What is MyDataCan?
The MyDataCan platform (“MyDataCan”) is an online platform offered by the Data Privacy Lab at Harvard University. The purpose of the Platform is to create a secure and privacy-principled ecosystem of data sharing where:
- Software developers write apps that provide a copy of a user’s information directly to the user;
- data providers can provide a copy of a person’s information directly to the person who is the subject of the data; and,
- an individual has direct control over the sharing and use of their personal data.
What is unique and important about MyDataCan is that Apps provide you, the user, a copy of your user personal data and you decide whether Apps can use your data. We explain how this works below.
What do I most need to know about MyDataCan’s Privacy Practices?
This Privacy Statement describes how MyDataCan and Apps work together to share information securely and in accordance with privacy principles. It is simple: you are in control of your data on MyDataCan. We still urge you to read through this entire Privacy Statement, so that you can understand exactly how MyDataCan stores, manages, and uses information about you, the important things to remember are these:
- MyDataCan gives you a “DataCan” that holds all of the data that MyDataCan stores about you (“Your MDC Data”). MyDataCan also provides a “Dashboard” that describes the data in your DataCan and allows you to decide how it may be used. Through the Dashboard you can view, share, delete or “privatize” Your MDC Data.
- The privatized option allows you to encrypt your information with a passphrase that you know but that is not stored on the MyDataCan platform. Privatized information is unreadable on the platform. You can reverse the process using your same privately held passphrase to make the information visible on the platform again.
- An App may not access Your MDC Data unless you have subscribed to that App. Generally you must allow an App to access Your MDC Data if you subscribe to the App, but in some cases the App may allow you to opt out of allowing the App to use Your MDC Data, even if you have subscribed to and are using it.
What information does MyDataCan collect about me, and how is it stored?
MyDataCan collects information about you in three ways:
- You join MyDataCan through a community, school or other organization. Either you provide information when you setup your account, such as name or email, or your community, school, or organization pushes information about you into your DataCan which is visible on your Dashboard on MyDataCan. This includes your name and school email address.
- Apps push information into your DataCan. The details of what kind of information an App pushes into your DataCan is available on the “My Data and Apps” tab of your Dashboard on MyDataCan.
- You input information into your DataCan, through the Dashboard. For example, you may add an email address or phone number to receive notifications from the MyDataCan or from Apps.
All of the information MyDataCan collects about you — that is, all of Your MDC Data — is stored in a DataCan assigned to you and you alone. You can use the Dashboard to see what kinds of information are in your DataCan. You can also use the Dashboard to see the actual data in your DataCan.
How can I see and control what MyDataCan and the Apps do with my MDC Data?
You may access the Dashboard after you authenticate yourself to the MyDataCan platform. When you have authenticated in, your Dashboard will show you the following information:
- A list of the kinds of information about you that make up Your MDC Data;
- Information about the Apps available to you on the platform, including:
- Features and functionalities of each App,
- The information about users that each App provides to MyDataCan, and
- The information about users that each App queries within MyDataCan in order to operate;
- A list of the Apps to which you are subscribed; and
- A list of the Apps to which you have made Your MDC Data available.
The information in Your DataCan — that is, Your MDC Data — will change over time, as you use Apps. When you subscribe to an App, MyDataCan may receive into your DataCan a copy of information that the App collects about you. If so, that information is your copy of the information.
You may use your Dashboard to do the following:
- To subscribe to Apps that allow direct subscribe options from within MyDataCan; and
- To view Your MDC Data.
What do the Apps do with data they collect about me?
The Apps may collect data about you. For example, an App may collect GPS information that logs where you were and when you were there. An App may provide some or all of the information it collects about you to MyDataCan. Any information that an App collects about you and provides to MyDataCan goes into your DataCan and is identified for you in the Dashboard, where you will be able to view, share, delete or privatize it. We describe how you can do this above, in the section called “How can I see and control what MyDataCan and the Apps do with my MDC Data?”
The Dashboard will tell you what information each App collects from its users, so that you can make an informed decision whether you want to use the App.
How does MyDataCan decide what Apps to include on the platform?
- collect only what is necessary to accomplish the task
- shared information is the minimal information needed to accomplish the task
- keep personal data no longer than is needed to accomplish the task
- the person who is the subject of the data should have a copy of their data
- individuals should be able to make corrections to their own data
- individual participation is optional
- comply with stringent security practices.
Use of Certain Third-Party Applications and Websites
Changing This Privacy Statement
MyDataCan may make changes to this Privacy Statement at any time. MyDataCan will post notice of changes to the Privacy Statement on this webpage, and by accessing the Dashboard or any App after the modifications to this Privacy Statement have been posted, you agree to be bound by the modified Privacy Statement. Accordingly, you should periodically revisit this page to review the then-current Privacy Statement.