Is it finally time for a privacy-protecting data service?

In the wake of the Supreme Court’s Dobbs decision, which eliminated the right to abortion granted by Roe v. Wade, lawmakers and citizens in the U.S. have become acutely aware of the surveillance capabilities of their apps, phones, and connected devices. Worried that pregnant women seeking abortions in states where they are illegal might face legal repercussions from their search histories, period-tracking apps, or cell phone geolocation records, lawmakers are focusing on privacy regulations.

Which means it may now be time for Atsign, a three-year-old company in California, to create a service that centralizes user data and then let users share their data with their chosen apps. Atsign isn’t the first company that has tried a version of this model, but the moment may be right. In the meantime, it has tried to reduce the complexity generally associated with other efforts to help users parcel out their data to only their selected apps.

Today, user data is the lifeblood rushing though much of the app and web economy. Every form you fill out, every website you visit, and every service you sign up for (even those that are paid) exist to capture information about you, package it up demographically, and sell ads based on it. Refusing to share that data limits the amount of services you can access.

There is no Maps service without sharing your location data, for example. No Gmail. No Facebook or TikTok. But as we connect more devices to the internet we’re increasingly (and rightly) leery about sharing our voice data with Alexa or our Fitbit heart data with third parties.

This is why Atsign exists. The idea is that data, especially sensitive data, such as what might come from a medical device, travels to an Atsign server in the cloud or a dedicated on-premise server running Atsign’s software and stays there. When a user wants to share their data, they can give permission for it to go to the assignee of their choice.

Today that might look like a consumer buying their own Atsign, much like a person might buy a domain, and then signing up for services with Atsign partners that would allow that consumer to put their data in their Atsign account and then share it out. But that sort of double-sided market is pretty hard to build and cumbersome for the consumer.

Which is why, initially, Atsign’s most likely customers will be medical device makers that must adhere to laws requiring them to safeguard user data. These customers would get specially designed SIM cards for their devices that send customer data to either the Atsign servers or the medical device company’s servers running the Atsign software. From there, the sharing permissions might enable certain data to go from the medical wearable to an electronic health record or another participant in the health care ecosystem.

A proprietary protocol allows devices using the Atsign service to communicate without having to open ports and with no need for static IP addresses. This also means the devices are more secure because they only send data via this one secured path.

In the case of health care, the limited audience for the data means that the sharing associated with the Atsign platform may not gain as much ground as a generically secure place to keep all of a consumer’s sensitive data. But it’s a start, and one that could help protect some very personal data. Already the company is in trials with device makers and developers interested in protecting medical data, according to Atsign engineer Chris Swan.

In the meantime, concerns over data sharing and the ability to assure consumers that their data won’t come back to hurt them is clearly leading to some shifts in the tech world. Swan told me the Google Play store has started asking developers to fill out forms related to how they handle customer data, for example. It’s possible that a service like Atsign could work with Google’s Play Store to suss out and then address its data handling policies, then act as a de facto certification for developers that sign up to use Atsign. (Although I would bet more on Google developing its own similar service.)

With the zeitgeist moving in favor of some form of authentication and protection of consumer data, a company like Atsign does have a chance to adapt to a market. If it can start with a specialized field and then branch out, I think that would be far smarter than trying to focus on the consumer web or even something like the smart home. I would like to see some type of privacy and data protection scheme find a way to survive and flourish.