With the Welcomer approach any organisation can provide APIs for use by applications to access personal data held by the organisation. The API and associated personal data for an organisation is controlled and approved by the organisation. Personal data across applications can be linked by the individual concerned making links between common data elements held by different organisations. So if a person's name is held by two organisations, with Welcomer, the person can link the occurrences of the name. The APIs enable the person to gather all the linked occurrences and to see a list of names the person has used across different organisations. Personal data differs from other data because access to personal data requires permission and consent from the person as well as permission and consent from the organisation charged with the responsibility of holding the data. Personal Data differs from other data because it is scattered and duplicated across applications and organisations and API access has to provide a way to link distributed common data elements while respecting privacy and ensuring security.
The Welcomer APIs satisfy these constraints by controlling data access via rules within applications rather than rules applied to the data.
- The person accesses their own data via applications they agree to use.
- The system links common data elements across organisations where each data element is kept separately from other data elements
- The only meaning attached to a data element is its name.
- Organisations approve the applications that are permitted to use the APIs
- Meaning of the data is provided by the applications
- Organisations approve other organisations who are allowed to see individual data elements they hold.
- Data held by an organisation always remains with, and under the control of, the organisation
- The organisation holding the data being viewed can be anonymous to the receiving organisation
- The organisation viewing the data can be anonymous to the holding organisation
- The person providing the data can be anonymous to both the viewing and holding organisation
- Every time data is copied there is a record kept by the organisation allowing the copy to be made. The details of the copy are only available to the person concerned.
- A history of access can be retained.
The Functions of the APIs
There are two APIs for any application. The first API is a setup API that defines the rules associated with each data element for an application. This API is called by the organisation administration and the rules are stored with the data and under the control of the organisation. The second API is an access API that is called when a person uses an application. The second API returns a list of the data stored for the data element. It can also send changes it makes to the organisations holding the data for them to decide if they wish to change the value of the data element.
The administration application calls the administration API. The application has a list of all the data elements for all applications permitted by the organisation and the rules associated with each data element for each application. The only party permitted to access the administration application is the organisation. It decides independently of any other organisation the rules it wishes to apply to linked data elements.
The Organisation Personal Data API
This API receives a list of personal data element names and how recently and how each data element has been authenticated by the person. These data elements can be any personal data but are things like password, device, voice print, name, email address, telephone number, date of birth, location, home address, credential, bank balance. The access rules for each data element is set by the organisation. A rule may be not to allow the value of the data element to be returned but only to say it exists. Another rule may be to pass the data element value but only if the individual has been authenticated with at least two factors.
The PEDDAL algorithm is applied to each data element in the call. This asks for all values of all data items to be returned to the requesting application. If the application now asks for a value of the data element to be stored by the application then the data element is put into the circular linked list of occurrences of the data element held by all organisations.