source: http://blog.joeandrieu.com

The current approach to personal data handling is mainly organization-centric: data about individuals are collected, managed, processed, and aggregated in the IT systems of service providers, enterprises, and public administrations. People have a limited involvement in the management of their data, and, in order to protect them, their personal data has to be treated according to privacy policies agreed among the involved parties (e.g., enabling the processing required for delivering the services required by the persons or for performing legitimate operations).

As I discussed in my previous posts the adoption of a user-centric approach to personal data management could improve the current situation, by providing to individuals greater possibilities in controlling and exploiting their personal data. This could be achieved by delivering to users “Personal Data Services” through which they can collect, store, organize, share, process, and, possibly, trading, all their personal data. The idea is to enable individuals to create and manage their “digital footprint”, i.e., the digital record of everything a person makes and does online and in the world.

The collection of the records of my activities can be achieved quite easily. For instance, it is possible to gather all the data concerning the interactions with other persons, with the environment, and with the digital services I performed by means of my personal device, such as a smartphone.  It could be more difficult to collect the information that an organization has generated about me in order to provide me a service. These are examples of data with “multiple owners”. In order to realize a user-centric approach to personal data management it is essential that individuals can collect also these types of information in their “personal data stores”, i.e., individuals must have the “right to own and control a copy of the data about them”. The private ownership of complete copies of personal data is sufficient to create a liquid, dynamic new asset class, as recommended by the World Economic Forum. Organizations managing personal data should be encouraged to enable individuals to access (and copy) data about them.

In order to address this issue of paramount importance for the adoption of a new model in the personal data treatment, UK government has recently launched voluntary programme named “midata” . “midata” is a voluntary partnership between the UK Government, businesses, consumer groups, regulators and trade bodies to create an agreed, common approach to empowering individuals with their personal data.

Organizations can help realize the goals of midata by providing customers with the ability to access and re-use their ‘customer data’ – including data about customer transactions, interactions and usage behaviors that organizations collect. Personal should be released back to consumers according to some clear and shared key principles, among which:

“1. Data that is released to customers will be in reusable, machine-readable form in an open standard format.

2. Consumers should be able to access, retrieve and store their data securely.

3. Consumers should be able to analyze, manipulate, integrate and share their data as they see fit – including participating in collaborative or group purchasing.

….

7. Organizations should not place any restrictions on or otherwise hinder the retention or reuse of data. …”

The involved organizations will give consumers increasing access to their personal data in a portable, electronic format. Individuals will then be able to use this data to” manage their lives more efficiently”. In particular users could also store these data in their “personal data stores” (one of the companies that joined the initiative is Mydex, a provider which offers to individuals services to store and manage their personal data).

With this initiative, it seems that UK government endorses the vision to “empower individuals with so much control over the use of their own data” promoted by different initiatives, such as World Economic Forum or the Personal Data Ecosystem consortium. According to UK government “the overall aim of midata is to benefit the economy, by stimulating innovation and growth, as well as companies and consumers”. midata “will help achieve economic growth by improving information sharing between organisations and their customers, sharpening incentives for businesses to compete keenly on price, service and quality, building trust and facilitating the creation a new market for personal information services that empower individuals to use their own data for their own purposes.”

It is important to highlight that “midata programme marks a non-regulatory approach to consumer empowerment and is in keeping with the Government’s broader focus on transparency and openness”.

Organizations that have currently committed to working to achieve the midata vision are: Avoco Secure, billmonitor, British Gas, Callcredit, EDF Energy, E.ON, Garlik, Google, Lloyds Banking Group, MasterCard, Moneysupermarket.com, Mydex, npower, RBS, Scottish Power, Scottish Southern Energy, The UK Cards Association, Three, Visa. It could be interesting to investigate why, at the moment, telecommunication operators are not involved in initiative, even if they manage a lot of data about persons, while energy companies agreed to contribute. 

Several consumer groups and regulators (among which OFCOM, the independent regulator and competition authority for the UK communications industries), are involved in the initiative to represent consumers’ interests and concerns.

The launch of this initiative, complementing others already announced on opening public data, confirms the objective of UK Government to get the leadership in transforming the current views and models on data treatment in new opportunities for economic development.

My previous posts mainly focused on solutions for allowing individuals to enforce control on data about them, the so called “personal data”. Different initiatives are investigating the advantages for creating a user-centric personal data ecosystem enabled by provisioning to individuals Services for storing and managing their Personal Data.

The collection of personal data and the control of their sharing with third parties is just one side of the problem. Another issue concerns the reduction of the personal information which are gathered by service providers when users access their on-line services. Several types of mechanisms, such as cookies, web-bugs, flash cookie, etc., are put in place for collecting and inferencing information on users’ behavior, preferences, etc.

Recently, a great interest emerged around an “browser-based” mechanism named “Do Not Track”, proposed by Stanford: it aims at introducing a mechanism for enabling end-users to control the tracking of their online activities. Roughly, it consists in adding an http header to declare that the user does not want to the tracked. Users can control the activation/deactivation of this “Do Not Track” option: almost all browsers already implement, are planning to include it in their new releases, this feature. In this way “users could opt out from all online tracking with one click”. Once a user has declared as unwilling to be tracked, it is up to individual web sites to “honor” her/his request.

US Federal Trade Commission is evaluating if it has to oblige all web sites to honor the “Do Not Track” declarations. Also the European Commission considering whether to include the mechanism in the new version of the ePrivacy Directive: a user which activates the “Do Not Track” option is similar to a user which does not release the authorization to the treatment of her/his data. Recently Neelie Kroes, Vice-President of the European Commission responsible for the Digital Agenda Online privacy, declared that a standard for unifying the interpretation and the enforcement of the “Do Not Track” declarations should be defined by June 2012.

Even if the “Do Not Track” mechanism captured the interest of these policy maker organizations, several experts are doubting on the effectiveness of such an approach. For instance, Jared Newman noted in his PCWorld blog “Do-Not-Track in Chrome and Firefox: Different Approaches, Same Fatal Flaw“  that the proposed mechanism is targeting the wrong people: “Do Not Track, even with legislation in place, affects only those sites that play by the rules. Users could end up punishing sites that traffic solely in comparatively harmless advertising, while giving free rein to sites that have fewer scruples about using your online information”.

This opinion is stressed by Robert McGarvey in “The Myth of Browser-Based ‘Do Not Track’“, where he also pointed out that it is necessary that the legislation provides a clear interpretation on the way the “Do Not Track” declarations must be honored by web sites. Is it sufficient to avoid sending personalized advertisements? Or is it required to refrain from collecting and processing any information gathered and inferred from the users’ requests?

These doubts on the effectiveness of the proposed mechanism suggest to investigate the adoption of alternative solutions. A possible approach to avoid that web sites collect and use information gathered from users’ interactions is to prevent that this information arrives to them. A solution, even if not at all aligned with the end-to-end approach of “pure” internet, is to introduce “intermediaries” which, for instance, provide proxy-like functions. These could either remove sensible information, implement anonimization features or provide other intermediation functions, such as those related to the integration with an Identity Management framework.

Network operators are used to provide intermediation functions. Moreover, they are considered by most of the users “trusted” parties, in particular, in the correct enforcement of privacy policies.  Can we imagine to enhance the services to access the internet with intermediary functions to implement effective “Do Not Track” mechanisms?  Which is your opinion?

Personal Data Store model (from www.personaldataecosystem.org)

Several companies and projects are proposing solutions to concretize the proposal to provide individuals with a set of capabilities by means of which they can collect, manage, share and use their “Personal Data” (for an incomplete list see http://blogs.law.harvard.edu/vrm/2011/02/15/state-of-the-vroom/). In my last posts, I discussed how these “Personal Data Stores” (or, better, “Personal Data Services”) are a key element for the construction of an individual-centric ecosystem among all the actors involved in the production and use of data about the persons.

Unfortunately, at the moment, there is not a clear and stable vision of the functions that a “Personal Data Store”. Different products and prototypes provide different sets of capabilities, and motivated by different requirements and use scenarios. One of the topics under discussion about ecosystem built around personal data is on the possible business models and impacts on them determined by different types of  “Personal Data Stores” (e.g., see the session on “Personal Data Ecosystem Consortium” during the last Internet Identity Workshop).

In this post, I would like to contribute to the discussion, by proposing a possible decomposition of these capabilities into five groups, and by relating, each of them with a different application scenario.

1.  features to enable the individuals to create and manage their “digital footprint”: these should include functions for a “Data Space” for the storage of the “digital footprint”, the collection of personal data from different sources, their organization (e.g., enriching data with metadata), search/retrieval, and visualization; it is important that an open/public data model is adopted for retrieving and organizing the data and that some functions are achieved in an automatic way, such as the collection of data from different sources (e.g., personal devices), the generation of metadata information (e.g. by means of tools performing semantic analysis or data mining); at the moment, I think that the several proposals of “Personal Data Store” partially cover all these characteristics (e.g., see http://mydex.org/,  http://lockerproject.org/, http://themineproject.org/);
2. features to enable the execution of personal applications exploiting the data in the “digital footprint”: these must offer a set of mechanisms enable applications to access the data according to an open data model (e.g., query, read/write operations, event notification according to pub/sub model), and a trusted environment (e.g., a sand-box) for the deployment, management and execution of “personal” applications (e.g., applications which support individuals to improve their life, such as applications for “personal information management” or “personal task management”); an example is provided by Kynetx (http://docs.kynetx.com/ );
3. features to enable a controlled sharing of the data in the “digital footprint” in the context of some service delivery: these capabilities concern the definition of  (temporary or permanent) relationship between an individual and a third party (other individuals, enterprises, service providers, public organizations, etc.) in the context of which personal data are accessed, shared or synchronized (examples are functions implementing XDI-based data views); in order to correctly establish and control the relationships, these functions should have a strong interaction with a (federated) identity framework; moreover, these functions should include mechanism to support policies on data use control, i.e., policies constraining how data disclosed by an individual can be used by a 3^rd party; an example is the XDI-native Personal Data Store developed in the OpenSource Project Danube (http://projectdanube.org/);
4.  features to create and handle aggregations of data: these functions are in charge of managing the relationships between an (homogenous) group of individuals and a third party (e.g., a public organization, a data broker, etc.); they create aggregations of the data disclosed by each of the group members, according to different aggregation criteria, by applying neutralization/anonimization filters on sensible data, and by improving data sets by reducing “statistical” effects, etc.;
5. features to deal with negotiations on personal data; these features should enable individuals to negotiate the conditions on the disclosure of their data to 3rd parties, in order to get some economic or social advantages; they should also include functions to enable the negotiation of aggregations of data offered by different users, and the distribution of benefits to the contributing users; these functions could be supported by the definition of algorithms to evaluate the value of the data offered by the individuals or grouped in some aggregation, and to automatize the negotiations (e.g., according to some auction model) between the individuals disclosing the data and the actors (aggregators, service providers, etc.) interested in using them; an example is the solution prototyped by statz (www.statz.com), which covers also the functions in the previous group.

In general, these groups of features could be seen as layers: in general the functions in a layer rely on the functions in the lower layers, and the layers could be introduced in an incremental way.

In the following I would like to share some preliminary considerations on the application scenarios (and related business opportunities) enabled by each of the previously introduced groups of features.

Groups of functions and enabled application scenarios

The set of features to create a “Data Space for digital footprint” can provide to individuals the benefits that organizations have enjoyed for years after the introduction of information management systems (e.g., enabling the real-time control of their processes, the creation of CRM systems, the introduction of data warehouse, and the exploitation of data mining algorithms). Different providers could offer to individuals services, which differentiate in terms of functional coverage, level of automation and configuration, interaction with external systems.

The full exploitation of the digital footprint can only be achieved by opening its access to applications developed by 3^rd parties. This is provided by the capabilities for “Trusted environment for personal applications”, whose introduction enables the creation of an application ecosystem similar to the one built according to the “Application Stores” models for smartphones. Individuals can select the relevant applications offered in an Application Store, buy it, download and deploy it on the execution environment associated to his/her data space.

The third group of functions for “Controlled sharing of individual’s personal data” with 3^rd parties enable scenarios similar to the ones investigated in the “Vendor Relationship Management” initiative to create relationships between individuals and organizations (either enterprises or public organizations) aligned with principles of “transparency, fairness and user control”. Pre-defined templates could be adopted in order to ease the definition of relationships (i.e., the set of shared data,  the allowed use of them, the duration of the relationship, etc.) among individuals and providers of services (both in the real and in the digital worlds). Moreover, the establishment of relationship among individuals could generate new initiatives of federated social networking. These application scenarios should be integrated with those enabled by the introduction of federated identity management frameworks. 

The functions on “Data aggregations” enables application scenarios where the aggregated view of individuals is relevant. An example is the creation of aggregated view of personal data related to groups of individuals living in a given city and the municipality (a related example is provided by the recent DCC initiative of UK government about the handling of data on energy usage). Individuals could disclose for the creation of an aggregated view all the data relevant for improving the management of the territory, by possibly requiring the application of anonimization and neutralization filters to protect some sensible data.

Finally, the set of capabilities related to “Personal data negotiation” would create the opportunities to have a more rich and fear marketplace on the personal data, by enabling the so called “The Economics of Personal Data and the Economics of Privacy”. Individuals can trade the conditions for enabling 3^rd parties (service providers, data brokers, …) to access some of their data, with the possible involvement of an actor play an intermediary role. Individuals and 3^rd parties can agree on which data are disclosed, possible neutralization filters, etc. and on the benefits for individuals (in terms of money, free access to services, etc.). In this way, individuals can be more actively involved in the exploitation of their personal data (at least to achieve a greater awareness on the data disclosed to have access to free services).

In this analysis I assumed that the different sets of functions are provided by a single type of entity, i.e., the “Personal Data Store” providers. A deeper analysis could consider more complex configurations, where some of the groups of functions are provided by a different actor. For instance, the functions on “data aggregation” could be provided by a “Data Aggregator”, which accesses to the individuals’ data by means of relationships supported by the functions in the “controlled information sharing” layer implemented in the “Personal Data Store”. Moreover, other actors could be involved in order to provide enabling basic capabilities, such as providers of storage.

According to my point of view in order to better understand the business models related to these application scenarios it is necessary to investigate how the different actors involved in the personal data ecosystem estimate the “value” of the services implementing the identified group of functions. Each actor can assign a different estimation, strongly influenced by “value” it assigns to the handled personal data, determined by the possible economic, social, personal advantages which the actor can obtain through their exploitation.

A number of companies are offering personal data store solutions

In my previous posts, I have introduced the concept of “Personal Data Store” where an individual can collect, store and manage all his/her personal data: “Personal Data Store” is intended to be a cornerstone for the evolution of the current enterprise-centric ecosystem on personal data (in which end-users are poorly involved in handling of their personal data) towards a user-centric one (in which end-users can enforce a greater control on their personal data). Tools implementing “Personal Data Store” functions adopted names such as vault or locker (see http://lockerproject.org/, http://themineproject.org/), in order to stress the fact that they enforce individuals’ ownership on their personal data. Such an analogy assumes that “my personal data” are “my data” and that I must keep them “secret”.

But this is not fully true. First of all, it is important to point out that my personal data are not only data that I explicitly generated, but they are data “about me”, e.g., data which are recording observations or analyses about me and my behavior. The discussion about the ownership of these personal data is an hot topic and several blogs (some of them are “Data Ownership in the Cloud”, Dataportability, and Privacy and Public Policy work group at Kantara) are active in debating on it. In some cases the discussion about who owns my personal data and who should own them becomes sterile, with limited impacts on the current approaches to personal data handling. An interesting position was proposed by Joe Andrieu, co-chair of the Kantara’s working group on information sharing (http://blog.joeandrieu.com/2010/01/21/beyond-data-ownership-to-information-sharing/ ): Joe suggests to move the focus of the discussion from the concept of data ownership to that of data sharing.

In fact, one of the first issues to be considered is that some personal data could have “multiple owners”. For instance, both the user and the provider of a service can claim ownership rights on the user’s personal data generated during the delivery of some service (e.g., the payment transaction). Moreover, a service provider can “observe” the actions I performed on its servers and store them on its servers (e.g., the record of my searches, the log of the pages I visited, or the network cells my mobile registered on). Such a situation causes several conflicts among the involved actors. In the current enterprise-centric ecosystems, it is necessary to protect end-users: therefore providers must declare the conditions  (and in some cases they are obliged to put constraints) on the treatment of the data used, generated or observed during service deliveries.  In order to improve/equilibrate the current situation it was suggested to enable individuals to collect and manage all the data about them, including those generated or observed by the providers during the delivery of services requested by the end-users. To enable this scenario, service providers must share with individuals data about them, by providing mechanisms to access/retrieve/synchronize such data (e.g., by extending the APIs already adopted by some of them in order to attract more users, or by adopting XDI-based interfaces). In this way, individuals can collect, manage, and exploit data about them.

Another issue to be considered concerns the “meaning of data ownership” in the digital context where data sharing is, in general, implemented as data copying. The term of ownership is quite clear in the physical world: selling, transferring, or stealing a thing (made of atoms) preclude the original owner from continuing to use it. This does not apply to the cyberspace, where (copies of) some piece of information (made of bits) can be sold, transferred, and stolen without that the original owner “necessarily” loses rights on it.

Sharing through copy allows individuals to disclose pieces of information to multiple service providers in order to request or to get better (e.g., personalized or higher-quality) services. Actually, for an individual, sharing personal data (even if they are classified as “sensible”) is more important that keep them secret: if we do not disclose personal data, we cannot fully exploit them (e.g., if I do not disclose to a doctor my symptoms and habits, she/he can hardly elaborate a right diagnosis).

In order to keep “ownership” on disclosed personal data,  we must be able to control their sharing: we must discriminate which pieces of personal information can be disclosed to a given 3^rd party and to declare under which constraints such a 3^rd party is entitle to use them. In this scenario, a critical point is the trustiness of the 3^rd party (e.g., we have to trust that our doctor keeps professional secrecy, when we disclose to him/her information on my health): in fact, it is almost impossible to guarantee only by means of technical solutions that our disclosed personal data are used under our conditions as soon as they are passed to a 3^rd party (e.g., see the experiences of defining DRM frameworks). In order to reduce these risks we could decide to share information only with trusted parties, or only with parties which operate platforms “certificated” by some external authority.

In summary, we could claim that I enforce the ownership on my persona data (i.e., data about me) not because I can keep them secret, but because I can control their collection, sharing and usage. In order to do that, I should be able to establish relationships with the providers of the services I use (either in the physical world or in the digital one), by defining which are the data I disclose to a given provider (my data in the figure), the data that this provider disclose to me (provider’s data), and the data which are generated in the context of service deliveries (our data). The relationship must also include the policies constraining the usage of the shared piece of information. Such relationships are a possible tool by means of which individuals and providers can solve possible conflicts (or tussles) on the personal data ownership, in particular those concerning “multiple ownership”.

“Personal Data Stores” should provide the features to define and control the personal data sharing. A first set of capabilities is related to the definition and the implementation of relationships between individuals and 3^rd parties: they could be achieved by means of mechanisms to define views on shared data (e.g., OASIS XDI), enforce policies on data accesses (e.g., W3C User-Managed Access), and cope with identity management. The second set concerns on how to control and constraint the parties in the use of the data shared in the context of a relation: this could rely on some of the existing frameworks on usage control policies.

Unfortunately, several issues are not fully covered by the available technologies. A first open point is related to the frameworks for enforcing policies on access to and use of a given data: in general, they assume that a single actor, the “owner”, defines the policies the policies to access a given piece of information. As in the context of personal data multiple actors can claim ownership rights on a single piece of data, extensions should be elaborated in order to enable multiple actors to define policies on a single piece of information.  The second issue concerns the mentioned weakness of the frameworks for enforcing usage control policies.

Therefore, control on sharing personal data should be addressed in a multidisciplinary way, by complementing technical solutions with a legal and regulatory framework for preventing abuses.

In my previous posts I discussed the importance for individuals to have a secure space where to store, protect, manage and control their “digital footprints”, i.e., a set of data which record “everything a person makes and does online and in the world”. Such a digital trace can become a personal asset which individuals can use to improve their activities and social interactions, both in the real world and in the cyberspace. In fact, its availability will bring to individuals the information management benefits that organizations have enjoyed for years after having adopted Data Base Management Systems.

Several preliminary  platforms aiming at providing “Personal Data Store” environments were recently developed. Some examples are Mydex (http://mydex.org/, which I considered in one of my previous posts), Personal.com (http://www.personal.com/), Singly (http://sing.ly/), Backupify (https://www.backupify.com/), MINE! Project (http://themineproject.org/). Each of these proposals offers functions to gather, store, manage, use and share personal information.

In this post I would like to focus on the issues related to the collection of personal data to be stored in a Personal Data Store. In most of the currently solutions users must explicitly introduce their data in their data space. Instead, I think, a successful adoption of “digital footprints” requires that they are filled with a limited involvement of individuals: for instance, individuals should be involved only in the selection and configuration of the types of information to be included in their personal data store. Personal data related to a person should be automatically transferred from the systems where they are produced to the her/his personal data store.

This requirement seems to be hard to implement due to the huge amount of possible systems to be considered. The implementation perspective would considerably improve if we note that most of the activities performed by a person are (or will be, in the near future) accomplished though her/his (mobile) personal devices, by using either applications executed locally on the device (e.g., to take a photo, or a note), applications interacting with on-line services (e.g., make a call, send/receive a message, or access a web site), or applications interacting with near “smart objects” through NFC protocols (e.g., to make an electronic payment or to get some local information provided by a sensor).

Therefore, we can assume that the information derived from the monitoring of the activities performed on personal devices could provide a good initial approximation of individuals’ digital footprints. These data could be collected on the devices and transferred to the corresponding personal data store by means of a data connection.

The technology needed for monitoring activities performed on personal devices is already available, also as open source projects. Examples are the proposal described in paper “Frameworks for Mobile User Activity Logging” for the mobile devices (http://www.kde.cs.uni-kassel.de/ws/muse2010/proceedings.pdf#page=39), and the NEPOMK framework for the desktop environments (http://en.wikipedia.org/wiki/NEPOMUK_(framework) ).

These technologies are already commercially exploited. In general they are deployed as application executed in “stealth” mode in order to track the behaviour of the device user: these applications run invisibly in the background and send activity logs on an account accessible through the internet. A typical adoption scenario is providing parental control services  (e.g., see http://cell-phone-parental-control-software-review.toptenreviews.com/index.html), but they could also be (more or less legally) used to control unaware users, with a great violation of their privacy.

Even if current uses of device tracking technologies can be seen as a threat for individuals’ privacy we must avoid to throw them out. In fact, by changing the adoption principles (i.e., by guaranteeing to the users of devices a full control on the tracking applications and on the collected data) this threat could be transformed to the opportunity to provide automatically created digital footprints to individuals.

World Economic Forum envisaged that personal data are “the new oil of the 21st century”. Therefore, we can expect that the different actors involved in their generation, management and use will start and hard fight to conquer their control and obtain economic and social benefits.

One of the first challenges is the creation of a market on Personal Data able to distribute value among all the actors (individuals, aggregators, service providers, etc.) in a more equilibrate way with respect to the current situation, where personal data are collected by service providers, aggregated by data brokers and sold to their customers, with limited profit for individuals. As discussed in my last post the migration from today approach to a personal data ecosystem where individuals play a more active role would bring benefits not only to the individuals, both from the privacy, economic and social points of view, but also to service providers that need to exploit such data.

In such user-centric ecosystems, a relevant role can be played by new actors which offer intermediation capabilities, aiming at providing benefits to both entities which generate the personal data (e.g., end-users) and entities which consume them (e.g., service providers).

“Allow” (http://i-allow.com/) is a UK start-up which is offering services to support individuals to get the control of the way their personal data are used in marketing contexts. From one side “Allow” offers capabilities to support end-users in enforcing opt-out choices, to remove their personal data stored in the marketing databases, from the other it provides a set of features “Vendor Relationship Management” for creating a more fruitful relationship between individuals and companies. By means of these functions, users can disclose, for a limited time, the items they are interested in, associated to a part of their profile. The companies may buy these information, which can be used by them to avoid “guessing” users’ needs, and to elaborate tailored offers to individuals.

One of the critical issue of this model is the estimation of the value of the personal data exposed by individuals. The value of such information is not constant. For example, user’s name and address together with what she wants to buy are worth significantly more than just her name and address. “Allow” has built “a clever piece of maths” to do provide an estimation of the value of the disclosed data. The profits of selling the data disclosed by a user are shared between “Allow” and the user.

In this model all the involved actors get some benefits: individuals get some money from their disclosed data, companies are able to formulate more tailored marketing offers, while “Allow” get an economical from the intermediation functions.

“Allow”  offers functions to improve the set-up of one-to-one relationships between individuals and selling companies. Extension of the approach could include the possibility to create aggregations of information disclosed by single users, in order to sell them to marketing companies. In general aggregations have a value greater than the sum of the values of the single elements, and, therefore, both the actor providing the intermediation functions and the individuals disclosing the data would increment the economic return.

“Allow” is just one of the actors which are emerging in the context of “user-centric personal data ecosystem”. A limited list of them can be found for instance in the blog of Harvard VRM project (http://blogs.law.harvard.edu/vrm/2011/02/15/state-of-the-vroom/ ). Unfortunately, it seems to me that the current approach could create a “silos-based” architecture, where the same functions (for data gathering, storage, access control, etc.) are replicated in the platforms deployed by each of the actors. There would be the risk that individuals have to collect and replicate their personal data in different platform. Instead, individuals should be supported in the creation of their “digital footprints”, where all their data are collected and managed in a uniform way. Therefore, it would be better to move towards a layered architecture where the “digital footprints” are stored in (one or more) Personal Data Stores (PDSs) decoupled by the applications consuming them.

An example could be the architecture proposed by the “Personal Data Ecosystem Consortium”, http://personaldataecosystem.org/.

In my post on August 5th, I discussed from the end-users’  viewpoint the advantages of introducing a “Personal Data Store”, i.e., an environment  enabling individuals to collect and manage their personal data, so as to create a user-centric ecosystem where individuals can play an active role.

Unfortunately, such advantages for end-users are not a sufficient motivation to promote a successful transformation of the current model of handling personal data, for instance those generated during activities on the Web: these data are collected by entities providing services, aggregated by data brokers and sold to their customers. This chain happens with limited or no participation of the end-users. In order to move from this approach, businesses must see a return over the costs of adopting new technologies, otherwise nothing will change.

Some recent analysis (e.g., see “Personal Data Ecosystem Consortium”, http://personaldataecosystem.org/, or the document “Personal Data: The Emergence of a New Asset Class” of the World Economic Forum,
http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf )  shows that the current model is no longer sustainable. From one side governments are regulating these activities, e.g., by introducing “Do Not Track” policies, anonymization constraints, or limitations in the amount of information about individuals for a limited time period. From the other side, this is not the best approach to get useful information about individuals: in fact, the information collected in this way would provide only a partial view of individuals. Only individuals are able to create a complete “digital footprint”,  by collecting from different sources, aggregating, and offering in a controlled way information about themselves, in order to create their “digital footprints”.

The adoption of “Personal Data Store” could overcome the drawbacks  of current model: “Personal Data Store” would provide individuals with the capacity to collect, aggregate and manage their own data. They could create their digital footprints, by storing as much data as they want for as long as they want, and offer them to the service providers in a controlled way, according to their policies and rules. Such digital footprints would offer new opportunities for service providers, by enabling the delivery of new classes of services exploiting higher quality information on either single or groups of individuals.

The following figure, derived from a drawn by Marc Davis (http://marcdavis.me/), one of the authors of “Rethinking Personal Data” document published by the World Economic Forum, offers a pictorial representation of the possible evolution of the handling of “Personal Data”.

“The red dot shows us what’s happening today: some data aggregators are necessarily self-regulating by limiting the amount of time they keep data, and governments are limiting data retention and anonymization practices” (see the red arrow). “The blue dot shows us what would happen if people were given the capacity to store and manage their own data – if they could keep as much data as they wanted for as long as they wanted…”

In order to have a successful migration from today situation to user-centric ecosystem, I think that individuals should be able to create “digital footprints” as rich as possible, by enriching “Personal Data Stores” with almost automatic support. Only in this way service providers would be encouraged to endorse the new approach, by preferring it to the current model based on “data aggregators”.

In some of my previous posts I have introduced the concept of  “Personal Data Store”, an environment  enabling individuals to manage their personal data. From one side, Personal Data Stores offer services to gather, store, retrieve, use and share the information a person need to manage their lives better, from the other they are a key element for  creating a user-centric personal data ecosystem where individuals keep the full ownership of their data and have the ability to control the use of such a data  (see for instance http://personaldataecosystem.org/ for a deeper discussion).

This ecosystem would also give the opportunity to create a market on Personal Data able to distribute value among all the involved  actors (individuals, aggregators, service providers, etc.) in a more equilibrate way with respect to the current situation, where personal data are “sold” every day with limited profit for individuals. In fact, privacy directives have the objective of limiting the use of personal data and information on personal behaviours, but they do not give the opportunity to individuals to participate in the market of personal data.

Solutions were recently elaborated in order to offer to individuals the chance to be actively involved in this market. An example is the service provided by Statz (www.statz.com).

Statz operates as a Data Marketplace where individuals are producers of personal data, and own the produced data. Individuals can gather their personal data and expose them to potential “buyers”, by taking an active role in controlling how they are offered (e.g., the level of privacy). Statz provides to buyers services to search for data relevant for them, build a report (by guaranteeing the agreed level of privacy and anonymity), and purchase it. If data of a user is included in any report, she/he make moneys from Statz (e.g., via PayPal). The value of personal data is determined by the market, by factoring in the availability, the level of interest, and the nature of the data itself (e.g., granularity, level of privacy, historic sequences, etc.). Statz makes an estimation of the values for the offered data, which represent only a market entry point.

Entities which have a good reputation as a trusted party and a large number of customers  are in a good position for setting-up a successful marketplace for personal data, “the new oil of the 21st century” , as envisaged by World Economic Forum.

To organise and manage their daily lives every individual has to manage information. For many years, they have managed these tasks as best they could, without technology to store or share information or software to organise, automate or streamline processes. Meanwhile, organisations’ information management capabilities have deployed huge, sophisticated environments for storing and processing  information, such as data mining systems, data warehouse tools, CRM systems, etc. In parallel, the emergence of on-line services and Web2.0 applications increased the ability of these organisations in collecting information on their customers and users. As a result the world of information management has become highly unbalanced: organisations have become managers of individuals’ data, and individuals, rather than owning and controlling their own personal data, very often find that they have lost control of their data.

In such a context, individuals should be supported to manage their personal data as the digital record of “everything a person makes and does online and in the world”, and transform them in a personal asset which they can use to organise and manage their lives better. A better control of their own data would transform relationships between individuals and organisations to both sides’ benefit, and could enable the creation of a new service eco-system of services relying on and exploiting personal information.

Several initiatives are currently addressing the issues of setting up a “user-centric” eco-system for applications exploiting Personal Information. For instance, the World Economic Forum in the White Paper “Personal Data: The Emergence of a New Asset Class”, proposes seting-up an end user-centric framework “… for identifying the opportunities, risks and collaborative responses in the use of personal data … End user-centricity refers to the concept of organising the rules and policies of the personal data ecosystem around the key principles that end users value: transparency into what data is captured, control over how it is shared, trust in how others use it, value attributable because data usage…”

Moreover, preliminary platforms enabling this vision are under development and experimentally validated in trials. For instance, Mydex (http://mydex.org/), a UK-based Community Interest Corporation recently completed a prototype of a “Personal Data Store”, aiming at creating a tool for individuals (not for organisations/enterprises!) to manage their personal data. The Personal Data Stores offer two complementary services: (1) they “help individuals gather, store, manage, use and share the information they need to manage their lives better. They provide individuals with tools to control what information they share with which people and organisations, and when”; and (2) “Personal Data Stores are the underpinning and foundation stone of an entire ecosystem of specialist Personal Information Management Services.”

These initiatives are aligned with the strong statement of intent on online privacy recently made by EU (http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/461): …”Without privacy, consumers will not trust the online world. And without trust, the digital economy cannot reach its full potential.”… ‘I want to see the principles of transparency, fairness and user control running through everything. Transparency so that citizens know exactly what the deal is. Fairness so that citizens are not forced into sharing their data. And user control so that citizens can decide – in a simple and effective manner – what they allow others to know”…

In the context of such “end user-centric personal data ecosystems”, there are opportunities for commercial entities, acting as trusted intermediaries (e.g., playing the roles of identity and privacy providers), controlling the exchange of data assets on behalf of individuals, according to a clear set of principles and legally binding contracts.