DECLARATION OF MYDATA
We are entrepreneurs, activists, academics, listed corporations, public agencies, and developers. For years, we’ve been using different words for what we do – MyData, Self Data, VRM (Vendor Relationship Management), Internet of Me, PIMS (Personal Information Management Services) etc, while sharing a common goal: to empower individuals with their personal data, thus helping them and their communities develop knowledge, make informed decisions, and interact more consciously and efficiently with each other as well as with organisations.
我們是一群企業家,行動者、學者、上市公司、公營機構和開發人員。多年來,我們雖各自使用不同的語言來描述我們所做的事 MyData, Self Data, VRM (Vendor Relationship Management 供應商關係管理), Internet of Me, PIMS (Personal Information Management Services 個人資訊管理服務) 等等,但我們共享了一個共同的目標:賦權個人可使用自己的個人資料,協助他們和其社群能夠發展知識、做出充份知情的決定,以及能在組織當中更具自知地和他人有效地互動。
Together, in recent years, we have formed a network whose participants share experience, develop common projects, meet at the MyData conference, and take part in collective endeavours towards a human-centric approach to personal data.
近來我們已組成了網絡,讓彼此分享經驗、發展計畫,在 MyData 會議上碰面交流以及投入集體共同的努力來建立一套以人為主的個人資料方式。
It is now time to take this work out in the world and prove its potential impact on individuals, society, and the economy. Today, we believe it is time to publicly assert the values that drive us – and call on those who share those values to act upon them. Join us in reversing the paradigm of personal data. Join us in creating the MyData movement.
現在是時候把行動推向世界,證明此事對於個體、社會和經濟等潛在的影響。今天起,公開地討論辯護這些驅策我們行動的價值,並呼籲抱持相同理念的人一起來行動。請加入共同來扭轉改變個人資料模式,請加入這場 MyData 的運動。
(v1.0) 第一版
https://mydata.org/declaration/
As the importance of personal data in society continues to expand, it becomes increasingly urgent to make sure individuals are in a position to know and control their personal data, but also to gain personal knowledge from them and to claim their share of their benefits.
隨著個人資料的重要性在社會各角落擴散,確保每個人不僅能知道與掌握自己的個人資料變得更為急迫重要,且從資料中獲取個人知識並能要求分享其中的益處。
Today, the balance of power is massively tilted towards organisations, who alone have the power to collect, trade and make decisions based on personal data, whereas individuals can only hope, if they work hard, to gain some control over what happens with their data. The shifts and principles that we lay out in this Declaration aim at restoring balance and moving towards a human-centric vision of personal data. We believe they are the conditions for a just, sustainable and prosperous digital society whose foundations are:
今天,權力的鐘擺一面地倒向組織機構,它們有權力來收集、交易個資並基於這些資料進行決策,而個人僅能持著一線希望,如果認真好運一點的話,他們可以稍掌控自己資料的命運。本宣言中所描繪的典範移轉和原則,旨在重建平衝邁向以人為主的個資運用。這些也是個公正、永續和繁榮數位社會的基石:
-
Trust and confidence, that rest on balanced and fair relationships between people, as well as between people and organisations;
-
Self-determination, that is achieved, not only by legal protection, but also by proactive actions to share the power of data with individuals;
-
Maximising the collective benefits of personal data, by fairly sharing them between organisations, individuals and society.
-
信任和信心,仍立基在人們之間平衡與公正的關係以及人和組織之間的互動。
-
欲達成自主決定,不能光靠法律保護,也需要每個人和資料力量的積極行動。
-
公正地在機構、個人和社會之間共享資料,以達到個資集體利益的最大效果。
Our overriding goal is to empower individuals to use their personal data to their own ends, and to securely share them under their own terms. We will apply and practice this human-centric approach to our own services, and we will build tools and share knowledge to help others do the same. 我們首要的目標是賦予個人能依自身目的來使用其個資的權力,並且安全地依照自己的條件作分享。這即是我們所稱的:以個人為主的方式來進行應用和實踐相關服務、開發工具和分享知識,並進一步協助其它人一起行動。
In many countries, individuals have enjoyed legal data protection for decades, yet their rights have remained mostly formal: little known, hard to enforce, and often obscured by corporate practices. We want true transparency and truly informed consent to become the new normal for when people and organisations interact. We intend access and redress, portability, and the right to be forgotten, to become “one-click rights”: rights that are as simple and efficient to use as today’s and tomorrow’s best online services.
許多國家,雖然法定的個資保護已存在多時,但這項權利仍徒具形式:它們多半不為人知、難以落實,或企業運作上受到隱蔽。 真正的透明和確實的知情同意能夠成為個人和組織在互動上的新常態。個人資料的可及、修正、輕巧移動和被遺忘權等,應被好好地設計成為一個方便執行的權利,以因應今日和未來最佳的線上服務。
Data protection regulation and corporate ethics codes are designed to protect people from abuse and misuse of their personal data by organisations. While these will remain necessary, we intend to change common practices towards a situation where individuals are both protected and empowered to use the data that organisations hold about them. Examples of such uses include simplifying administrative paperwork, processing data from multiple sources to improve one’s self-knowledge, personalised AI assistants, decision-making, and data sharing under the individual’s own terms.
資料保護規範和企業倫理規則是用來保護個人免於其個資受到組織機構的濫用和誤用。這些規範規則實屬必要,但須改變共同實踐方式,以保護和培力個人對已被組織收集的個資使用。這類使用的案例包括:簡化行政文書、從多方來源處理資料以改善個人自身的知識、量身化的人工智慧助理、依自身條件情況來決定資料分享。
Today’s data economy creates network effects favoring a few platforms able to collect and process the largest masses of personal data. These platforms are locking up markets, not just for their competitors, but also for most businesses who risk losing direct access to their customers. By letting individuals control what happens to their data, we intend to create a truly free flow of data – freely decided by individuals, free from global choke points – and to create balance, fairness, diversity and competition in the digital economy.
今天,資料經濟創造的網絡效應僅利於少數平台,讓少數組織大量收集和處理個人資料。這些平台封閉市場,不只阻斷競爭者進入,也讓大多數廠商失去了直接接觸客戶的機會。要讓每個人得以掌控自身資料的命運,需要建立一個真正自由的資料流動,由每個人自由自主地決定,而不是受到全球市場的扼阻,如此才能建立一個平衡、多樣與健康競爭的數位經濟。
Please note: “Roles” are not “Actors” an individual or organisation may fulfill one or more roles at once.
請注意:不管是個人還是組織,都可能同時具有多重的任務或角色。
An individual that manages the use of their own personal data, for their own purposes, and maintains relationships with other individuals, services or organisations.
個人為自己管理本身的個資使用,維護和其它人、服務或組織機構之間的關係。
A data source collects and processes personal data which the other roles (including Persons) may wish to access and use.
資料來源為收集和處理個人資料,以便讓其它關係人(包含個人)可以取得和使用個人資料。
A data using service can be authorised to fetch and use personal data from one or more data sources. 被授權的資料使用服務,以向資料來源取得與使用個人資料
A Personal Data Operator enables individuals to securely access, manage and use their personal data, as well as to control the flow of personal data with, and between, data sources and data using services. Individuals can be their own operator. In other cases, operators are not using the information itself, but enabling connectivity and secure sharing of data between the other roles in the ecosystem.
個資操作者讓個人安全地取得、管理和使用自己的個資以及掌控資料使用服務與個資來源之間的個資流向。個人可以由來擔任自己個資的操盤手。而其它的案例中,個資操作者本身不使用這些資訊,但能串起本生態體系中不同關係者的連結和安全共享資料。
In order to produce the shifts that are needed for a human-centric approach to personal data, we commit to working towards and advocating the following principles:
為促成以人為主的個資轉變,我們致力提倡以下原則:
Individuals should be empowered actors in the management of their personal lives both online and offline. They should be provided with the practical means to understand and effectively control who has access to data about them and how it is used and shared.
個人應被賦予權利和力量,以管理自己個人線上和離線的私人生活。他們應被提供實際方式,來理解和有效地控制誰可以接近其個人資料以及這些個資如何地使用和分享。
We want privacy, data security and data minimisation to become standard practice in the design of applications. We want organisations to enable individuals to understand privacy policies and how to activate them. We want individuals to be empowered to give, deny or revoke their consent to share data based on a clear understanding of why, how and for how long their data will be used. Ultimately, we want the terms and conditions for using personal data to become negotiable in a fair way between individuals and organisations.
隱私、資料安全和資料探勘需成為設計應用的標準實踐。組織需要能讓個人理解隱私政策以及如何地活用這些政策。在明確的理解個人資料為何、如何、以及使用時效的基礎上,個人才真正有力量來授予、否決或撒銷對資料分享的同意。最終,個資使用的條件和情況能在公正的方式下由個人和組織來進行討論協議。
The value of personal data grows exponentially with their diversity; however, so does the threat to privacy. This contradiction can be solved if individuals become the “hubs” where, or through which cross-referencing of personal data happens.
個人資料的價值隨著其多樣化而呈倍數成長,但同時也對隱私造成越來越大的威脅。當發生個人資料被交叉引用時,若個人能夠成為自己個資的「樞鈕」,或有可能解決上述的矛盾。
By making it possible for individuals to have a 360-degree view of their data and act as their “point of integration”, we want to enable a new generation of tools and services that provide deep personalisation and create new data-based knowledge, without compromising privacy nor adding to the amount of personal data in circulation.
讓個人有機會進行對自身資料與行為全方位檢視,作為整合的中心,讓新世代的工具和服務可以提供深入的個人化與創立嶄新的資料基礎知識,而不致傷害隱私或增加個資流傳的數量。
In a data-driven society, as in any society, individuals should not just be seen as customers or users of pre-defined services and applications. They should be considered free and autonomous agents, capable of setting and pursuing their own goals. They should have agency and initiative.
資料驅動的社會中,如同任何社會,個人不應該只是被視為已先定義服務或應用的客戶或使用者而已。個人應被看待為自由自主的代理人,有能力來設定和追求自身的目標,有自己的支持和動機。
We want individuals to be able to securely manage their personal data in their own preferred way. We intend to help individuals have the tools, skills and assistance to transform their personal data into useful information, knowledge and autonomous decision-making. We believe that these are the preconditions for fair and beneficial data-based relationships.
個人能夠安全地以所偏好的方式來管理自己的個資。我們要協助讓人人都有工具、技巧和必要的協助來將自身的資料轉換成有用的資訊、知識和自主的決策。我們深信這些才是一個公平而有利的資料關係的先決條件。
The portability of personal data, that allows individuals to obtain and reuse their personal data for their own purposes and across different services, is the key to make the shift from data in closed silos to data which become reusable resources. Data portability should not be merely a legal right, but combined with practical means. 個資的輕巧移動,讓個人可依自身目的和不同服務需求來取得和重覆使用,讓資料從放在封閉孤倉轉換成能一再使用的資源。資料的移動性不應只是法律上的權利,而是結合了實用的方式。
We want to empower individuals to effectively port their personal data, both by downloading it to their personal devices, and by transmitting it to other services. We intend to help Data Sources make these data available securely and easily, in a structured, commonly-used and machine-readable format. This applies to all personal data regardless of the legal basis (contract, consent, legitimate interest, etc.) of data collection, with possible exceptions for enriched data.
我們希望能賦權個體有效地轉接自己的資料,不管是下載到自己的備設還是將其送到其它的服務。協助資料來源讓這些資料以一種結構式、共用以及機器可讀的格式,更為安全、容易取得。這原則適用於所有個人資料而無關其資料收集的法律依據(合約、同意、法定利益等等),也可能創造意料之外的豐富資料。
Organisations that use a person’s data should say what they do with them and why, and should do what they say. They should take responsibility for intended, as well as unintended, consequences of holding and using personal data, including, but not limited to, security incidents, and allow individuals to call them out on this responsibility.
使用個人資料的組織應表明他們如何處理資料,其原因和方式,也應確實依所說的來做。組織要負起負任,不管是有意還是無意,這些手上資料的後果,包括安全事件以及讓個人可以要求負責。
We want to make sure that privacy terms and policies reflect reality, in ways that allow people to make informed choices beforehand and can be verified during and after operations. We want to allow individuals to understand how and why decisions based on their data are made. We want to create easy to use and safe channels for individuals to see and control what happens to their data, to alert them of possible issues, and to challenge algorithm-based decisions.
確保隱私條件和政策反應現實,讓人們可以事先作出知情的選擇,並在操作期間或結束後進行查驗。個人可以理解自己的資料如何和為何作出此決定。我們希望為個人創造一個方便使用與安全的管道,來查看和掌控其個資的情況,收到必要的問題提醒以及可以挑戰基於電腦演算的決定。
The purpose of interoperability is to decrease friction in the data flow from data sources to data using services, while eliminating the possibilities of data lock-in. It should be achieved by continuously driving towards common business practices and technical standards.
互通的目的是為了減少資料來源者到資料使用服務之間流動的磨擦,以降低資料被鎖死的機會。不斷地精錬共同商業實踐和技術標準,才能達成此目標。
In order to maximise the positive effects of open ecosystems, we will continuously work towards interoperability of data, open APIs, protocols, applications and infrastructure, so that all personal data are portable and reusable, without losing user control. We will build upon commonly accepted standards, ontologies, libraries and schemas, or help develop new ones if necessary.
為了讓開放生態系統能最大的正向效應,我們會持續地推動資料的互通性、開放 APIs、應用程式和基礎設施,好讓所有的個人資料都能在不讓出個人控制權下進行移動、重覆使用。我們希望建立一個共同可接受的標準、本體、資源庫和模式,以及必要時協助開發新品。
Sign the Declaration, as an individual and/or as an organisation. This Declaration is written in the future tense: if your organisation isn’t quite there, but is committed to moving into this direction, it should still sign it! Comment on the Declaration. This Declaration will evolve over time, based on your ideas and practical experience. There will be an initial review after 6 months.
請簽署本宣言,不管是以個人身份還是以組織。宣言以未來時態寫成,如果貴單位還未開始,但有心朝此方向前進,就簽署它吧。 歡迎提出評論,宣言會隨參與者的理念和實際經驗而不斷進化,六個月後將有初次重新檢視的機會。
Use the Declaration to further your own projects and intentions. Base your trust framework, or your terms of services, on it. Use it to lobby and convince clients, partners, stakeholders etc.
在專案或計畫上參考此宣言,不管是信任框架是服務條款。利用它來遊說和說服客戶、伙伴和利益關係者等等。