Security Experts:

Dataswift Raises $2 Million in Seed Funding to Revolutionize Personal Data Sharing

Dataswift, a Cambridge, UK-based company founded by Professor Irene Ng in 2015, has raised nearly $2 million (£1.6 million pounds) in seed funding from IQ Capital, with participation from Pacific & Orient Properties Ltd and Alphanumeric Corporation. Dataswift sells web services technology to apps and websites who want their users to have HAT personal data accounts.

HATs (short for the 'hub-of-all-things') have grown out of the crisis over personal user data -- which is becoming more and more problematic. Every web-based company wants some of it, keeps too much of it, and stores it in a central database. Apps collect personal data and do similar. Those databases are continually breached and the personal data stolen and leaked onto the dark web.

Other companies, including data brokers, buy personal data and aggregate it; sometimes not very efficiently because of differences in the data provided by the different sources. Aggregated personal data is not necessarily clean personal data.

The result is that users have little or no control over the use or accuracy of their own data. From the user perspective, the internet is broken. Governments have recognized this as a problem and are introducing stringent regulations designed to give control of personal data back to the user (GDPR in 2018, CCPA in 2020). This is creating additional problems for the data gatherer, who is held responsible for the data, but doesn't technically own it.

HAT -- as an organization -- was founded in 2016 by Andrius Aucinas, Paul Tasker, Prof Irene Ng, and Xiao Ma with an aim to solve this problem. It grew out of the work of seven UK university professors who decided that users' ownership of their own data should not be just a semantic construct but a practical reality.

The basic idea is that the user owns and controls personal data in a personal data account contained in a personal database wrapped within microservices. The database could be stored anywhere, but most usually in the cloud. The microservices are pieces of code controlled by the user that control permissions for giving and receiving new data into the personal HAT database.

In GDPR terms, this means that the user is both the data controller and the data processor for his or her own data. It could be an attractive proposition for ethical apps and websites -- they no longer need to store personal data in a central database with all the stresses of protecting that data. They simply access the user's HAT to gain required information in the same way as many currently use the data stored by Facebook or Google for login requirements. The microservices deny or allow use of the data for the purpose agreed between the website/app and the user.

HATs are built on the HATDeX (hub of all things data exchange) platform. It establishes the necessary permissions, contracts and governance between plugs, apps and tools created within the HAT ecosystem. Plugs bring data into HATs from internet applications. Apps get data from HATs through data debits, and give data into HATs. Tools are pre-trained machine learning algorithms and analytics that output results only to the HAT, and can only be shared more widely through data debits. As a result, a HAT owner can closely control who gets what aspects of his or her personal data.

Apps now interact with individual HATs rather than directly with the user in data acquisition. They get to use the data (for authentication, for example), but do not get to keep it. The user keeps the data, and can re-use and re-share with other apps. "Since the HAT is API-based," notes the hub of all things website, "corporations can build in the ability for the individual to operate the microservices in the HAT within their own app to inquire data, with permission, as and when needed, without having to store the data."

Dataswift is a firm that sells web services technology to apps and websites that want their users to have HAT personal data accounts. It gives its customers the ability to build data-rich personalization and recommendations, drawing from information in the HAT personal data accounts with the users' permission.

For example, in August 2019, the UK's Financial Conduct Authority (FCA) formally approved HAT Microservers to hold consumer finance data like banking and spending information. The HAT platform was approved as an Account Information Service Provider (AISP), which gives consumers with a HAT Microserver "the ability to pull banking data from services like Monzo, Revolut, and high street banking providers into their personal data accounts, adding payments and transactions data to their social, fitness, productivity, and mobile data as they wish."

Dataswift believes that by November 2019, HAT owners and HAT-enabled websites and applications will benefit from finance data for day-to-day use -- but only, of course, with the user's permission. Irene Ng commented, "FCA Approval is an acknowledgement that individuals themselves can own their data for re-use and re-sharing with HAT Microservers as personal data accounts. Our partner websites and applications in the HAT ecosystem will now be able to request for data and spending insights from their own customers which is a testament to the fact that we can have innovative and data rich services while preserving individual privacy and data rights."

The new funding is designed to assist Dataswift help webservices expand the HAT ecosystem. The funding, said the firm, "will allow the team to roll out the new personal data infrastructure globally and will empower apps and websites to upgrade their company-held user accounts to HAT personal data accounts. Beyond expanding into new markets, the funding will also enable Dataswift to continue to invest in its technology, working with the ecosystem of 10 universities and 30 independent partners that have been implementing its approach to personal data technology for the last six years."

Irene Ng explained, "Personal data account technology should be an essential part of a developer's tool kit, as they build ethical, useful, and data-rich websites and applications. This investment comes at a critical time, as tech companies battle privacy concerns with their collection and usage of personal data." With HATs, incidents like the Cambridge Analytica scandal could be prevented.

Related: Cambridge Analytica: Firm at the Heart of Facebook Scandal 

Related: FTC Fines Facebook $5B, Adds Limited Oversight on Privacy 

Related: New York State Proposes Stricter Data Protection Laws Post Equifax 

Related: Eight Steps to Data Privacy Regulation Readiness

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.