1. What are Personal Information Management Systems?
The PIMS concept offers a new approach in which individuals are the “holders” of their own personal information. PIMS allow individuals to manage their personal data in secure, local or online storage systems and share them when and with whom they choose. Individuals would be able to decide what services can use their data, and what third parties can share them. This allows for a human centric approach to personal data and to new business models, protecting against unlawful tracking and profiling techniques that aim at circumventing key data protection principles.

There is a growing interest in our “digital societies” in how individuals can better control their personal data. A Eurobarometer survey from March 2019 revealed that half of the respondents (51%) felt only in partial control over the information they provided online, while 30% believed that they had no control at all. Only 14% of the respondents thought they were in complete control. A US survey from 2019 even showed 80% of respondents feeling they were not in control of their personal data.

In the European Union, Article 8 of the EU Charter enshrines the protection of personal data as a fundamental right for every person and the EU General Data Protection Regulation (GDPR) aims to empower individuals to be in control of their data. For this purpose, practical and effective tools and services are needed.

Personal data is constantly collected in the digital environment, leading to individuals leaving digital footprints. The GDPR provides for several data subject rights, such as the right to access and rectification of personal data. The current architecture of information society services makes it however challenging for individuals to have full control of how their data are used, who should have access to them and how to provide effective restrictions and objections to data processing.

Figure 1: A simple schema for a Personal Information Management System with a local personal data storage.

A basic feature of a common concept of PIMS (see Figure 1) is providing access control and an access trail. Individuals, service providers and applications would need to authenticate to access a personal storage centre. This enables individuals to track back who has had access to their digital behaviour. Individuals are able to customize what categories of data they want to share and with whom. Other usually common elements of PIMS are secure data storage, secure data transfers (transporting data safely between systems and applications) and data-level interoperability and data portability.

There are several examples of initiatives and projects claiming PIMS features. They include: Nextcloud enables individuals and organisations to use their own cloud services for file sharing and collaboration services, as well as sharing files across different Nextcloud servers. People can install the free and open source software themselves or receive the software as a service (SaaS) from professional providers. Many universities, governments and companies already employ Nextcloud.

Solid is a ‘proposed set of conventions and tools for building decentralised social applications’. Data such as contacts, calendars and photos may be stored in a so-called personal online datastore (POD). These data can be accessed by compatible apps. Users are allowed a continuous experience across apps within the ecosystem, keeping the data within their pods without unnecessarily replicating them.

MyDex is a UK-based Community Interest Company providing a portable, interoperable online identifier. Users can access a particular service online through a secure personal store, where all personal ‘verified’ records are managed. They can be securely accessed by other applications using Application Programming Interfaces (APIs). It provides the ability to grant and revoke access permissions on a general or ad-hoc basis.

MyData is a non-profit association teaming up initiatives around the world to ‘empower individuals by improving their right to self-determination regarding their personal data’. MyData claims to combine industry needs for data access with digital human rights, through promoting open standards and sharing the same set of principles, for a ‘shift from data protection to data empowerment’.

2. What are the data protection issues?
2.1 Individual empowerment plus Data protection by design and by default
When correctly designed, PIMS could help data controllers to implement the obligations of privacy and data protection by design and by default and to support them to demonstrate compliance with the GDPR. If however these tools or systems fail to be properly designed, for example, there is a risk that data subjects will not be empowered to manage their own digital identity, but will instead unwittingly find themselves on a path of being determined by others or which result in data subjects taking decisions contrary to their own interests under the influence of these tools/system.

2.2 Consent management
PIMS deliver their full potential when they rely on users’ consent. Individuals would keep full control and would be free to share their personal data according to their own preference and delete them whenever they want. In some circumstances however, the law decides how data should be processed (e.g. storing tax declarations for some years). Control in such cases would achieve transparency in the way personal data are processed, and being able to verify their accuracy, retention time etc.

A basic feature for PIMS is managing the use and sharing preferences of an individual’s personal data such as photos, videos, contact lists, and even geolocation. For each category of personal data, individuals should be able to decide what services can use them, for what purposes and with whom they can share them. When consent is withdrawn, advanced PIMS might provide reliable evidence that a service no longer uses one’s data.

2.3 Transparency and traceability
Online service providers often collect users’ personal data in exchange for allegedly ‘free’ services. The data subject is often faced with a ‘take it or leave it’ approach, with little or no transparency for the individuals on how his or her personal data is handled. PIMS would allow for transparency both at the level of shared policies and by technical design, disclosing what services are processing which data for what specific purposes. Information can be given in real time. Personal data dashboards can help individuals to follow their data and their processing.

The use of PIMS can also support eGovernment services providing advantages such as greater traceability and transparency on which public administration has access to what personal data.

2.4 Exercise of individual’s rights of access, to rectification and erasure or “right to be forgotten”
PIMS provide features for individuals to be able to access their personal data, as well as to rectify or erase them, as provided for by the GDPR, either because the data are in repositories under their direct control or because all shared data are linked to a source, which is again in the control of the individual.

2.5 Data accuracy
In PIMS, individuals are responsible for the data they provide. At the same time, when other organisations are accountable for personal data (e.g. banks, utility providers), certain PIMS can provide proof of origin/validity from those organisations, thus granting the necessary level of reliability. Greater data accuracy is a benefit also to those third parties that have an interest in accessing the data, thus enabling synergies between individuals and organisations.

2.6 Data portability and interoperability
PIMS can usually offer personal data and other metadata describing their properties in machine readable formats, as well as programming interfaces (APIs) for data access and processing. This last feature implies the use of standard policies and system protocols. This is an essential element, the lack thereof currently also represents a limit for PIMS adoption.

2.7 Data security
PIMS must also ensure the security of personal data at rest and in transit from unauthorised or accidental access or modification. In order to be fully implemented, PIMS should be able to rely on Privacy Enhancing Technologies (PETs), a wide range of techniques that include trusted execution environments, homomorphic encryption, secure multi-party computation and differential privacy. Data minimisation and anonymisation services should also be provided. One feature of many PETs is the use of cryptography.

Cryptographic features may be used to verify the authenticity of data and to implement users’ privacy preferences such as authorised purposes and permitted retention periods against service providers and third parties. A common use of cryptography is data encryption, which supports confidentiality and integrity of communications, databases and other repositories. Current cryptographic researches are developing ways to allow for calculations without decrypting the data. This would mitigate risks of unauthorised access or disclosure. Cryptography also provides mathematical evidence that data and communications come from a certain source as well as proof that an entity (for example a service, an organisation, or an individual) is authorised to access categories of (personal) data for certain purposes or perform any other actions on those data, even on a granular basis. Data would then be disclosed only to those services bearing that cryptographic evidence.

Finally, it supports data minimisation techniques (e.g. attribute-based credentials), to ensure that third parties can access only necessary pieces of information, thus avoiding the disclosure of the full identity of the individual.

Currently, a big challenge for PIMS is the low market application of these technologies, in a digital world dominated by a few big tech companies that are making use of the current online tracking models. This situation so far prevents the growth of PIMS and consequently their adoption. If adopted, the EU Commission’s Data Governance Act would provide conditions for intermediation services between data subjects that seek to make their personal data available and potential data users, including making available the technical or other means to enable such services, in the exercise of the rights provided in the GDPR.

The idea of an economy based on data generators charging for giving their data to companies was proposed by scientist, author, and artist Jaron Lanier in his book Who Owns the Future. In his article in IEEE Internet Computing, Laoutaris develops the idea and explains that he and his team at the IMDEA Networks Institute are now working to build the algorithms, systems and software so that financial compensation for data becomes a reality. Laoutaris advocates that suitable monetary payment would be the solution for some of the most serious problems that we as a society will face in the immediate future.

Every person receiving financial compensation for the data they produce would be - according to the IMDEA Networks researcher - ’an alternative to receiving a salary for labour, when in the future the majority of work will be done by machines’. Some analyses have concluded, continues Laoutaris in his article, ’that a family of four could earn up to 20,000 dollars (some 18,000 euros) a year for its data’.

The IMDEA Networks researcher stresses that the system would have huge benefits for privacy protection. Given that data collection is currently free, companies grab all data within their reach indiscriminately and without knowing whether or not they are useful. If they had to pay for this information, states Nikolaos Laoutaris, there would indeed be discrimination, as they would only compile data they were going to use: ’paying for data’ - explains the researcher - ’exercises economic pressure on the companies to apply the minimisation principle’.

Not only this, the obligation of remuneration in exchange for data would lead to the disappearance of ’parasitic’ companies that currently compile lists of anything and everything ’from alleged alcoholics to people who are HIV positive’. These services, also according to the researcher, create ’enormous risks to privacy’. ’Providing financial compensation for data will let internet companies acquire higher-quality data. The better data will in turn increase their revenues because they will be more useful for their users.’ The idea of paying for data has already aroused the interest of several sector leaders, including Elon Musk, Mark Zuckerberg and Bill Gates.

In his article, the researcher acknowledges that the transition from the current economy to a system in which paying for data is not only an obligation, but the primordial economic engine, is not simple, but he claims it is possible: ’Laying the foundations for this new economy and leading with the scalability challenges for calculating payments is only the tip of the iceberg on the road to making a human-centric data economy a reality.’ However, in Laoutaris’ opinion, the option is viable and he even proposes a model for getting it started: ’A small sample of visionaries is needed, people who are aware of the benefits of the new focus (moderation of disputes between privacy and utility, encouraging users to share more data, etc.) and are using it as a feature to stand out from their competitors. If they are successful, there will be more companies that adopt this practice and, in the end, it will be become a common system.’

###

About Nikolaos Laoutaris

Research professor at IMDEA Networks since December 2018. Laoutaris is a doctor of computational sciences from the University of Athens (Greece) and worked as a researcher at Harvard University and Boston University. His areas of research centre on privacy, transparency and data protection; the network and information economy; smart transport; distributed systems and network protocols and traffic measurements.

About IMDEA Networks

IMDEA Networks is an independent institute promoted by the Community of Madrid to conduct research on data networks, an area in which it has become an international leader. Its researchers work at fine-tuning technologies and principles in the most cutting-edge technological fields: 5G, big data, blockchains, cloud computing, content distribution networks, data analytics, energy efficient networks, edge computing, indoor positioning systems, Internet of Things, machine learning, millimetre-wave networking, network economy, etc.

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.

Media Contact

Marta Dorado
mediarelations.networks@imdea.org
34-914-816-210

@IMDEA_Networks
http://www.networks.imdea.org

MDEA NETWORKS/DICYT With a simple click on “I agree”, often without reading any disclaimer about privacy and data management, we give away personal information to get free access to online services. We do not have the possibility to control and negotiate, compelled to blindly provide to an unknown recipient sensitive information about our lifestyle, our preferred commercial merchandise or service, up to data such as sexual orientation or health problems.

The web economy has been revolutionized by the unprecedented possibility of collecting massive amounts of personal data to be used for commercial purpose. This change has deep consequences for users, but which solutions are possible? The most extreme would be not to share any data, but this would damage information services and web sites that live thanks to online advertising. It is thus necessary to study technical and economical solutions for the control and sharing of personal data on the web. This is the aim of “PIMCity - Building the next generation personal data platforms", a research project funded by the European Union in the framework of Horizon2020 and coordinated by Marco Mellia, professor at the Department of Electronics and Telecommunications of Politecnico di Torino and responsible of the SmartData@PoliTO Research Centre.

The project (in which IMDEA Networks participates) aims at building systems that ensure the control of the data on the Internet: it is a development kit for PIMS - Personal Information Management Systems - allowing end users and providers of commercial services on the web to modulate and create new and more transparent markets for data. Practically, it is a set of software components to be used like bricks with specific characteristics, for building the solution tailored to your needs. Choosing between components, one can shape interfaces for both end users that surf the web and need to store their data in safe places to consciously share them later; and companies that can create new markets, collecting and and using data of interest in a transparent way while also being able to provide monetary compensation to end users in exchange for their data.

“When I think to PIMCity I think of my daughters and their friends", declares Marco Mellia. "Today, they pass on their information to web giants and other companies without any choice. PIMCity will allow them to consciously choose which data to share, and with whom to share it”.

The PIMCity consortium received a budget of 5,24 million euros to work for 2,5 years and it is as follows: Politecnico di Torino, Italy (project coordinator); NEC Laboratories Europe GmbH, Germany; Ermes Cyber Security SRL, Italy; Fundación IMDEA Networks, Spain; Universidad Carlos III de Madrid, Spain; Telefónica Investigación y Desarrollo SA, Spain; Fastweb SPA, Italy; LSTECH ESPANA SL, Spain; Katholieke Universiteit Leuven, Belgium; Asociación de Usuarios de Internet, Spain; Interactive Advertising Bureau Europe, Belgium; Big Data Analytics SA, Argentina; y CLIQZ, Germany.