MyData Global Blog


Taking the next step from fear to autonomy – The Great Hack, meet MyData


“The Great Hack” documentary movie was released on July 24th on Netflix. It tells the story of the Cambridge Analytica data misuse scandal through the personal stories of a professor who sued Cambridge Analytica and a former senior Cambridge Analytica employee. Cambridge Analytica used intimate personal Facebook data to micro-target, mass personalize and manipulate swing voters in the US election and in the UK’s Brexit vote, 2016 – possibly and probably affecting the outcomes of those elections.

Among others, the movie features MyData Global’s board member Paul-Olivier Dehaye, who has been heavily involved in the research of Cambridge Analytica’s actions and has testified in front of the UK House of Commons DCMS (Digital, Culture, Media and Sports) Committee. The Great Hack has sparked a lot of discussions which are deeply related to the world envisioned by the MyData community.

“I am pleased to see that these crucial topics are reaching wider audiences. The MyData community has been instrumental in driving the conversation towards more ethical use of personal data, certainly a necessity in the current landscape,” says Paul-Olivier. Check out some of his work at

We, the MyData community, wanted to join the conversation.

“The Privacy Paradox”


The “Privacy Paradox” arises when online users state that they are concerned about their privacy but behave as if they were not. To resolve this paradox the MyData approach aims to empower individuals make real choices about their data without necessarily sacrificing the benefits of online services. This approach supports digital human rights while at the same time opening new opportunities for businesses to develop innovative personal-data-based services built on mutual trust. MyData Global wants to empower people and organisations do MORE with their data, not less – as long as individuals are in control.

The MyData community includes entrepreneurs, activists, academics, listed corporations, public agencies, and different developers. Currently over 90 organisations and over 500 personal data experts from over 40 countries.

We use the abbreviation “BLTS” (an extension of the Business-Legal-Technical or BLT identity architecture from to describe the various perspectives of business, legal, tech, and societal stakeholders – the different stakeholders that need to be engaged to change the current status quo. There is currently significant progress being made in individual sectors, such as health and finance, but a cooperative approach works across all sectors. That’s why we asked different people inside the community to comment on the movie from these different perspectives.

We asked different people inside the community to comment on the movie from these different perspectives.




It would be a mistake to think that what is happening is just a consequence of a bad mix between politics, data and technology platforms, or that it is confined to the likes of Facebook and Google. The business model of advertising maximizes profits on platforms by increasing ‘engagement’. This means doing whatever is necessary to keep a person on the platform site for as long as possible to be presented as many digital ads as possible. And in addition to engagement, platforms seek to present content that will nudge users to behaviours that will increase platform revenue. For advertising that means nudging people to click on ads and make purchases. In the political arena the same techniques are used to target persuadable individuals and move their voting intentions.

  • For advertising, information about users is broadcasted to hundreds of companies to enable automating bidding to buy the right to serve a targeted ad to a user with specific characteristics on a certain ad slot of a website or app. The less autonomy a user exercises, the better it is for the business model.
  • For politics, the model is modified. Rather than targeting based on potential ad revenue, people are targeted by profiles relating to voting intentions. Careful microtargeting of selected populations can result in large swings in electoral outcomes. These tools are available to both legitimate and illegitimate political actors, raising fundamental questions about the efficacy of democracy in the age of uncontrolled social media.

While privacy regulations can provide some respite through requiring real and meaningful consent, it is the case that many regard the current ‘notice and consent’ system as broken and subject to abuse. The solution is to move away from centralized platform control of personal information and to move towards business models based on putting users at the center of their data. 

…many regard the current ‘notice and consent’ system as broken and subject to abuse.

What becomes clear from The Great Hack is that currently ‘the fox’ is guarding the personal data ‘hen house’. For profit organisations running such huge volumes of personal data is not a sustainable model, and it does not need to be this way: the MyData model offers a much safer and more balanced way forward.

Whereas today’s data economy creates network effects favoring a few platforms able to collect and process the largest masses of personal data locking up the markets. The MyData model lets individuals control what happens to their data, leading to a truly free flow of data and thus creating more balance, fairness, diversity and competition in the digital economy.

The MyData model lets individuals control what happens to their data




Standards embed assumptions and shape the way of doing things. We have taken steps forward with the GDPR (The General Data Protection Regulation) coming to force in Europe, as authorities have been fairly toothless before it. In spite of that, it is common to hear that citizens don’t care about the GDPR and organisations aren’t exactly embracing it.

On an individual level, it is still too difficult to exercise these rights. In the MyData Declaration, we talk about the shift from ‘Formal to Actionable Rights’. Rights, like access and redress, portability, and the right to be forgotten, must become “one-click rights”: rights that are as simple and efficient to exercise as today’s and tomorrow’s best online services and their functions.

…we talk about the shift from ‘Formal to Actionable Rights’.

On the other hand the idea is not only to restrict the use of data. Thus the model is also addressing to make sure that implementation is also flexible and simple for organisations. Shared MyData infrastructure enables decentralized management of personal data, which improves interoperability and makes it easier for companies to comply with tightening data protection regulations.

By enforcing legislation we ensure and encourage the companies to reshape their thinking and adjust their business models. It’s the “old carrot and stick” method: Companies risk having to pay big fines, but they can also find completely new advantages to separate themselves in the market. Of course even as we speak – there are fines that are put out to companies. However, these fines are yet to make a meaningful dent in the Big Tech operations.

So GDPR alone won’t solve it and more legislation is needed. There needs to be strong enforcement by the authorities. In such a complex situation it is vital we work across sectors and across the borders. Because the decisions of today pave the way to the future. Will we have common standards for sharing of personal data? Will the power be tilted back from the conglomerates?

It’s the “old carrot and stick” method.




The Great Hack featured technologies that had been classified as weapons. This demonstrates that indeed personal data should be handled with care. It does NOT mean we should not share personal data in any cases – but we do need to be aware and literate.

Some argue that technology is ethically or morally neutral and that the problems shown in The Great Hack are a misapplication or inappropriate use of a technology that could otherwise be used for ‘good’. But it is the case that Cambridge Analytica and other companies using the Facebook ‘platform’ were using the platform as designed – to identify individuals based on their personal data and then using knowledge of their profiles to present them with selective information to alter their behaviour. That is the essence of ‘targeted behavioural advertising’ and how platforms are built. 

…Cambridge Analytica and other companies using the Facebook ‘platform’ were using the platform as designed.

An alternative technology paradigm is needed, a MyData paradigm, that puts individuals as the decision makers with respect to their own data. Instead of a ‘platform’ social media that creates a centralized database of billions of users’ data, consider the possibility of a MyData protocol for exchanging social graph data. This would enable users to select their own vendors just as they select their own email server vendors now. A MyData encouraging technical solution would create vibrant and innovative competitive markets for technology solutions that would address the privacy paradox by enabling competition and innovation in a robust personal data market that fosters individual digital autonomy. We talk about the shift from ‘Closed to Open Ecosystems’.

This is not the stuff of tomorrow. MyData supporting technologies exist now, and are available for deployment. Many of these companies or projects are already members of MyData or are working with MyData Hubs on a variety of projects.

We talk about the shift from ‘Closed to Open Ecosystems’.



Lawmakers and civic society are recognizing that we are in an inflection point for technology and society. Platform companies are global profit maximizing entities. Both local and global policy makers need to recognize the risks that decision making power can slip out of the control of democratically elected representatives to technocratic elites that may or may not feel some obligation to the people whose data they process.

In Toronto, for example, Sidewalk Labs, a subsidiary of the Alphabet consortium also owning Google, has proposed a ‘civic data trust’ as a repository for the masses of individual and sensor data that could be collected in a ‘smart city’. This elides policy decisions about whether the collection of personal data could be anonymized at source or whether a better model might be allowing individuals to choose between multiple data trusts acting as information fiduciaries putting the individuals’ interests first. A MyData ‘Smart City’ would not be a ‘Surveillance City’. Cities can look towards the likes of Helsinki, Barcelona and Amsterdam, who are taking a more human-centric approach to personal data and aligning with MyData principles.

A MyData ‘Smart City’ would not be a ‘Surveillance City’. 

We need new thinking and carefully designed building blocks for a functioning democracy. It is indeed a frightening thought that our elections can be manipulated and that the political advertising lacks transparency.


Is there a better future?


There might be one filling or a wrapper missing from the “BLTS Sandwich”. It’s C for CULTURE. This is quite a big consideration, depending upon whether one takes a sociological perspective where Culture (with a capital C) is shaping all of the others; Business Culture, Legal Culture, Technical Culture, in relation to Society Culture. Or if one sees culture with a “small c”, that of everyday practices and behaviours which are or may be culturally/geographically/historically specific.

We need to recognize that there is a dominant Culture context which is largely applied or employed, both softly and violently, in most parts of the world: Late Capitalism (to be most ‘vanilla’ about it), and that there are many cultures out there that experience, engage and influence how we did/do/can handle our personal data management.

…there is a dominant Culture context which is largely applied or employed, both softly and violently, in most parts of the world.

To tickle your brains a bit, we leave you with the following questions: Who is doing the Great Hack? Hacking: of what, for what purpose? By and for whom? Which culture of Hacking is being referred to, the positive or negative?


So what’s next? 

Some might see the Cambridge Analytica as a done deal, or perhaps the future as written – and we’re destined for doom. 

But we, at MyData, know that there IS a better alternative future up ahead. In the future we see, there is MORE of data sharing, not less and it’s done on people’s terms. For this to happen we need to move from fear to confidence, more even to autonomy. That’s why we talk about the shift from ‘Data Protection to Data Empowerment’. Taking the next steps begins by understanding how sharing data can be good for you, your business and the society as a whole.

Rest assured this is not something that will happen overnight – it will take years. However years are made of months, months are made of days, days are made of minutes, minutes are made of moments. And in this moment YOU can take action.

…we talk about the shift from ‘Data Protection to Data Empowerment’.

And to really get there we all, individuals, companies and governments, need to act!


Here’s what you can do

If you’re interested in the work of the people in the movie, check out:

Note: Many of us in the MyData community do not actually believe that data should be PROPERTY, rather that we should have CONTROL. This is a subject of heavy debate at this year’s MyData 2019 conference. See also the Kialo debate about whether individuals should own their own data, and blogposts by Elizabeth RenierisAntti ‘Jogi’ Poikola and Gianfranco Cecconi.


If you’re interested in MyData

This post was co-created by the following MyData Global actives:

Alessandro De Zanche, @fastbreakdgtl
Andrew Gryf Paterson, @agryfp
Ansku Tuomainen, @annatuom
Iain Henderson, @iainh1
John Wunderlich, @privacyCDN
Paul-Olivier Dehaye, @podehaye / @PersonalDataIO
Teemu Ropponen, @troppone
Will Abramson, @wip_abramson