Even though the upcoming General Data Protection Regulation (GDPR) is the largest and best-known effort to guard personal data, it isn’t the first one.
The Kantara Initiative was founded in 2009, and is one of the other efforts. It’s a consortium of 70 companies, and is designed to improve the trustworthy use of identity and personal data through specifications for software makers.
The Initiative has recently released version 2.0 of its User-Managed Access (UMA)tech specs, replacing the 1.0 version approved in 2013. It is intended to provide a protocol for how an individual’s personal data can be accessed, wherever it lives.
Executive Director Colin Wallis told me that the new version simplifies the previous protocol and aligns it more closely with OAuth than version 1.0 did. OAuth, or Open Authorization, is an open standard for authorization to personal data, such as granting a website access to the list of your friends on Facebook without entering your login credentials.