 Hello, welcome and thanks for joining me on my talk about a solution to the personal data problem. I'm really excited about this talk for two reasons. First of all, it's been really a long time since I last talked to you here at the Academy. And for those who don't know me, my name is Björn. I work at KDAB as a project manager and UX guy, but I also have history in free software. It all started shortly after 2000 when I helped to initiate the open usability initiative. I was also involved in creating the visual design group within KDE. And my last contribution was the K-user feedback, which I happily see all around KDE by now. On the other hand, I've always been a data activist. So I try to avoid producing personal data as much as I can, you know, next to running Linux. I Google, Android, run my own cloud or better next cloud, you know, whatever. I try a lot to avoid producing personal data. So as you can see, there are two hearts beating in my breast. On the one hand side, I need to know everything about the users to be able as UX guy to optimize services, products and so on. On the other hand, I know the danger about the danger producing personal data brings. And the second reason I'm really excited about this talk is this is the first time I'm talking publicly about what I think is a solution to this problem. So let's take a look at what you can expect from this talk. First of all, I'm going to explain to you what a personal data cooperative is, how it can look like. Because I spoil up this in the abstract, this is the solution to the problem. But more interesting than that, even more interesting than that, I will explain to you why I think that if it's done the right way, it will actually change the world toward a private world where we can still benefit from the comfort and the services, big data analysis based on our personal data brings. And last but not least, I will explain to you how and why we as civil society as free software and as KDE specifically, why we are the ones who can start it. We don't have to wait for anybody else. We can just hack the current system and start it and change the world to a better place. I'm deeply convinced about this and I truly hope that at the end of my talk some of you are convinced as well or at least as curious or curious enough to join me refining the ideas. What I'm going to present to you is a blueprint. It's not a detailed concept, but it is the fundamental idea behind it. And I hope you'll understand and get it. And I hope that you will agree at the end, even though I know you're probably very critical because I know about the discussions about collecting private data within KDE. But I still hope that I can convince a couple of you to help me take this further. So obviously we need to start with a fundamental question. If I want to propose a solution to the personal data problem, the fundamental question is, is there a problem with personal data? And the answer is yes. There is a problem with personal data, a huge problem with personal data. And I really don't want to pitch you about this too much because I think we can spend our time here much better. But still, I want to bring your attention to a couple of aspects of the personal data problem. So first of all, why am I talking to a free software community about this? Because I think free software is falling behind because we constantly say no to producing or using personal data. Our proprietary competitors, they collect and create personal data at large and they improve the usability, the user experience of their products. And this is something we're not doing. And by this, the quality of our products will fall behind and behind and behind. So using free software will become more and more a matter of belief, of thinking of doing the right thing rather than using the better product. There are exceptions, definitely. But at large, we can't compete with the quality of proprietary software, of software that engineers the user and the user experience into the products itself. We're trying our best, but the key to success really is personal data. The second aspect I want to bring your attention to is innovation today often isn't about creating great algorithms. Innovation today often is based on the availability of personal data. Think, for example, about predicting traffic jams. It is really, really simple. You just have to know, okay, there are a lot of people on the street and they're not moving at the pace they should be moving. So traffic jam. So if we want to help people with a good routing algorithm, we wouldn't need to know that there is traffic jam. But this is something, if we don't have the data, we will not be able to create such a service. So these two points together mean that I think that our reluctance to create personal data and use personal data will actually lead to the situation where we as free software become more and more irrelevant. And this is something which is utterly wrong for society. We need free software, we need free services, and we need something as simple as a free traffic jam warning thing. But it goes even further. If we think of those who actually own the personal data right now, it's very few companies that know a real lot about us. Think about those companies. Those companies are also those who actually have most of our attention span. So when you, I don't know if you've seen the Cambridge Analytica documentation on Netflix, but if you see how knowledge about the personal data can help to influence elections, even the US presidential election has been influenced or the Brexit. If you see this, then imagine how hard it will be to regulate those companies when we actually reach a point where this is necessary to do. And the last thing which I want to mention here, it's sort of pitching you about the problem personal data brings. The last thing I want to pitch you about is I think I am trying to avoid producing personal data. I guess a lot of you are doing just the same. But still we have to suffer from the effects that the misuse of personal data brings. Trump has been elected, the UK has left the EU. Even though we do all we can to avoid producing personal data. And that is because the current approach is a kind of an elite thinking. We are thinking, well, you know, go ahead and there are alternatives use them, but we don't see that you have to be really, really competent. You need to have a lot of time and willingness to be able to not produce data. Giving you one example, I've been working on a home automation system for my little flat I have. I've been spending, I don't know, 500, 600, 700 hours into setting up a home assistant to, you know, work within my flat and it still doesn't fully. I don't think we can expect a lot of people to do that. So the problem we have is really a usability problem. People at large will not and will never ever spend the time needed to live a life without producing personal data. And as long as we don't get the large majority of people to actually be sensitive with the personal data they produce, as long as this doesn't happen, we'll have ruthless people around that will take advantage of the personal data that is being around. Again, take a look at the Cambridge Analytica documentation and see how elections have been influenced based on personal data. So I think enough has been said about personal data. It's a conclusion personal data is often called the new oil. The problem we have is that we as individuals, what can we do with our little share of oil? Well, currently the only thing we can do is we can trade it for a couple of shiny digital marbles. And that's what we're giving it away for. And I've spoiled it before. The solution to this problem is creating a cooperative. A cooperative is, well, it's a concept that's been around for, you know, thousands of years. Basically, since we started living in tribes, we are cooperating. So you could call a tribe sort of the starting point, the first cooperative there was in the world. So a cooperative basically is about a bunch of people that have the same interests and that work together against sort of, you know, a larger enemy which they couldn't face individually. So they collectively do this. And the goals we have, I think the goals we share are we want to have and live a private life. But at the same time, we want to benefit from the new services, you know, that are based upon our collective personal data because they just make our lives much, much greater. Yeah, go back to the traffic jam. It is good that you can predict traffic jams and that you can take a detour which takes you to your destination much faster than sort of going through the traffic jam. But for this, we need the kind of data. Think about the COVID pandemic. Yeah, if we had a trustable, you know, point to put our data together, you know, all the apps that are working well, not so good right now could have been much, much more effective in, you know, steering our contacts and, you know, warning people about, oh, well, you could have been infected and, you know, go on quarantine and stuff like this. But there is no one we would trust our data right now. But this would be something a cooperative would actually, you know, solve. Yeah, if we would have some place to put our data, then it would be easy to do the necessary calculations based on this data. So you might ask, why can't I join a personal data collective cooperative right now? And to be honest, I don't know. I mean, a theoretical concept and if you if you search literature and the web, you'll find tons and tons and tons of material about it. And, you know, almost everyone is saying, well, the solution is a cooperative, but there is still none. You can join. So perhaps to understand the problem a bit better. Let's compare the personal data cooperative with traditional cooperative. A traditional cooperative could be something like, you know, a couple of farmers that want to that together want to sell the milk they produce. So the first thing is the milk the farmers produce once gets sold, you know, somebody drinks it or, you know, bacteria do their work. At some point it's gone. I know some Frenchman might disagree on this, but, you know, it will be gone at some point in time. But personal data is an intangible good. Just the opposite is happening here. Yeah. So when you when you sell it, it's still there. It doesn't vanish. Yeah. It's that you can copy it and you have an exact duplicate of it and you can, you know, resell it. You know, people can do whatever they want. So we can't we cannot give it away like we can give milk away. The second aspect that's different is if you think about the farmers, they have to live within a within a small area because they, you know, they have to carry their milk to a central point. But with personal data, everyone on the planet is a potential member of this cooperative. Last, if you spill a litter of milk, you wipe it away and everything is okay. But if you spill personal data, this is a catastrophe for a person and potentially even for society. So we have to have an enormous amount of trust into the system to be willing to join it. So when we design the system, we have to put trust in the first place. We have to optimize the system for trust and three things for me stand out there. The first thing is protection has to be the foremost goal of the system. We have to protect our personal data by all means. There can't be any compromises. Protection is the thing, the thing we have to go after. The second thing is transparency. You will only trust the whole thing if it's transparent and we as free software community, we know our way around with transparency. But this goes way beyond software. Of course, all software we will use will have to be free software, but this will go way beyond this. The whole organization will have to be transparent to the bone. It has to be transparent that it hurts. And the third aspect, which is actually pretty natural if you think about a cooperation because obviously it says everybody has to have one vote within this corporation. But we have to really think about it because it has to be a worldwide corporation. Still, everybody has to be able to participate in this. I've created a mission statement. Let me read it out. So our mission is to create the most trusted organization in the world. It will protect our digital privacy while enabling innovation based on our collective personal data. I'm totally earnest with the idea of creating the most trusted organization in the world. This organization handles our most sensitive data. This is what affects us most. This tells everything about us. So we really need to have an enormous amount of trust into this organization. But let me explain how a solution can look like or how such a data cooperative will look like. And I'll go through this step by step. So if we want to collectively collect our data, there needs to be a technical solution to it. So we as consumers, we contribute our data into a technical solution. So this means there has to be some input mechanism. There has to be a storage of the data, I'd call it a data pool. And there has to be the possibility to do evaluations based on the data and the data pool. And we should strictly follow the open algorithm approach of the MIT which says we should not move the data to the algorithms. Instead, the algorithms have to move to the data. And this is because data is an intangible good as we've seen before and it can be copied. But if there is a technical solution, we will need to have somebody who's actually running the technical solution. So we should create a for-profit company that runs this technical solution and that actually earns their money by creating a marketplace of evaluations of anonymized evaluations based on the data on our data pool. But as we have seen with FreeNote for example for a while, creating a for-profit can be problematic. So what we actually need is we need somebody or something to own this for-profit company which cannot be changed. So we need some sort of a foundation with a clear goal that owns the for-profit company and that actually gets the money and spends it again into projects that follow the status of the foundation. And I think this needs to be foremost, this needs to be researched about how we can make the technical solution better. Because I totally agree the current situation probably is not sufficient to run such a data pool. Probably we need to do more research to create a technical solution that protects our data enough to be trustworthy. But other things that need to be financed by the foundation is educating users. It is free software for example. So as I said before we also need as users and as consumers to influence what's been done. And for this we'll need some form of a parliament. The job of the parliament is actually mainly to control the for-profit and to set the rules for the for-profit. So basically the parliament is our way to influence our view on what privacy means to us. Because this is not set in stone. Privacy is a concept that will change over time. There will be new challenges to it and we have to react to this. So the parliament next to sort of defining priorities on how the money should be spent is mainly for controlling the for-profit. It will set the rules for the marketplace. The for-profit will run a marketplace but it cannot be allowed to do anything to sell any data. And foremost the parliament has to actually maintain the technical solution. If this is open source think of the parliament of being the maintainer that says which pull requests are accepted which are not. And by this the parliament can control which data goes in in the first place and which evaluations are allowed upon our data in the last, are finally allowed on top of our data. So the parliament really has to be the product owner of the technical solution. The for-profit can only use what the parliament allows. But if there's a parliament we also need elections. And this as I said before is a very difficult issue because consumers are placed all over the world. So my idea here would be to establish a chain of trust because trust is what we're really aiming for. So the idea is that consumers that contribute the data to the technical solution they can also vote for an NGO they really really trust. This can be the KDEV or the FSF or FSFE but it can also be Greenpeace or Red Cross or Red Half Moon or whatever NGO you think is doing a good job and is really trustworthy. And the top NGOs that have been voted for they each send an expert into the parliament. By this we don't have a direct democracy but an indirect voting system but still consumers are able to influence what's been done in the parliament. So this is the main system but there is still one little ingredient missing to make this a success and this is a seal. The seal is being defined by the parliament and it gets awarded from the for-profit company to product developers that comply with the rules. Why is the seal so important? Because I truly believe that giving people consumers at the point of sale or at the point of consumption because we also want to award this seal to free software. But giving them a real choice by informing them about the situation will actually change the world and it has in the past because look at the ecological movement. Nowadays in the supermarket you can buy an apple or you can buy an ecological apple and you are informed. You can make an informed decision and we need to do just the same. So if you want to install an email client you need to be able to choose between an email client and an ecological email client or privacy where email client. And it needs to be clear at the point of sale and I need to say okay this costs delta money more than the normal email client but I'm willing to pay this because I'm not willing to pay with my personal data to this. So that was the idea of why I think the whole thing will fly in the end. The question is how do we lift off and well the first step is we need to talk about this is what I've been doing right now. And the goal of this obviously is to win people that join me and have to sharpen the ideas and you know have to you know create content and to make this become real. But the same it is as important even though if you might not be convinced yourself. I'll ask you to take the discussion into your community not only in KDE but also into your product community because we need to find free software projects that are actually willing to take the risk to move on to step two with us. And step two is actually once we have sort of discussed the idea further and and found a couple of free software projects we together have to establish a temporary organization like an EV. The goal of this EV is basically to create some funding and to you know finalize the concepts. But the main goal of this is to create a proof of concept for the involved free software projects. So together we need to create a solution where our users can opt in and say yeah I'm willing to spend my data and the solution that fulfills our privacy. Demands because I think we have the highest level on this you know of of integrity of the system and only if we if we can fulfill it for ourselves we can be successful. But if we manage to create such a proof of concept that works for our free software projects. We're ready to move on to step three and step three means that we have to incorporate the final organization. We have to establish the initial parliament and then we have to create the visibility by establishing the seal if we have a couple of free software projects that are willing to join us here. They will be awarded with this privacy seal and the seal will create a visibility for the topic and with this whole package we can then go to you know commercial and proprietary software developers because what we now have to offer is a service they are willing to buy. Our service means that we take care of the GDPR issues for them. They don't have to care because they if they use our system they won't even have access to personal data anymore they will just have access to evaluations based on that. So they can sort of you know drastically decrease the effort they they have to undertake to be compliant with GDPR and other like other laws. Also the seal is a matter of trust you know it's it's it transports trust. So if a product gets the seal they can ultimately you know raise a higher price because it is a more trustworthy product. So again this is something product developers will be willing to pay. And the last reason is that they are that they get the opportunity to actually do the right thing and not just keep on piling the data they produce on the data piles of a few big companies that already know a lot about us. So I think that the right starting point for this is free software we within free software we can create everything we need and then we can expand the system towards commercial software. And by this we will allow people in the long term to take informed decision at the point of sale at the point of consumption and this will change the world and there is a plan how we can get there. So summing it up we can solve the personal data problem. I hope I can find a couple of you guys to help me bring this further. It is a blueprint a lot of concepts you've seen right here have been just superficially been been described. I hope we still have some time for questions. So I'm happy to explain concepts that interest you much further because there are thoughts going further. If you want to read about it I have created a web page. It's called private.org. You can also reach me via Björn at private.org or visit the both I've scheduled for Tuesday at 10 UTC. So again thanks for your attention and hopefully your interest and I'm happy to answer your questions right now. Thank you. I hope you can see me. Okay. Thanks. We will have our speaker online in a few seconds. So but anyway for now thank you for that was really a lot think about we even have already we have questions. We have a lot of questions actually. So I'm not sure now we will be able to answer all of them but let's try. Okay. So I can see you. Can you. Hello. Does it work? Yes, it does. Sorry. Sorry again for this being a recording. I really would have loved to do this live. Okay. But I think it was good in the end and very, very, very good. So and the feedback from the chat was on the same line. So let's start with the questions because we don't have a lot of time and we are going to use the score. So I see a battle of score there. So from Cornelius the first question is what examples what kind of data do you see where companies will buy data from such a cooperative. And I think that's that's potentially a lot of data. Let me give you an example. If you I mean Cornelius you're asking this you're working for a transport agency or transport. I don't know. Agency is not the right word. It's whatever for the ban you work. So if you sell a ticket for example, yeah, then then you collect personal data. Yeah, and this data can go into our database. Now you this data belongs to me as I've been buying the ticket and to you as you've been sort of the ones that produce the data. So now but you want to keep this data exclusively for yourself in the first place. But you might be interested to share this for example for research with other institutes. Yeah, so they can do research on your actual data. So that would be the idea of creating a marketplace in very few words. But I mean the kind of data is really we have to discuss what goes in and what doesn't. Yeah, but it can potentially be a lot. Okay, the next question is from Alash, which is short but very big. How theoretical do you think this is? I think this is absolutely practical. It's a matter of wanting wanting to do it. Yeah, I mean I'm I can't do it myself. I'm psychologist. You know, I work as a project manager. I can't program anything. I'm not a law expert. You know, I'm not an expert on any of the specific topics except perhaps on the usability side, which I would like to answer Nuno's question as well with within one go. He asked about the sort of what what does it mean for the user. And I think that's the that's exactly the the important thing. The user has a single point. You know, the user needs to have a dashboard where he or she can just say, okay, I want my data to be shared with, you know, free software. I do want free software to be to be able to access it. But I don't want, I don't know, big tech or I don't want, you know, anyone dealing with weapons to access my data. So the user actually gets a single point where he can control all the data and define where that data should go to. So for the user, the user experience is extremely improved. By now or today, you would have to, you know, go through thousands of apps and, you know, individually state, yes, I want to share this kind of data. And I mean, you totally lose overview there. So I think it's very important that I think it's an absolutely practical idea. I mean, there are a lot of pitfalls and a lot of research to be done. Yeah, I think our database structure isn't good enough right now to, you know, cope with what we're asking for. But yeah, it will be, it will change the thing for the user as well. It will make it much easier. Another question is from TR, which has a higher score. So how will it be protected from abuse from inside, from inside the company or from accidental leaks? Would it be integrated into the way private data is handled inside the company? I can't tell you exactly how this has been done, but we have to create a structure that makes it very, very hard for leaks. I mean, obviously we're all humans. There will be leaks. I mean, you can't promise anything else. But I think an important role here is again, the parliament I proposed, because it really takes the instance of controlling the for-profit company, where the for-profit company by itself cannot be transparent because it has to protect certain things. You cannot put your passwords out there. This would be not helpful. But exactly there, the parliament steps in and has to actually check that beyond the scenes that are public anyway, everything is okay. And this is why we have to create a chain of trust into this parliament. We have to trust that the people sitting in the parliament are actually sort of working on our behalf. We as contributors to the data are the shareholders of this business. So this business has to work for us. That is the whole idea. There is another more tech questions about the competition. So how can this highly regulated for-profit data vendor compete with huge company collecting, selling all the data that they can get nearly unregulated or even financed by intelligence organizations? I think the lever for this is actually that we start with in-free software. We just offer an alternative. We don't force anyone. We don't force users into this and we don't force companies into this. But from my professional experience, I know that not a lot of companies are actually interested in my data. They're interested in our data because they want to know how their users behave. They don't want to know what beyond us. They're simply not interested. So they do have an interest in joining us. We have an offer that is good for them, not only on the GDPR thing, but also this label will transport trust onto those organizations that have it. It will work just like the organic apple. The organic movement is successful because the users have a choice. And that is exactly the mechanism working here. And companies will just join because it's the better choice for them than to deliver the data to some of the big companies. I'm not sure we have time for another question. Let me start reading it. We have like two questions left in case we're not going to have them. You can always discuss them in the chat. Well, there is a buff on Tuesday at 10. So join me there. I'm happy to discuss a lot of issues. There are a lot of questions and I could only sort of go through it on a pretty shallow level. There are thoughts to a lot of things. So I'm happy to discuss this. So thanks again. And let's move forward with this room, which is now unified. So Adam, what's up? Thanks. Thank you very much, Bjorn. Thank you, Luigi, for handing the questions as well.