European Workshop on Trust & Identity

In cooperation with GeantLogo184x80

EIW 2013 Tue Session 3B

Trust and Market for Personal Data: Privacy - How to re-establish trust?

Personal Data is exchanged from parties apart from the data subject - the individual.
New data protection regulation - how would these market fit within this new framework.
Lots of data known about us and our behavior. Information Richness - creates opportunity - promising.

Data about People is the Basis of the Digital Age but Social Data not equal to Personal Data.


We need a rich information-market space where information can be freely used, re-used, traded, combined, pooled etc. t spur innovation

Unexpected uses and sales of personal data infringe on people's privacy.

Visit one website that 56 instances of data collection. Deposited in a data aggregate store. Aggregators sell comrehensive profiles. (Safeaddresses.de)

Do we as consumers do

The current regulatory framework - little protection from status quo
Data protection model - data subject, controller, processor and third party

New concept in the regulations "the producer"

very difficult within the current

Take it or leave it - with a service provider - accept OR leave the service.

Regulated data Exchange - Identified market between the individual and direct service provider

2ndary market that has rich information.

The model assigns rights and obligations
One visible and liable partner (instead of 56 entities).

Explicit bilateral agreements recorded in personal data usage policies

People recieve a (property like) right to their personal data
people shall not sell their property right similar to heirloom sliver...but others might pay to use the data.

Self-Identity is such a right (can not sell)

Clear separation of service and information exchange plus privacy-friendly default.

Data minimization - personal data necessary for search service.


Personal data use is accountable and compliance to the usage policy can be traced (information governs itself - or sticky policy paradigm)

Must assure that those operate within the bubble of "contextual integrity).

Everyone has the right to use or trade sufficiently anonyomized social data.

What constitutes sufficiently anonymity is defined in Best Available Technique Reference Documents.

Build on existing privacy and identity technologies.

Enable 1:1 relationship
Declare people's "property"
two-sided agreements on data use
trace personal data technical accountability

Kaliya
shared the three market models from Personal DAta Ecosystem consortium

Model 1) VRM was like the first party to second party direct relationship
Model 3) is like the aggregate data markets

Model 2) was novel and unique

Web today on the web is like a vending machine of the 50's.
Terms of negotiation on the web.

Today it is changing.

Where to start?

Different markets.
Carvoyant is focused on the Car industry.
in EUrope companies are focused in ePortfolio

What happens beyond the Anonymity Frontier
things happening that should not be happening.


Device fingerprinting
is it a mac or a PC -> use that information use people differently.

Link to presentation from WU Wien(external link)