IB1 response to DSIT’s Smart Data opportunities in digital markets call for evidence

This is IB1’s response to the Department for Science, Innovation, and Technology’s (DSIT) Smart Data opportunities in digital markets call for evidence.

If you have any questions about our submission or require clarifications please do not hesitate to contact us via policy@ib1.org. Thank you for considering our submission.

About Icebreaker One

Icebreaker One (IB1) makes data work harder to deliver net zero. We do this by orchestrating the development of focused, decentralised Schemes that unlock data from across organisations at market scale.
Perseus, for example, enables businesses to access over $100B of green finance, by automating high-quality sustainability reporting for every SME in the UK. The Schemes we orchestrate are inspired by the architecture of the UK’s successful Open Banking ecosystem and the interventions that brought it about.

1. What issues do customers face in accessing their data held by digital markets firms and sharing that data with third parties?   

‘Digital markets’ are hard to define, given the pervasiveness of the web and related technologies. Almost all companies will use web technologies to exchange goods, services or information. 

The following are examples of consumer markets that we think are particularly reliant on network effects, data-driven operations and multi-sided interactions: 

• Social media (such as Facebook, Twitter, TikTok, Instagram, Threads and Bluesky).
• Messaging (such as Whatsapp, Messenger, Telegram and Discord).
• Online marketplaces and retailers (such as Amazon, Temu, Shein, eBay, Gumtree, Etsy and Depop).
• Payment and transaction (such as Shopify, Klarna, Visa, PayPal and Stripe).
• Operating systems (such as Microsoft Windows, MacOS, Linux, Android and iOS).
• Web browsers (such as Chrome and Firefox). Email (such as Gmail and Outlook).
• Search (such as Google Search and Bing).
• App stores (such as Apple App Store and Google Play Store).
• Virtual assistants (such as Siri and Alexa).
• Large language models and interfaces to them (such as GPT-4, Chat-GPT, Copilot, Gemini, Claude and Perplexity).
• Cloud services (such as Google Photos, DropBox and OneDrive).
• Online courses and learning (such as Coursera and Udemy).
• Jobs (such as LinkedIn, Indeed and Adzuna).
• Loyalty schemes (such as Nectar, Clubcard and Avios).
• Gaming (such as Steam, PlayStation Network and Xbox Live).
• Gambling and betting (such as Bet365, 888 and SkyBet).
• Music streaming (such as Apple Music, and Spotify).
• Podcast streaming (such as Spotify, BBC Sounds sounds and Apple Podcasts).
• Books and audiobooks (such as Audible and Kindle).
• Video streaming (such as BBC iPlayer, Sky, Netflix, Amazon Prime and Disney+).
• News (such as Sky News, BBC News and Apple News).
• Content distribution (such as YouTube, OnlyFans and Substack).
• Travel (such as Airbnb, booking.com, Expedia and Skyscanner).
• Ticketing (such as Viagogo, StubHub and EventBrite).
• Navigation (such as Google Maps, Apple Maps and CityMapper).
• Ride hailing and food delivery (such as Uber, Bolt, Deliveroo, UberEats and JustEat).
• Gig economy (such as Upwork and TaskRabbit).
• Smart devices (such as Philips Hue and Apple Homepod).
• Health applications and wearables (such as ClassPass, Fitbit, Oura, Whoop, and Flow).

IB1 is generally involved in data sharing schemes where businesses initiate data sharing, rather than individual customers directly. However, we understand that both individual consumers and businesses can face a variety of issues in accessing their data from the services they use and sharing that data with third parties, including:

• A lack of transparency in obtaining consent, including overly legalistic wording, items hidden in small print, and a lack of clarity around the full range of partners’ data will be shared with and/or for what purpose(s).
• Lack of trust – this is key for obtaining consent. 
• Individual/household dilemma – consent for data sharing pertaining to a whole household of people is obtained from a single individual (there may also be a gender bias here if the account holders tend to be male) who may or may not actually live at that address (eg shared subscription service) – there is no mechanism to ensure household members are consulted.
• Revoking or changing consent – it is often easy to give consent (e.g. automatic pop-up) but much harder to change or revoke consent (e.g. requires a log in, hidden in a long settings menu, not available by non-digital means) – this requires much more transparency and an easy process.
• Linked services – Lack of understanding about the impacts of giving, changing, or revoking consent for services that may be linked (e.g. reliant on data flows) but potentially operated by different companies. For example, consumers may not understand the impact of rejecting access to a type of consumption data on access to smart products and services.

2. The government would like to identify where businesses are being held back by poor data access and where these data access issues could be helped through a Smart Data scheme. What use cases do you believe could be supported through a Smart Data scheme to address those issues, including types of products and services that ATPs might be able to offer, and what outcomes could this result in? 

Defining digital markets where businesses are particularly held back by poor data access is again hard to define.

In the context of this consultation – and to delineate this work from the UK Government’s existing work on Smart Data in more clearly defined, regulated markets such as energy and finance – the following can be seen as examples of business-to-business digital markets:

• Operating systems (such as Microsoft Windows, MacOS, Linux, Android and iOS).
• Cloud and compute (such as Amazon Web Services, Microsoft Azure, and Google Cloud).
• Virtual workspaces (such as Microsoft 365 and Google Workspace).
• Project management and productivity (such as Asana, monday.com and Notion).
• Instant messaging and video conferencing (such as Zoom and Slack).
• Large language models and interfaces to them (such as GPT-4, Chat-GPT, Copilot, Gemini, Claude and Perplexity).
• Financial management and accounting (such as QuickBooks, Sage and Xero).
• Customer relationship management (such as Salesforce, Hubspot and Mailchimp).
• Data science and reporting (such as Databricks and Microsoft BI).
• Content production and editing (such as Adobe, Canva and Figma).
• Social media (such as Facebook, Twitter, TikTok, Instagram, Threads and Bluesky).
• Recruitment (such as LinkedIn, Indeed and Adzuna).
• Online marketplaces and retailers (such as Amazon, Temu, Shein, eBay, Gumtree, Etsy and Depop).
• Logistics and distribution (such as SAP, Oracle and EasyShip).
• Online advertising (such as Meta Ads and Google Adsense).
• Payment and transaction (such as Shopify, Klarna, Visa, PayPal and Stripe).
• Web publishing and content management (such as WordPress, Wix and Squarespace).
• Content distribution (such as YouTube and Substack).
• Ticketing (such as Viagogo, StubHub and EventBrite).

This list is far from exhaustive; there are many further domain-specific digital markets.

At IB1, our focus is to drive the development of schemes around tightly-focused challenges or use cases related to net zero. Our flagship programme, Perseus, enables small-and-medium sized businesses to share granular emissions data from their smart meter systems with banks and other lenders. By providing lenders with the accurate and assurable data they need, the Perseus enables participating businesses to access loans and other finance to help reduce their emissions.

We urge DSIT to explore opportunities for Smart Data schemes to drive the sharing of similar energy consumption and emissions data related to these digital markets. The cloud and compute services market, for example, is responsible for a significant and increasing share of global greenhouse gas emissions. The data centers it uses consume close to 3% of the world’s electricity and global greenhouse gas emissions comparable to the airline industry. This could be achieved efficiently by developing or adapting Perseus.

3. What types of data and data holders would need to be in scope of a scheme in order to support any business models and address data access issues and use cases you have identified above? 

Data and data holders to target will depend entirely on the purpose of any Smart Data scheme. 

We believe it will be more difficult for the UK Government to establish a ‘contained’ scope for a Smart Data scheme here than in more clearly defined, regulated markets such as energy and finance. With digital markets, services are often entwined – for example, Facebook is both a social media platform and a marketplace for goods.

Open Banking was delivered through clear identification of a problem in the consumer banking market, supported by evidence. Any smart data scheme for digital markets will need a similarly thorough analysis of the market dynamics that require improved data access and intervention. 

In determining what data holders should be within scope of a Smart Data scheme for digital markets, DSIT could adopt a similar approach to the UK’s Online Safety Act and the EU’s Digital Market Act. Although imperfect – see discussion around Wikipedia’s classification under the OSA – these interventions target organisations with the power to act as gatekeepers to particular markets, primarily based on their user numbers and market position.

In determining the scope of any Smart Data scheme for digital markets, we urge DSIT to:

• Identify a very clear use case. Without this, data sharing doesn’t work. A clearly defined use case ensures there is no ambiguity around the purpose of the scheme and what it must achieve.
• Arrive at use cases and data sharing rules collaboratively. Our approach, Icebreaking, involves scheme co-creation with regulators, consumer organisations and civil society as well as industry.

4. What are your views on the feasibility to deliver a digital Smart Data scheme? Please consider any current or planned industry developments or changes that might affect delivery and highlight any key challenges.

Delivering a Smart Data scheme for digital markets is eminently feasible, even accounting for the difficulties described above. Perseus is proof of this, with banks starting to use the data to inform real loan-making.

5. Do you have an initial or provisional view on the likely impacts (positive and negative) on:

• Existing and future customers
• Data holders
• Small and micro businesses

We encourage the identification and definition of clear use cases with defined users (as mentioned in question 3) to be able to comment on likely impacts.

6. Do you have an initial or provisional view on the likely impacts (positive and negative) on:

• Innovation in the supply or provision of goods, services and digital content whether directly affected by a scheme or otherwise
• Competition in markets for goods, services and digital content affected by the regulations or other markets
• Business investment in the UK
• Economic growth

We encourage the identification and definition of clear use cases with defined users (as mentioned in question 3) to be able to comment on likely impacts.

7. What challenges and risks should we consider when developing a digital markets smart data scheme and how can we mitigate these? This might include (but is not limited to): competition; customer exclusion; data quality or data misuse; ethical, operational or technical readiness.

We see the following risks to successful delivery: 

• Developing a centralised solution. 
  • Mitigation: embrace a decentralised model, which aligns with the approach taken by Open Banking, and the architectural principles of the Data Sharing Infrastructure for ease of access and protection (ensures alignment with national strategy, Open Banking has been endorsed by the Competition and Markets Authority (CMA) and the Financial Conduct Authority (FCA)).
• Not codifying the relationship and responsibilities of the smart data scheme to be in support of the UK’s net zero and climate targets. This is essential to meeting the UK’s net zero and industrial strategy goals.
  • Mitigation: Codify the relationship between a digital market smart data scheme and existing net zero goals.
• Not following a use case driven approach. The risk is trying to do too much at one time, and the programme becomes overwhelmed without a core focus point.
  • Mitigation: follow a use case driven approach 
• A chosen use case does not have a clear business impact case. If there is no financial incentive, there will be no movement.
  • Mitigation: an advisory group articulates their business case for the chosen use case. 
• Failure to implement governance from the start, and governance failure to address broader user needs, technical implementation, legal, communication / engagement and policy impacts.
  • Mitigation: robust governance from the outset. 
• Lack of cross sector collaboration. Risk of non-interoperability and not taking the learnings from other sectors.
  • Mitigation: actively engage with stakeholders from the start.
• Too much emphasis on a technical solution  – must equally address governance, user needs, business, social, legal, engagement and communications to be successfully implemented and ensure a scheme is fit for purpose
  • Mitigation: understand the holistic approach required – user needs, legal, policy, and communications. https://ib1.org/sops/governance-schemes/ 
• Cultural change and industry readiness 
  • Mitigation: interact with the current data sharing culture within the energy companies, and consumers must be engaged to understand their value proposition. 
• Stakeholder engagement for collective agreement across the sector
  • Mitigation: engage early, often, and formally through governance.
• A scheme is seen as a technical solution rather than a holistic solution.
  • Mitigation: a trust framework incorporates technical, communications, engagement, legal and ongoing governance arrangements.
• Unequal access to smart services if we do not address the challenges known to exist in digital markets or known barriers to access, and any other infrastructure collecting the data which will be used in the scheme. This unequal access will be baked into any smart services offered and may unintentionally miss out key beneficiaries.
  •  Mitigation: robust governance experience to reduce unintended impacts.
• Creating unintended monopolies, negative incentives, corporate capture, and data misuse
  • Mitigation: robust governance, embracing and building upon open source solutions. 

8. What are the potential implementation costs to industry of introducing a digital markets Smart Data scheme? What aspects of a scheme might be most expensive to implement?

Open Banking is a case study for engagement for Smart Data. It has over 15 million users and over 29 million transactions per month. This provides strong evidence that there is both appetite and capability for British consumers to engage with Smart Data utilising a Trust Framework approach. 

Since 2013, it has cost Open Banking £millions to achieve this success. Building on the foundations of Open Banking, the Smart Data schemes Open Energy and Perseus have been able to be in pilot phases for £3.5m. With these foundations laid, costs for smart data schemes should be reduced over time as we build on the existing investments and lessons learned through implementation.  

As a key learning from the success of Open Banking is to follow a use case driven approach, it is vital to note that identifying the user(s), their needs and developing use cases requires time, effort and resources. This can be a challenging aspect of a scheme to define but it is a core element as everything is built around the user needs. 

Another key learning from Open Banking, Open Energy, and Perseus is the importance of incorporating robust governance from the outset. Implementation costs will include secretariat functions for a governance body, relevant company time for stakeholder engagement and scoping requirements, and technical implementation. This will include team members from across an organisation, which may include innovation, technical, data, research, legal, communications/PR, and policy compliance teams. 

9. How can we build and maintain customer trust in a digital markets Smart Data scheme? For example, what responsibilities need to be considered for data owners and ATPs?

Obtaining consumer consent and customer trust is key for a digital market smart data scheme. It is important to note that the current methods for obtaining consent from a consumer may be ineffective or inefficient as laid out in our response to question 2. 

As mentioned in IB1’s Developing an energy smart data scheme: call for evidence response, please find our recommendations to build and maintain trust with core principles below:

• Governance mechanism is built to function flexibly: As digitalisation of the wider economy accelerates it is essential that governance adapts with a shifting technical landscape. There will be a continual balance between addressing user needs and potential threats, necessitating robust governance to be participatory and responsive to a full spectrum of social and environmental considerations shaping the operational landscape, for example including capacity to respond to forthcoming Net Zero 2030 milestones. 
• Simple and Low Friction: IB1 recommends a simple and low friction option which builds on previous implementation in other industries, for example Open Banking which has been endorsed by the Competition and Markets Authority (CMA) and the Financial Conduct Authority (FCA), to ensure an energy smart data scheme is aligned with national strategy.
• Interoperable IB1 strongly recommends taking a joined up approach which is interoperable with initiatives across the economy. IB1 suggests the solution defines relationships with cross-sector bodies to enable cross-sector interoperability.
• Agile, Flexible, and Scalable: IB1 suggests introducing a clear process for change management in this principle. As governance needs will likely change with time. This may include indication of how the list of permitted data use purposes will be maintained with additions and removals
• Transparent and Informative: IB1 strongly recommends that documentation is published openly, along with any accompanying processes, methodologies, financial, legal, operations and governance processes, as also suggested in our DSI consultation response. 
  • Clear and consistent use of definitions and communications surrounding data. IB1 uses the data spectrum to communicate the definitions and differences between Open, Shared, and Closed data. 
• Inclusive by Design: IB1 urges the defined user journeys, messaging, terms, and customer support to be easy to use, transparent, and explained in a way that someone with a low technical reading comprehension can engage with. IB1 recommends building on open source, if not incorporated, there is a risk of inadvertently creating a monopoly.

• Secure by Design: IB1 encourages working with the National Protective Security Authority (NPSA) and National Cyber Security Centre (NCSC). IB1 would also recommend an adversarial analysis to be performed to see where security gaps may occur, and may affect the proposed architecture. A Smart Data scheme must avoid creating large targets for hackers where a compromise affects many consumers. Data required for investment must undergo a thorough assessment of risks, benefits, security measures, and potential international standards as there may be implications for data transfer and use across the UK and international borders. 
• IB1 recommends a focus on data rights: the same data will be used for many purposes. This means there will be multiple rights, based on purpose, carrying different legal, liability and related conditions. 

10. What common principles are needed to support the development of a digital markets smart data scheme and why?

We have recently introduced NOVA. A ‘NOVA-compliant’ solution embodies a coordinated structure of interoperable rules, governance, and infrastructure that connects actors across sectors while ensuring data flows are lawful, rights-based, and fit-for-purpose. NOVA stands for:

Networked

Data infrastructure must support modular, federated and interoperable participation across organisations, sectors, and jurisdictions.

• Modular: embody what is needed in a repeatable, cohesive and scalable manner
• Federated: support the coexistence of multiple platforms, protocols, and providers
• Interoperable: systems (not just technical, but also legal and operational) must be able to interact with low cost and friction, with harmonised approaches

Open

Data infrastructure must be grounded in open standards, API-enabled access, and transparent governance.

• Open standards: standards which are openly accessible and usable by anyone
• Open APIs: a web-addressable interface that enables machine-enabled data exchange
• Transparent governance: clear, accurate, and timely disclosure of policies, decisions, performance and impact

Verifiable

Data infrastructure and data access, usage, and governance must be assurable, rights-based and permissioned.

• Assurable: that the process of joining as a member, and of enabling data transfer and use can be audited, tracked and held to account
• Rights-based: data sharing is based on legal and related rights, codified in a contract, and enabled between assured members
• Permissioned: where relevant, or required by law, that permission or consent is given from the business or consumer, or that pre-authorised permission is determined by contract

Architecture

Data infrastructure must optimise for market access while enabling adaptive governance, whether market participants are data providers or data users, to ensure an open market.

• Market access: enable any Verifiable actor to enter the market
• Adaptive governance: define, iterate at market-relevant pace, enable, and facilitate scalable enforcement of, the rules
• Open market: ensure private sector, public-benefit, and national interests are addressed

11. Are there any tensions, overlaps, gaps or other features of the regulatory landscape in digital markets that the government should take into consideration?

As noted in IB1’s response to the Department for Science, Innovation, and Technology’s Technology Adoption Review, IB1 notes a key barrier to digital market and technology adoption, investment, and participation is a lack of a consistency in vision and policy which is vital for the decision makers in the organisations and companies to de-risk technical and innovation investments. Having a cohesive, consistent vision with clear actions allows for stakeholders to incorporate data sharing and data access at the core of their decisions.

As the data sharing economy develops in a manner which is increasingly fluid and cross-sector there is an ongoing need for policy and regulatory development which horizon-scans, assesses, and defines responsibility for addressing different aspects of the regulatory landscape. Providing this form of policy and regulatory join-up presents essential support to the incentivising and de-risking of investment in strategic sectors. 

Additionally, it is essential to have consistency within sectors and to consider cross-sector interactions of digital market Smart Data schemes, especially across the pinchpoints where sectors meet and/or markets are increasingly ‘coupled’ (i.e. energy and transport; energy and water; energy and manufacturing). It is essential that a smart data scheme promotes interoperability and consistency across sectors, promoting a whole-system approach to digitalisation and net zero.

12. What data sharing initiatives already exist in digital markets that the government should be aware of when evaluating a Smart Data scheme in digital markets?

Open Banking

The Open Banking Standard, which is now implemented in over 95 jurisdictions and a £20B open market, placing the UK at the forefront of data sharing innovation. It uses financial-grade APIs within a strong, neutral governance framework to address data policy, licensing, privacy, liability and technical standards. 

Perseus

Icebreaker One’s Perseus Scheme (the ‘rule book’ defining how data is governed) is aiming to facilitate trusted, standardised, permissioned and secure data sharing across sectors. It addresses key challenges in data interoperability and trust by linking data systems through a cohesive Trust Framework, streamlining the process of collecting and reporting emissions data. By enabling interoperability between members, it enables SMEs to minimise their manual effort in measuring and reporting their GHG footprint, and matching their profile to green finance. 

It is being developed by a group including commercial businesses (incumbents and challengers), non-profits, public bodies and trade associations, with support from the UK Government.

Open Energy

Icebreaker One’s (IB1) UKRI Modernising Energy Data Access competition-winning programme Open Energy has identified and articulated the need to make it straightforward to find, access and share energy data. IB1 established an energy sector data sharing programme through sector engagement (convening 100s of organisations and 500+ public webinar attendees) and governance processes (80+ Steering and Advisory Groups members) to develop operational services for search and access control. These are are now live and market-facing through the Energy Sector Trust Framework and Schemes, IB1 created, designed and developed Open Energy https://ib1.org/energy/ to provide three services:

1. Community: an expert network of professionals – the IB1 Constellation
2. Governance: co-design of data sharing Schemes using our Icebreaking process
3. Trust Services: An Energy Sector Trust Framework for Scheme implementation, covering Open Data, commercial Shared Data with pre-authorised access controls, and commercial Shared Data where access requires end-user permission/consent. In addition, Trust Services deliver search and assurability services. 

Our approach helps drive the design, implementation and adoption of open standards to create assurable data flows between organisations. This enables assurable Open Data and pre-authorised Shared Data and ultimately builds confidence across the ecosystem.

As noted in IB1’s Developing an energy smart data scheme: call for evidence response,international examples of data sharing initiatives include (not all smart data schemes):

• India: https://indiastack.org/
• Government scale (not energy system) Taiwan – https://digi.taiwan.gov.tw/ MyData – https://www.ndc.gov.tw/en/nc_8455_34364 
• COVID tracking – data governance: https://academic.oup.com/policyandsociety/article/41/1/129/6513795
• See for examples of data ecosystems and learnings: https://cris.vtt.fi/en/publications/guidebook-data-ecosystems-for-smart-sustainable-cities 

13. What lessons should we bear in mind from Open Banking that would be helpful to consider when developing a digital markets Smart Data scheme?

It is essential that Open Banking is viewed holistically – an entity incorporating technical, communications, engagement, legal and ongoing governance arrangements – rather than a technical solution.

IB1’s foundational work on Open Energy, Open Net Zero and approach to data sharing is based on the foundations of Open Banking. IB1 practises this through:

• Decentralised architecture implementation
• Advocating for common secure web standards (i.e. FAPI)
• Openly published rules and clear governance structure 
• Openly list service providers are available
• Providing member services 

As mentioned above, a key learning from the success of Open Banking is to follow a use case driven approach.

General lessons from national and international data sharing initiatives: 

• Incorporate governance at the outset. It is difficult to retroactively implement robust governance.
• Ensure governance is robust, participatory and responsive. It will be required to adapt to a full spectrum of social and environmental considerations shaping the operational landscape. A governance model must reflect the socio-technical nature of the energy sector, not just the technical side.
• Avoid putting too much emphasis on a technical solution  – An energy smart data scheme must equally address governance, user needs, business, social, legal, engagement and communications to be successfully implemented and ensure the solution is fit for purpose.
• Complexity and collective agreement across the industry – an initiative must recognise the complexity and changing nature of the energy industry.
• Cultural change and industry readiness – must understand and interact with the current data sharing culture within the energy companies, and consumers must be engaged to understand their value proposition. 
• Appropriately defining and governing the roles and responsibilities.
• Appropriate legal support and resourcing – a mechanism must develop the applicable data licences, and needs to be appropriately resourced to be able to do so. 

14. What lessons should the government bear in mind from the EU DMA and other Smart Data schemes in other jurisdictions including the establishment of Open Banking schemes around the world?

Icebreaker One Founder & CEO, Gavin Starks, co-chaired the development of the Open Banking Standard, co-chaired the UK Smart Data Council, and was founding CEO of the Open Data Institute. Since then Gavin has advised New Zealand and Canada on their implementation of Open Banking in their jurisdictions. 

In New Zealand in particular, the initial implementation of Open Banking was sector-led by Payments NZ. In 2017 and 2019, former Ministers of Commerce and Consumer Affairs wrote to New Zealand’s banks to encourage them to advance sector-led initiatives for open banking. From 29 August to 10 October 2024, the Ministry of Business, Innovation, and Employment consulted on policy settings for banking regulations under the Customer and Product Data Act, the regulations for which were then drafted in 2025. This shows the importance of both industry collaboration and regulatory mandate to drive sector-wide adoption.

15. Do you have any additional comments on any aspect of developing a digital markets Smart Data scheme that has not been covered elsewhere in this call for evidence?

None.