal entity identifier so that's just for the registration that just went but the quality of the hotel well I can go to maybe an inside race service provider that is independent or that maybe the tourist industry could develop but to start with just the website of the hotel could be trusted on directly accessible so sometimes we were discussing about the user interface how do you access this multi-governance actually the user should not even see it so we draw a little boxes like the initial google search we just powered by human colors the idea was you get accurate response coming back because the search is actually going to the place you want that's the trusted digital assistant but the verification that it comes from right piece comes and this is where you need this decentralized governance to ensure all the the credential or as I said before like a rating this type of sense you need still a governance which in this case will be like a tourist association tourism association or registrar in in the selected country that's what you need multiple governances that basically push back to get one answer in the end okay so I think before we end because we are really five minutes over but let me let me I'll pose a last question which is really important from how do you see the current split on jurisdictional requirements that are coming around data control and data capture with you know so for example Europe saying or in India we want every payment data to be limited to India stored in India similarly in Europe there's been a lot of tension around what kind of data has to be allowed to be shared with the US and not and more and more companies have to think about jurisdiction control not only on protocols but also on data storage you know even when they're designing their applications or building businesses and in some extent that kind of counters a little bit on how this I mean I don't know where that fits into the governance so maybe I mean that's kind of one question it does fit perfectly in and actually the diagram I saw with the two complexity are all going the wrong side was designed actually to address this question of data sovereignty at the country level because the loss of sovereignty we can use it as personal control but it's really important for an entity that is today called sovereign so think of a state and it's actually a hot topic in many countries how do they keep that data and I don't know if it's English it exists in English or if it's not in India but there is this French expression do not throw the baby with the water bath I think as soon as you try to limit the storing of the data that means why do you need digital data anyway because yeah it's going digital is everywhere it's ubiquitous the power for digital is to transmit the main power it's yeah and you don't have the notion of copy original things can move fast so when you want simply to store the data in India and Switzerland we have the same debate yeah it helps but actually it's not doesn't help doesn't really help if the governance is on top and this is where maybe we should do with robot a specific talk on what we call the ambient infrastructure where you as an Indian citizen you will have certain access to data that no one else has because actually at the identifier level is that this data repository knows he can talk only to identify that present a valid credential given by the sovereign government in the end this case and that's where the slide robot discuss this connection of we as human with the software and the hardware is becoming important because for that you need really to have hardware with some biometric identification because it's really at the bridge between physical and digital that you get the potential threat but otherwise once you are in the digital space I think it is distributed models actually helps creating sovereignty and well I come from Switzerland so we have a very federal state yeah and this is this is influenced the system that our central power is has clear rules which can't do not have and it was interesting I was discussing that with Canadians recently about the digital passport and it was interesting to see in Canada they don't delegate to the federal government the notion of identity card as in Switzerland we do so every culture would be slightly different so this distributed governance model is made to actually respect this federal layered structure of governance so where can people find reach you or talk you know if they want to talk to you you know on email or on some kind of social network you know whatever where can thanks for the question because I can do a little bit of advertising first my email address is at the end of the presentation so please use that for direct contact no problem but we are in the process of completely re-rumping our website to make it easier to access us so the website will be a nice entry point for some information and we are currently at within the Human Colossus Foundation we are creating over the summer working groups that will be dealing with specific topics and that's what we tried the first working group is really on this decentralized semantic because there is a whole question about harmonizing legacy data and all this that will be driven by Paul and I'm building up a first working group on distributed governance to be live around October and maybe I see Paul is on the call he might not like that I will try to staff this working group actually with people coming from the businesses people coming from the government so that the discussion is really a governance question that will be brought down to technology not the converse I'm not saying technologies will not be part of the working group but I want the core group to be designed from the governance perspective as I try to show you and these events would be I'm guessing on you can find more on human colossus.org and if you will miss philips email philip.page at human colossus.org well thank you so much philip and for this you know taking us through the distributed data governance and I think the whole series over the last three weeks around distributed semantics distributed authentication distributed governance has really set kind of you know a very nice framework and as I keep saying the vocabulary for us to you know talk about this topic and and build on it and I really look forward to see more stuff that's come and hopefully we'll do a sometime in the future one on distributed economics I don't know if that's kind of you know that I think incentives and economics is always make or break in many cases is in the human in the driving human behavior so you know we probably should do another one on that for everyone on the call if you you know you know how to reach all you know people at human colossus you can get an edited version of this talk if you want to share it with people who haven't seen it it's at hasgeek.com slash privacy mode slash data slash go slash and slash sim so basically go to hasgeek.com slash privacy mode and you will find the data governance and semantic sessions where you'll see all the three talks that you can share you can also comment out there if you have any comments around that well paul and philip thank you so much and and to robert who's who was there last week thank you so much for this and paul thank you everyone for joining in and hopefully you continue your privacy discussions and talk about distributed everything how to get more better at it right so thank you everyone thank you thank you