Trusted Personal Data Management A User-Centric Approach

Transcription

1 GRUPPO TELECOM ITALIA Future Cloud Seminar Oulu, August 13th 2014 A User-Centric Approach SKIL Lab, Trento - Italy

2 Why are we talking about #privacy and #personaldata today?

3 3

4 Our data footprint Every day we are handing over 20+ types of personal data 4

5 5

6 The economic opportunity bytes That is more than 1,000 gigabytes of data for every person on earth! to the organization to the customers $1 trillion In 2020! 7 zettabytes 45% 2/3 1/3 2/ Amount of available data is expected to grow by 45% per year through 2015, to roughly 7 zettabytes. The value created through digital identity is expected to grow at 22% CAGR and by 2020 contribute 8% to GDP of the developed economies However, two-thirds of potential value generation $ 1 Trillion in 2020 is at risk if stakeholders fail to establish a trusted flow of data. 6

7 Let s do a step back to the privacy principles

8 Privacy: EU vs US For the EU, privacy is considered a fundamental right and remains highly regulated. In the US, it is deemed a consumer right and is lightly regulated. 8

9 The EU regulatory framework 1) Principles and obligations Data minimization Purpose limitation Personal data must be: relevant and not excessive in relation to the purposes of their collection and processing; kept in a form which permits identification for no longer than is necessary for the purposes for which they are collected or processed. The purposes of the processing must be defined prior to the collection of personal data. Personal data can not be further processed in a way incompatible with such purposes. Consent In general terms, the specific consent of the data subject is needed for processing operations not related to the execution of a contract signed with the data subject or to fulfill a legal obligation. (The other legitimate grounds for data processing apply rarely (1) in the private sector or are subjected to specific restrictions (2) ). (1) E.g. processing necessary to protect the vital interests of the data subject or for a task carried out in the public interest. (2) For instance, under the Italian privacy law, data processing based on a legitimate interest of the data controller must be authorized by the national DPA. 9

10 The EU regulatory framework 2) Scope of application The EU Data Protection Directive does NOT apply to companies based outside Europe, even when they process (with equipment situated outside the EU) personal data of European citizens. Furthermore, OTTs are not subject to the same restrictive rules that apply to Telcos and ISPs under the EU e-privacy Directive. 10

11 The EU regulatory framework 3) Possible evolutions On January 2012, the EC presented a proposal for a new Regulation on the protection of personal data, to replace the current Data Protection Directive. The draft Regulation aims to harmonize EU data protection legislation and to adapt to technological developments. Once approved, it will be directly applicable in the member states. While presenting various innovations, the draft Regulation confirms the basic setting of the current Data Protection Directive with regard to the principles of data minimization, purpose limitation and consent of the data subject. At the same time, the new Regulation may introduce a definition of pseudonymous data and provide for more flexible rules concerning their processing, for instance in relation to the assessment of the data controller s legitimate interest or for profiling activities [1]. [1] European Parliament s Report on a proposal for a General Data Protection Regulation, notably amendments to Recital 38 and 58a and to Article 4(2a) 11

12 The EU regulatory framework: possible openings (1/2) The EU legal framework, however, offers possible openings which, if properly implemented, might allow the balancing of the legitimate interests of businesses and customers and mitigate the regulatory asymmetry which adversely affects European companies. Notably: Dir. 95/49/CE, Recital 26 To determine whether a person is identifiable, account should be taken of all the means likely reasonable to be used to identify the said person. The principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable. WP 29 (1) Opinion 4/2007 on the concept of personal data Retraceably pseudonymised (2) data may be considered as information on indirectly identifiable individuals. In that case, although data protection rules apply, the risks for the individuals will most often be low, so that the application of these rules will justifiably be more flexible. (1) The Article 29 Working Party (WP 29) is made up of a representative from the data protection authority of each EU member state, the European Data Protection Supervisor and the EC. (2) Pseudonymization is the process of disguising identities, often implemented through one-way cryptographic algorithms. 12

13 The EU regulatory framework: possible openings (2/2) WP 29 Opinion 3/2013 on purpose limitation Regarding Big Data, two possible scenarios are described: When the analysis aims at predicting the personal preferences, behavior and attitudes of individual customers, in order to inform measures or decisions that are taken toward them, the relevant consent (opt-in) is necessary; When the analysis only aims at detecting trends and correlations in the information, without effects on single individuals, the concept of functional separation plays a key role. To this end, measures such as anonymization should be taken, to ensure that the data are not available to support measures or decisions toward individuals. WP 29 Opinion 5/2014 on anonymization Inter alia, the WP 29 indicates that: When a data controller hands over a dataset, after removal or masking of identifiable data but without deleting the original (identifiable) data at event-level, the dataset is still personal data. Only if the data controller aggregates the data so that individual events are no longer identifiable, the resulting dataset can be qualified as anonymous [1]. On the other hand, a third party may lawfully process a dataset anonymised and released by the original data controller, without needing to take account of data protection requirements, provided they cannot (directly or indirectly) identify the data subjects in the original dataset. Pseudonymisation reduces the lindability of a dataset with the original identity of a data subject; as such, it is a useful security measure but not a method of anonymisation. (1) E.g. if an organisation collects mobility data, the individual travel patterns at event level would still qualify as personal data for any party, as long as the data controller (or any other party) still has access to the original raw data, even if direct identifiers have been removed from the set provided to third parties. But if the data controller would delete the raw data, and only provide aggregate statistics to third parties (such as 'on Mondays on trajectory X there are 160% more passengers than on Tuesdays ), that would qualify as anonymous data. 13

14 Then, why doesn t it work?

15 Titolo della Relazione Nome del Relatore, Nome Struttura 15

16 Titolo della Relazione Nome del Relatore, Nome Struttura 16

17 Titolo della Relazione Nome del Relatore, Nome Struttura 17

18 The Organization-centric Personal Data Management Persons Personal Data are stored in IT systems of private enterprises /organizations: data stored in independent silos (no integrated view of individuals) Limited involvement and/or awareness of the persons in the use and valorization of their Personal Data, explicitly or implicitly generated: Need to create a Personal Data ecosystem more fair for all the involved actors * Personal data collected from/on individuals (explicitly provided, observed, inferred) Greater attention of the authorities to the possible violations of individuals privacy rather than to enable an exploitation of Personal Data under the control of individuals Data disclosure perceived less relevant than Data protection (*) Enterprises, Public Admin,, E-Gov, Service Providers, Network Providers, etc. 18

19 The role of trust 19

20 The role of trust 20

21 Limite estremo Do you #trust this guy? Titolo della Relazione Nome del Relatore, Nome Struttura 21

22 The User-centric Personal Data Management Individuals become the owners of their personal data: from data protection to data control to enable full data exploitation Increase the control that individuals have over their personal data collection, management, usage and sharing - will: spur a host of new services and applications exploiting their value with direct benefits for individuals restore trust in the personal data ecosystem International initiatives, both from regulatory and economic sides, are sponsoring such a shift from organization-centric paradigm to usercentric paradigm Request for personal data sharing (access, synchronization, etc.) Rules for personal data sharing (access, synchronization, etc.) 22

23 Towards the User-centric Personal Data Management Regulation EU is proposing a data protection reform strengthening citizens rights and aligning regulation with the realities of the Internet (e.g., right of copy, privacy by default ) EU e-privacy directive, requires prior consent for organization to place cookies in users terminals Concerted pressure in US and EU in favour of Do Not Track services Economy Government UK Government launched the midata project promoting the key principle that data should be released back to consumers has announced the Federated Authentication ID Assurance strategy initiative to reinvent the way identity assurance is handled according to a more person-centric approach US Government has a programme called Smart Disclosure similar to midata project has announced its National Strategy for Trusted Identities in Cyberspace (NSTIC) allowing people to choose among multiple identity providers Blue Button initiative releases medical records back to US Army veterans WEF launched the project Rethinking Personal Data to understand how a collaborative and balanced personal data ecosystem can evolve By the way, User-centric Personal Data model is gaining evidence on the specialized Press e.g., 23

24 The Personal Data Store model Digital footprint Digital record of everything a person makes and does online and in the world Big Data produced by or about a person Personal Devices (integrated sensors) Utilities (online) Service Provider (real world) Organizations Payment Providers Telco (*) Environmental sensors Personal Data Store gathers data about persons from multiple sources, to have an holistic view of individuals A PDS Provider acts on behalf of its customers: it provides personal data services to individuals enabling them to control the collection, manage, use and share their personal data (*) These data are voluntary collected by individuals (opt-in) and disjoint from those normally used by Telcos for their traditional business and operation 24

25 Personal Data Store: value proposition Persons: High personalized applications (e.g., life monitoring, information retrieval, behavior awareness, personal decision making support) Controlled information exchange with external services Ownership-preserving content sharing in social networks Personal data as «currency» in the cyberspace, by disclosing data to get economic or social advantages Organizations (e.g., Companies and Public Administrations): Access to aggregations and analytics on personal data disclosed by persons groups to analyze/identify social phenomena (e.g., for marketing, smart territory applications) Data exchange to improve and automatize service delivery processes and better satisfy customers needs (e.g., needs-offers matching, personalization) Trust increase Avoid Personal Data segmentation Application Providers: Simple personal data access via APIs 25

26 User-centric Personal Data Management at work

27 MOBILE TERRITORIAL LAB THE MOBILE TERRITORIAL LAB GOALS Understand the value of Personal (Big) Data Exploit smartphones as social sensors to perform User Behaviour and Social Analysis Design and test prototype applications in a real-life scenario THROUGH A PLATFORM FOR COLLECTING THE DATA SENSED BY MOBILE PHONES DESIGN PERSONAL-DATA DRIVEN SERVICES EXPLOIT AGGREGATED PERSONAL DATA FOR SMART CITY APPLICATIONS DEVELOP PRIVACY- PRESEERVING SERVICES FOR PERSONAL DATA 27 MANAGEMENT

28 MOBILE THE MOBILE TERRITORIAL TERRITORIAL LAB LAB CONSORTIUM A joint effort between industrial and academic research institutions 28

29 MOBILE TERRITORIAL LAB PROJECT SETUP PARENTS (KIDS 0-10) A smartphone (Android +NFC) and a prepaid SIM card to every user An onboard sensing software + 70 NOV 2012 MTL KICK-OFF

30 MOBILE TERRITORIAL LAB The smartphone as the door to your life QUANTITATIVE DATA QUALITATIVE DATA Sociability, mood, contents, preferences, app usage, etc. 30

31 SECOND NOSE DYNAMIC COLLECTIVE MAP OF THE CITY The platform aggregates data from all the sensors each collecting a data point every five minutes. DAILY INDIVIDUAL MAP An app provides users real time information about the collected locations indicating the quality of the air breathed during a day. 31

32 MOBILE THE MOBILE TERRITORIAL TERRITORIAL LAB LAB APP ECOSYSTEM / Examples PERSONAL DATA PLATFORM 32

33 THE MOBILE TERRITORIAL LAB MOBILE TERRITORIAL LAB LOGICAL ARCHITECTURE 33

34 MOBILE TERRITORIAL LAB 34

35 MOBILE THE MOBILE TERRITORIAL TERRITORIAL LAB LAB My Data Store Web Mobile 35

36 MOBILE THE MOBILE TERRITORIAL TERRITORIAL LAB LAB My Data Store Set your collection preferences. 36

37 MOBILE THE MOBILE TERRITORIAL TERRITORIAL LAB LAB My Data Store Set your sharing level. 37

38 MOBILE TERRITORIAL LAB My Data Store Explore your data. 38

39 MOBILE TERRITORIAL LAB My Data Store Compare with others. 39

40 MOBILE TERRITORIAL LAB My Data Store Mobile 40

41 The MTL My Data Store mentioned as reference case at the World Economic Forum Unlocking the Value of Personal Data: From Collection to Usage "Exploring the opportunities and risk of using personal data in a real world context through living labs." 41

42 Thanks.

43 ANNEX My Data Store DEMO 43