Refocusing the debate from personal data ownership to personal data sharingWednesday, October 26th, 2011 by Corrado Moiso
In my previous posts, I have introduced the concept of “Personal Data Store” where an individual can collect, store and manage all his/her personal data: “Personal Data Store” is intended to be a cornerstone for the evolution of the current enterprise-centric ecosystem on personal data (in which end-users are poorly involved in handling of their personal data) towards a user-centric one (in which end-users can enforce a greater control on their personal data). Tools implementing “Personal Data Store” functions adopted names such as vault or locker (see http://lockerproject.org/, http://themineproject.org/), in order to stress the fact that they enforce individuals’ ownership on their personal data. Such an analogy assumes that “my personal data” are “my data” and that I must keep them “secret”.
But this is not fully true. First of all, it is important to point out that my personal data are not only data that I explicitly generated, but they are data “about me”, e.g., data which are recording observations or analyses about me and my behavior. The discussion about the ownership of these personal data is an hot topic and several blogs (some of them are “Data Ownership in the Cloud”, Dataportability, and Privacy and Public Policy work group at Kantara) are active in debating on it. In some cases the discussion about who owns my personal data and who should own them becomes sterile, with limited impacts on the current approaches to personal data handling. An interesting position was proposed by Joe Andrieu, co-chair of the Kantara’s working group on information sharing (http://blog.joeandrieu.com/2010/01/21/beyond-data-ownership-to-information-sharing/ ): Joe suggests to move the focus of the discussion from the concept of data ownership to that of data sharing.
In fact, one of the first issues to be considered is that some personal data could have “multiple owners”. For instance, both the user and the provider of a service can claim ownership rights on the user’s personal data generated during the delivery of some service (e.g., the payment transaction). Moreover, a service provider can “observe” the actions I performed on its servers and store them on its servers (e.g., the record of my searches, the log of the pages I visited, or the network cells my mobile registered on). Such a situation causes several conflicts among the involved actors. In the current enterprise-centric ecosystems, it is necessary to protect end-users: therefore providers must declare the conditions (and in some cases they are obliged to put constraints) on the treatment of the data used, generated or observed during service deliveries. In order to improve/equilibrate the current situation it was suggested to enable individuals to collect and manage all the data about them, including those generated or observed by the providers during the delivery of services requested by the end-users. To enable this scenario, service providers must share with individuals data about them, by providing mechanisms to access/retrieve/synchronize such data (e.g., by extending the APIs already adopted by some of them in order to attract more users, or by adopting XDI-based interfaces). In this way, individuals can collect, manage, and exploit data about them.
Another issue to be considered concerns the “meaning of data ownership” in the digital context where data sharing is, in general, implemented as data copying. The term of ownership is quite clear in the physical world: selling, transferring, or stealing a thing (made of atoms) preclude the original owner from continuing to use it. This does not apply to the cyberspace, where (copies of) some piece of information (made of bits) can be sold, transferred, and stolen without that the original owner “necessarily” loses rights on it.
Sharing through copy allows individuals to disclose pieces of information to multiple service providers in order to request or to get better (e.g., personalized or higher-quality) services. Actually, for an individual, sharing personal data (even if they are classified as “sensible”) is more important that keep them secret: if we do not disclose personal data, we cannot fully exploit them (e.g., if I do not disclose to a doctor my symptoms and habits, she/he can hardly elaborate a right diagnosis).
In order to keep “ownership” on disclosed personal data, we must be able to control their sharing: we must discriminate which pieces of personal information can be disclosed to a given 3rd party and to declare under which constraints such a 3rd party is entitle to use them. In this scenario, a critical point is the trustiness of the 3rd party (e.g., we have to trust that our doctor keeps professional secrecy, when we disclose to him/her information on my health): in fact, it is almost impossible to guarantee only by means of technical solutions that our disclosed personal data are used under our conditions as soon as they are passed to a 3rd party (e.g., see the experiences of defining DRM frameworks). In order to reduce these risks we could decide to share information only with trusted parties, or only with parties which operate platforms “certificated” by some external authority.
In summary, we could claim that I enforce the ownership on my persona data (i.e., data about me) not because I can keep them secret, but because I can control their collection, sharing and usage. In order to do that, I should be able to establish relationships with the providers of the services I use (either in the physical world or in the digital one), by defining which are the data I disclose to a given provider (my data in the figure), the data that this provider disclose to me (provider’s data), and the data which are generated in the context of service deliveries (our data). The relationship must also include the policies constraining the usage of the shared piece of information. Such relationships are a possible tool by means of which individuals and providers can solve possible conflicts (or tussles) on the personal data ownership, in particular those concerning “multiple ownership”.
“Personal Data Stores” should provide the features to define and control the personal data sharing. A first set of capabilities is related to the definition and the implementation of relationships between individuals and 3rd parties: they could be achieved by means of mechanisms to define views on shared data (e.g., OASIS XDI), enforce policies on data accesses (e.g., W3C User-Managed Access), and cope with identity management. The second set concerns on how to control and constraint the parties in the use of the data shared in the context of a relation: this could rely on some of the existing frameworks on usage control policies.
Unfortunately, several issues are not fully covered by the available technologies. A first open point is related to the frameworks for enforcing policies on access to and use of a given data: in general, they assume that a single actor, the “owner”, defines the policies the policies to access a given piece of information. As in the context of personal data multiple actors can claim ownership rights on a single piece of data, extensions should be elaborated in order to enable multiple actors to define policies on a single piece of information. The second issue concerns the mentioned weakness of the frameworks for enforcing usage control policies.
Therefore, control on sharing personal data should be addressed in a multidisciplinary way, by complementing technical solutions with a legal and regulatory framework for preventing abuses.