Saira Nayak
Policy Director | TRUSTe

Earlier this week TRUSTe filed comments on the UK Government’s proposals to require organisations to give people access to their historic transaction data in a machine readable format – the so-called midata initiative.

Through this initiative, the UK Government hopes to unlock the benefits of Big Data by empowering consumers to make the right purchasing decisions through an expanded right of access to their purchase history and related information. In the consultation document, the UK cites evidence from the US Government’s Green Button initiative – aimed at creating a common data standard among Smart Grid companies and US power utilities for the storage of users’ personal energy information.[1] However, the proposed UK requirement would take access one step further – making it compulsory for all suppliers of services and goods to provide this data to customers on request.

At TRUSTe we fundamentally support the principle of empowering customers with increased transparency and access to the data that companies hold about them. However, as we have included in our response to the midata consultation today, it is important that this is done in a way that doesn’t significantly increase data security risks or place an unacceptable additional compliance burden on business in the current economic climate.

We believe that the level of access provided should be both contextually relevant and proportionate to the request and must not unduly burden the online operator with additional compliance costs. Under our own certification requirements, all companies bearing the TRUSTe seal must provide consumers the ability to correct inaccuracies or update information. In addition, TRUSTe seal holders must fulfill basic access requests – including a complete opt-out of, and/or removal of personally identifying information data from use – at no charge to the consumer.

In our view, compiling and storing a consumer’s purchase history in a meaningful and machine-readable format, as the midata initiative proposes, would take considerable additional resources and therefore we recommended in our response to the UK Government that operators should be allowed to charge the consumer a reasonable fee for this kind of request.

Other than a financial burden, the largest undesirable consequence from imposing this type of access requirement will lie in the risk to data security,  since online operators will be required to store large quantities of transaction data that might be linked to a consumer’s individual profile. Depending on the retention period required, adequately storing this data will involve a significant cost and compliance burden – particularly on smaller online operators. Over time this could constitute a significant barrier to entry for smaller companies that are attempting to enter the market.

Despite these concerns, in addition to informing purchasing decisions, we think the Midata initiative could play a significant role in making consumers more engaged participants in the data economy. Once consumers become more engaged, they also become more aware of their data protection rights – further elevating privacy as a key factor in consumers’ decisions about whether or not to use an online service. As consumers increasingly choose services based on their level of privacy protection, companies will, compete with each other to offer the consumer a more privacy sensitive service – and this in turn leads to more widespread compliance, which is good for online ecosystem and consumer privacy in general.

TRUSTe, along with other stakeholders in the UK, Europe and the US, will watch the response to the consultation and subsequent progress of these proposals in the UK with continued interest.

[1] The Green Button is an industry-led effort that responds to a White House call-to-action around the Smart Grid – provide electricity customers with easy access to their energy usage data in a consumer-friendly and computer-friendly format via a “Green Button” on electric utilities’ website. Green Button is based on a common technical standard developed in collaboration with a public-private partnership supported by the US Commerce Department’s National Institute of Standards and Technology. Software developers and other entrepreneurs, as well as 9 major US power utilities, representing over 12 million consumers, have adopted the voluntary Green Button standard.  Details at: