3.1.1. Human-centricity #
Human-centric principles [Human by design principles] strives for a fair, sustainable, and prosperous digital society, supported by design principles focused on user well-being: resilient, empowering, finite, inclusive, intentional, respectful, transparent. These principles form a good basis for human centric business use cases development.
Skills data space use cases involve processing of personal data to make important career recommendations and decisions. The DS4Skills Blueprint takes a firm stand in ensuring the respect of human-centricity principles across the data space. Human-centricity is a core principle for creating value for people and societies, affecting business processes in relation with technical, governance and user experience contexts.
As demonstrated by the following figure, the human shall be at the centre of the entire data space use case.
The DS4Skills Blueprint prioritizes individual participation, control, and benefit within and across data space use case(s). By involving individuals in data collection, sharing, and utilization processes, businesses can enhance the quality of insights, enrich engagement, and foster a sense of trust.
As the skills data is by its very nature personal, the MyData principles listed in the following table significantly impact how end users are able to utilize the data space at full empowerment as shown in the following figure [MyData-principles].
3.1.2. The Will of the Free #
The Skills & Education Data Space, aims to provide actors in the field with an infrastructure that will allow them to share and exchange data as well as develop solutions, particularly AI-based ones.
By having access to all of an individual’s exercises, grades, interests, training and professional experience, an AI service will be able to analyse his or her strengths and weaknesses and recommend personalised choices in line with the opportunities and needs of the territory. This is also beneficial for organisations that could recruit more easily. However, this approach carries considerable risks – in addition to the security of personal data – particularly associated with the determinism induced by algorithms (systemic bias) on individuals.
Trustworthy AI [Trustworthy AI] is the only way to address both the need to use AI to exploit a large amount of data, and the need to frame its use by common rules. These general rules must on the one hand be specific to the education and skills sector by including the business principles of the domain (guidance for example in recommendation systems), and on the other hand be enacted by the person concerned himself (“I must be able to decide what I want or not”).
The Skills & Education Data Space needs to empower people to control the AI and the recommendations they receive, not the other way around.
3.1.3. Personal Data Intermediary focus #
In order to implement this human-centric approach, the DS4Skills Blueprint establishes as mandatory the use of Personal Data Intermediaries (PDI) [Prometheus-X Architecture] to empower people with their data. The business, governance and technical aspects of PDIs are described in more detail in next chapters.
Hereunder, a user journey illustrating the use of a PDI in the context of a skills data space use case:
- A person logs into her university’s skills portfolio where she has defined her skills.
- The skills portfolio is connected to the data space and proposes to the person to share her skills with several job boards so she can be matched with relevant offers.
- The person is interested and gets to an interface where she can either select her PDI or register in one.
- Once the person is logged into her PDI, she is presented with a consent to share her skills data from her portfolio to several job boards to be matched with the right offers. The PDI informs her about the values and risks of sharing her data as well as about the precise use of her data by other parties.
- She gives her consent, through the PDI, for that data transaction.
- The PDI shares that consent with the skills portfolio and the job boards so that the data sharing can happen.
- Later, she logs into her PDI and can see all the consents she has given across all parties and manage them from a single point.
- She can also, through her PDI, get recommendations of other services that could use her data as well as the value and risk of sharing her data.
3.1.3.1. Why do we need PDIs? #
From a governance point of view #
PDIs are a guarantee of trust and neutrality in the network. They don’t process or provide services on the data, so they are the best positioned to help people control their data as they have no conflict of interest. A data provider or a service provider is not neutral in the data space use case, a PDI acts as a trusted third party between the players. Moreover, PDIs act as the official representative of the person in the data space. This means request, exertion of rights or consents coming from them are coming from the person which gives the person a great tool to truly control their data. Finally, the PDI will allow people to set their conditions and preferences on the use of their data, to be applied the whole data space.
From a business point of view #
PDIs serve as an entry point for people into the data spaces. They will be able to be matched with relevant service and data providers through the PDI interface which will enable service discovery and thus more services being used by people. Only the PDI can allow such discovery as other participants will only be recommending their services or their partner’s.
From a UX point of view #
PDIs offer a smooth individual UX for data sharing. People can be presented consents, value, and risks of sharing their data in a consistent manner across the data space. Moreover, they can easily manage their data from a single point without having to log into each provider.
From a technical point of view #
PDIs allow to implement a single protocol for personal data sharing based on authorisations from the individual. It lowers the technical burden of data space participants to share personal data as they need to interact only with the PDI and not with each data space participant. It also ensures compliance with relevant personal data protection regulations.