Image

Press clipping

PIMCity – Construyendo las plataformas de datos personales de próxima generación– es un nuevo proyecto de investigación con fondos europeos coordinado por el Politecnico di Torino
Un consorcio de 13 partners internacionales, entre los que se encuentra IMDEA Networks, desarrollará tecnologías para un uso más justo y transparente del control de los datos personales en la web

Con un simple clic en “estoy de acuerdo”, a menudo sin leer cualquier aviso legal sobre privacidad y uso de datos, damos información personal con tal de conseguir libre acceso a los servicios online. No tenemos la posibilidad ni de controlar ni de negociar, obligados a ofrecer a ciegas, a un receptor desconocido, información sensible sobre nuestro estilo de vida, nuestros productos comerciales o servicios preferidos, incluso con datos sobre orientación sexual o problemas de salud.

La economía web se ha visto revolucionada por la posibilidad, sin precedentes, de recolectar cantidades de datos personales para ser usados con un propósito comercial. Este cambio ha tenido profundas consecuencias para los usuarios… ¿Qué soluciones existen? La más extrema podría ser no compartir ningún tipo de dato, lo que dañaría a los servicios de información y a los sitios web que viven gracias a los anuncios online. Por ello, es necesario estudiar soluciones tanto técnicas como económicas para controlar y compartir los datos personales en internet. Este es el propósito de “PIMCity – Building the next generation personal data platforms“, un proyecto de investigación con fondos de la Unión Europea en el marco de Horizonte 2020, coordinado por Marco Mellia, profesor en el Departamento de Electrónica y Telecomunicación del Politecnico di Torino y responsable del Centro de Investigación SmartData@PoliTO.

El proyecto, en el que participa IMDEA Networks, tiene como objetivo construir sistemas que aseguren el control de los datos en Internet: un kit de desarrollo de sistemas de gestión de información personal (PIMS – Personal Information Management System) que permita a los usuarios finales y a los proveedores de servicios comerciales en la web modular y crear mercados más nuevos y transparentes para los datos. Es, en la práctica, un conjunto de componentes de software para ser usados como si fuesen ladrillos con características específicas con el objetivo de construir una solución a medida para cada necesidad. Al escoger entre componentes se pueden determinar interfaces para cada usuario final que navegue por la web y que necesite almacenar sus datos en lugares seguros, para compartirlos más tarde de forma consciente. Y las empresas pueden crear nuevos mercados, recopilando y usando datos de interés de una forma transparente, al tiempo que pueden proporcionar una compensación monetaria a los usuarios finales a cambio de sus datos.

“Cuando pienso en PIMCity, pienso en mis hijas y en sus amigas –declara Marco Mellia-. En la actualidad, ceden su información a gigantes de internet y otras empresas sin posibilidad de elección. PIMCity les permitirá elegir conscientemente qué datos quieren compartir, y con quien quieren hacerlo”.

El consorcio PIMCity recibió un presupuesto de 5,24 millones de euros para un trabajo de dos años y medio, con estos participantes: Politecnico di Torino, Italia (coordinador del proyecto); NEC Laboratories Europe GmbH, Germany; Ermes Cyber Security SRL, Italia; Fundación IMDEA Networks, Spain; Universidad Carlos III de Madrid, España; Telefónica Investigación y Desarrollo SA, España; Fastweb SPA, Italia; LSTECH ESPANA SL, España; Katholieke Universiteit Leuven, Bélgica ; Asociación de Usuarios de Internet, España ; Interactive Advertising Bureau Europe, Bélgica; Big Data Analytics SA, Argentina; y CLIQZ, Alemania.

Il progetto di ricerca, coordinato dal Politecnico di Torino con 13 partner internazionali, svilupperà nuove tecnologie per controllare e utilizzare in modo trasparente i dati personali sul web.

Con un semplice click su “acconsento”, spesso in modo automatico e senza aver letto le molteplici pagine che riguardano la gestione di dati e la privacy, regaliamo informazioni spesso personali in cambio di un libero accesso a servizi online, senza possibilità di controllo o negoziazione, spesso ad un destinatario non chiaro, cedendo informazioni sensibili e dettagliate sul proprio stile di vita, sulle preferenze per articoli commerciali o servizi, fino ad arrivare a dati come orientamento sessuale o problematiche di salute.

L’economia del web è infatti cresciuta grazie alla possibilità di sfruttare grandi moli di dati personali per scopi commerciali. Le conseguenze sugli utenti del web sono importanti: quale soluzione? Quella più drastica sarebbe non cedere alcun dato ma in questo caso si danneggerebbero servizi e siti di informazioni che vivono grazie alla pubblicità su internet. In alternativa occorre studiare soluzioni tecniche per il controllo della cessione di dati sul web: nasce così “PIMCity: Building the next generation personal data platforms”, il progetto europeo coordinato da Marco Mellia, docente del Dipartimento di Elettronica e Telecomunicazioni del Politecnico di Torino e coordinatore Centro SmartData@PoliTO.

Il progetto ha l’obiettivo di costruire un sistema che garantisca il controllo dei propri dati su internet: si tratta di un kit di sviluppo di PIMS - Personal Information Management Systems, ovvero sistemi di gestione delle informazioni personali – che gli utenti finali e i fornitori di servizi commerciali sul web possono utilizzare modulando e creando nuovi mercati dei dati, più trasparenti.

Si tratta di un insieme di componenti software, che, come “mattoncini” con specifiche caratteristiche, vanno a creare la “soluzione” su misura in base alle proprie esigenze: scegliendo questi componenti si potranno infatti modulare interfacce sia per gli utenti finali che navigano il web, conservando in luoghi sicuri i propri dati e avendo la possibilità di condividerli consapevolmente in un secondo momento, sia per le aziende che potranno così creare nuovi mercati, raccogliendo e utilizzando dati utili in modo trasparente.e a dati come orientamento sessuale o problematiche di salute.

Quante volte abbiamo cliccato sul tasto Acconsento sul web, ignorando apertamente tutte le condizioni di utilizzo che stavamo accettando? Questo spesso comporta la diffusione dei nostri dati, senza che ne abbiamo un effettivo controllo a destinatari che non conosciamo. Dal nostro stile di vita alle nostre preferenze di acquisto, diamo accesso al mondo a informazioni su di noi, spesso anche davvero personali. È da questo che nasce l’ìdea di PIMCity: Building the next generation personal data

Quante volte abbiamo cliccato sul tasto Acconsento sul web, ignorando apertamente tutte le condizioni di utilizzo che stavamo accettando? Questo spesso comporta la diffusione dei nostri dati, senza che ne abbiamo un effettivo controllo a destinatari che non conosciamo. Dal nostro stile di vita alle nostre preferenze di acquisto, diamo accesso al mondo a informazioni su di noi, spesso anche davvero personali. È da questo che nasce l’ìdea di PIMCity: Building the next generation personal data platform.

PIMCity: Building the next generation personal data platform, scopriamo di più
Come possiamo contrastare la diffusione dei nostri dati? Beh, una risposta semplice c’è, ma comporterebbe la rinuncia a servizi diventati ormai parte della vita di tutti i giorni di ciascuno di noi. Rinunciare a Internet sarebbe oggi molto difficile e considerato quanto questi dati siano fondamentali per gli introiti pubblicitari per tantissime piattaforme online, questo potrebbe anche avere gravi ripercussioni sull’economia. C’è un’altra via?

È proprio questo l’obiettivo di PIMCity: Building the next generation personal data platform, un nuovo progetto europeo coordinato da Marco Mellia, docente del Dipartimento di Elettronica e Telecomunicazioni del Politecnico di Torino e coordinatore Centro SmartData@PoliTO.

L’idea alla base è costruire un nuovo sistema che offra agli utenti la possibilità di controllare i propri dati sul web in maniera facile. Tramite l’utilizzo del kit di sviluppo di Personal Information Management Systems fornito, utenti finali e fornitori di servizi potranno creare un mercato dei dati completamente nuovo e più trasparente.

Tramite varie componenti software si potranno sviluppare interfacce che permettano agli utenti di sapere esattamente quali siano i dati che offrono alle aziende e a quest’ultime di conservarle in modo sicuro.

Marco Mellia ha rilasciato il seguente commento in occasione del lancio dell’iniziativa:

“Quando penso a PIMCity penso alle mie figlie e i loro amici. Oggi cedono le loro informazioni ai giganti del web e altre aziende – senza alcuna possibilità di scelta. PIMCity permetterà loro di scegliere consapevolmente quali dati condividere, e con chi condividerli“.

“PIMCity: Building the next generation personal data platforms” è un progetto di ricerca europeo coordinato dal Politecnico di Torino con 13 partner internazionali

PIMCity: il kit di protezione dei dati personali sul webPIMCity: Building the next generation personal data platforms è un progetto europeo coordinato da Marco Mellia, docente del Dipartimento di Elettronica e Telecomunicazioni del Politecnico di Torino e coordinatore Centro SmartData@PoliTO, che ha l’obiettivo di proteggere e controllare l’utilizzo dei dati degli utenti sul web.

Dando il nostro consenso senza leggere le condizioni relative alla gestione di dati e privacy, regaliamo informazioni – sul nostro stile di vita, le nostre preferenze, fino al nostro orientamento sessuale o condizioni di salute – in cambio di un libero accesso a servizi online, senza possibilità di controllo o negoziazione, spesso ad un destinatario non chiaro. Ciò ha fatto crescere esponenzialmente l’economia del web, che sfrutta i dati personali a scopi commerciali. La soluzione più drastica sarebbe quella di non cedere alcun dato, ma si danneggerebbero servizi e siti di informazioni che vivono grazie alla pubblicità su internet.

Il progetto ha l’obiettivo di costruire un sistema che garantisca il controllo dei propri dati su internet: si tratta di un kit di sviluppo di PIMS – Personal Information Management Systems, ovvero sistemi di gestione delle informazioni personali – che gli utenti finali e i fornitori di servizi commerciali sul web possono utilizzare modulando e creando nuovi mercati dei dati, più trasparenti.

Si tratta di un insieme di componenti software, che, come “mattoncini” con specifiche caratteristiche, vanno a creare la “soluzione” su misura in base alle proprie esigenze: scegliendo questi componenti si potranno infatti modulare interfacce sia per gli utenti finali che navigano il web, conservando in luoghi sicuri i propri dati e avendo la possibilità di condividerli consapevolmente in un secondo momento, sia per le aziende che potranno così creare nuovi mercati, raccogliendo e utilizzando dati utili in modo trasparente.

“Quando penso a PIMCity penso alle mie figlie e i loro amici – dichiara Marco Mellia. Oggi cedono le loro informazioni ai giganti del web e altre aziende – senza alcuna possibilità di scelta. PIMCity permetterà loro di scegliere consapevolmente quali dati condividere, e con chi condividerli.”

This rise and potential role of PIMS is particularly interesting in the context of the EU General Data Protection Regulation and the California Consumer Protection Act, which seek to regulate the collection and use of personal data, strengthen the legal requirements for consent, introduce data protection by design principles, and empower individuals to regain control over their own personal information.

Advances in technology, such as the increase in data mining, the spread of smartphones and tablets, and improvements in internet connectivity, have created a data-rich world where the economic and social value of personal data has increased immensely. The increase in the value of data has spawned a new form of value creation dubbed informational capitalism, or sometimes derisively, surveillance capitalism.

In Personal Data Spaces: An Intervention in Surveillance Capitalism?, Shoshana Zuboff writes that under the surveillance capitalism model, value creation is based on extracting as much data as possible about users, turning that data into behavioral profiles, and then monetizing those profiles through internal use or by sale to third parties. Google and Facebook are pioneers of this new value-accumulation model and both companies have recently been criticized for their use of mobile apps that collect extensive data about individuals by tracking all of a user’s phone and web activity.

Enter "personal information management systems." These tools form part of an emerging market that may upend the current methods of gathering, managing, and using personal data, leading to a revolution in how individuals control and manage their identity, consent, and privacy preferences. According to Ctrl-Shift, a U.K.-based consultancy specializing in the personal information economy, the potential market for PIMS in the U.K. is 16.5 billion GBP, making up 1.2 percent of the U.K. economy.

What are PIMS?
PIMS, also referred to as personal data stores, personal data spaces, or personal data vaults, are systems that allow people to control their personal data and manage their online identity by enabling individuals to gather, store, update, and share personal data. Importantly, PIMS also let people allow, deny, or withdraw consent to third-parties for access to their personal data. PIMS can facilitate compliance with existing privacy laws by making it easier for organizations to gain effective consent of users, which can be an administrative burden. Also, by putting personal data in the hands of individuals, PIMS can facilitate compliance with users’ rights to access their individual data and a business’s obligation to ensure the data is up to date and accurate.

PIMS can be viewed as the evolution of today’s social media companies such as Facebook, Google, Twitter, Instagram, and LinkedIn. The role of individuals and organizations is flipped, however. PIMS makes information a tool for the individual and helps individuals manage their relationships with many organizations.

Broadly speaking, PIMS can be divided into two categories based on the technical architecture for storing personal data: a local storage model or a cloud-based storage model. Under the local storage model, information is kept in users’ devices such as laptops, smartphones, and tablets. In a cloud-based model, information is stored either in one location or among various service providers and logically linked. Regardless of technical architecture, personal data needs to be stored in an encrypted, interoperable, machine-readable format that can enable interactions without human assistance. Interoperability is an absolute requirement for widespread usage of PIMS, and to create a simple, common format for moving data files directly between services.

The core function of any PIMS is consent management, where user’s preferences are matched with requests for personal data. For example, PIMS that implement blockchain and smart contract functionality can facilitate data protection by confirming a user meets an age requirement rather than providing the user’s date of birth. Another example would be an assistance program that distributes relief based on sexual orientation. PIMS could confirm that an individual meets the specific requirements for eligibility, while protecting the individual from retribution or discrimination because the individual’s identity is kept secret.

PIMS will need to display complex information about a user’s identity, consent, and privacy preferences in a simple, easy to understand display and inform of successful or unsuccessful attempts to access individual data. One way a successful is through a user-friendly interface or dashboard.

The drawbacks of PIMS
While PIMS offer many potential benefits, there are also areas of concern and potential pitfalls to their widespread adoption. PIMS should make clear what benefits and risks are associated with the technical architecture the PIMS providers are employing. The cloud-based approach is particularly subject to hacking and breach attempts. Data security is a high priority under this approach because any breach could result in a loss of confidence in the entire service. The local storage model also carries risks because personal devices often implement low levels of data protection. Another fundamental issue is the responsibility of PIMS providers to design their systems so that they comply with the GDPR, CCPA, and any future privacy laws. .

To comply with the GDPR, any PIMS will need to meet the provisions regulating security breaches. Open questions about deploying a PIMS in a GDPR-obligated organization include: In the case of a data breach or misuse of information by the customers of a PIMS, to what extent will the PIMS provider be liable? Will the PIMS have the primary responsibility for screening and ensuring customers are reliable? There are also situations where a PIMS would act as a data controller and the provider would be responsible for keeping the personal data secure. It is currently unclear if and to what extent a PIMS provider could contractually limit its liability to the individuals’ whose data it holds with respect to Article 82 and the right to compensation and liability.

While most PIMS providers are taking steps to address these concerns, it does not necessarily mean that the risks associated with the loss of confidentiality and unfair use of data completely disappear. The risk that personal data will be accessed and used differently from the permitted and intended use is an inherent risk of any PIMS and calls for caution when evaluating what features and services PIMS are being marketed for.

The future of PIMS
PIMS have the potential to radically disrupt a wide variety of sectors, including banking, retail, and health. One interesting possibility is the inclusion of personal analytics features. Hypothetically, a user could have an intelligent personal assistant controlling how the user’s data and/or insights inferred from it are shared with third parties. This could be done in a sector-specific context (e.g., well-being and health data, personal mobility) or holistically by collecting and aggregating data about an individual from different sources, such as browsing history, bookmarks, address books, credentials, location data, financial data, or social network activity. Google has been developing just such a holistic technology that analyzes the entire Bitcoin and Ethereum blockchains and gives developers the ability “to do everything from predicting the price of bitcoin to analyzing wealth disparity among ether holders.”

The healthcare industry stands to gain immensely from the adoption of PIMS because of the vast amounts of personal, sensitive data they collect. The University of Cambridge Judge Business School released a report in 2015 analyzing PIMS and offering recommendations to guide their development. The report included a case study of PIMS in the healthcare sector which found:

"The health sector stands to gain the most from [PIMS], but it also faces some of the biggest hurdles. Not only is health data one of the most sensitive types of personal data, both in law and practice, but healthcare in the EU is under the purview of Member States – and thus difficulties of creating cross-border services are amplified. . . . There are stringent legal requirements related to the processing of health data, as it is sensitive data, and there is heterogeneity in the regulatory environment because healthcare is predominantly a Member State competence in the EU. If healthcare [PIMS] providers can be successful, it bodes well for [PIMS] providers in similarly complex industries, like finance and insurance."

Analytics could also be used to predict and monitor health conditions, target patients based on sensitive information (such as financial condition or addictions), and potentially lower costs for the health system by facilitating an expansion of electronic healthcare systems. “[O]ne of the biggest societal benefits that could arise from a [PIMS] . . . would be through greater research capabilities enabling faster scientific and medical advances as well as new research into previously data poor areas such as rare diseases.” Apple HealthKit, ResearchKit, and CareKit are early examples of the possibilities for analytics in the health sector.

Conclusion
PIMS may reshape the relationship between individuals and organizations and disrupt entire industries that rely on the value of personal data. As the leading PIMS providers emerge, they will likely focus on standardizing formats for the interchange of data, working with policy makers to ensure PIMS are compliant with privacy laws, and building confidence among users by ensuring that their products are robust and secure.

The H2020 PIMCity project started. The kick off meeting was held in Politecnico di Torino, with more than 25 participants. Best luck for this interesting project investigating privacy preserving solutions for the web.

With a simple click on “I agree”, often without reading any disclaimer about privacy and data management, we give away personal information to get free access to online services. We do not have the possibility to control and negotiate, compelled to blindly provide to an unknown recipient sensitive information about our lifestyle, our preferred commercial merchandise or service, up to data such as sexual orientation or health problems.

The web economy has been revolutionized by the unprecedented possibility of collecting massive amounts of personal data to be used for commercial purpose. This change has deep consequences for users, but which solutions are possible? The most extreme would be not to share any data, but this would damage information services and web sites that live thanks to online advertising. It is thus necessary to study technical and economical solutions for the control and sharing of personal data on the web. This is the aim of “PIMCity - Building the next generation personal data platforms", a research project funded by the European Union in the framework of Horizon2020 and coordinated by Marco Mellia, professor at the Department of Electronics and Telecommunications of Politecnico di Torino and responsible of the SmartData@PoliTO Research Centre.

PIM city gruppo di lavoro

The project aims at building systems that ensure the control of the data on the Internet: it is a development kit of PIMS - Personal Information Management Systems - allowing end users and providers of commercial services on the web to modulate and create new and more transparent markets for data. Practically, it is a set of software components to be used like bricks with specific characteristics, for building the solution tailored to your needs. Choosing between components, one can shape interfaces for both end users that surf the web and need to store their data in safe places to consciously share them later; And companies that can create new markets, collecting and using data of interest in a transparent way.

When I think to PMCity I think of my daughters and their friends – declares Marco Mellia -Today, they pass on their information to web giants and other companies - without any choice. PIMCity will allow them to consciously choose which data to share, and with whom to share it.

0 | 10 | 20