Building a Personal Data Sharing Infrastructure

Building an infrastructure for Personal Data Sharing

The personal data sharing technical infrastructure we aim to build within aNewGovernance enables the cross-sectoral Personal Data Space. The infrastructure is still under construction but we can already picture the key features and building blocks:

  • A Governance body for Personal Data Sharing
  • A competitive landscape of Personal Data Operators or intermediaries
  • A shared personal data infrastructure relying on common standards

Personal Data Operators for individuals

Personal Data Operators (or Personal Data Sharing Services) represent individuals for data transfer and connect digital services together through a human-centric architecture. They have to allow:

  • individuals to grant permissions/consents to transfer their data between digital services
  • individuals to revoke permissions anytime
  • individuals to monitor what they share easily from a central dashboard
  • organizations to transfer data in a human-centric way

When they follow the aNewGovernance Separation of Powers Principle (SPP) Operators cannot hold and use transferred data as their role is only to ensure the respect of people’s permissions and consents on the access and transfer of their data. Operators must follow a standard design, data models, and transparency rules.

Operators are controlled by the governance body and are subjected to certifications (ie the authorization framework of the European Commission). They can be private companies with a dedicated business model, but they should be interoperable and substitutable, thus constituting a competitive market, without possible lock-in effect. Subsequently, permissions by one operator have to be accessible from all other operators on demand of the user. Operators must propose to the end-user a permission dashboard allowing access of all given permissions for data transfer in a unique place which gives easier control of its data for the user.

In 2020 aNG worked with MyData to explore the existing Operators on the market in the paper: Understanding the MyData Operators. Some of these operators already received the MyData Operators certification.

    The Human Permission Layer (HPL)

    1. The personal data transfer open network

    The personal data transfer open network we propose has to allow digital services to exchange personal data on demand of their users. Following the Separation of Powers Principle (SPP), data transfers require permissions granted by users through their Personal Data Operators which never see or access transferred data but rather act as a switch for the transfer. Permissions and transfer work on 2 separate layers.

      Digital services wanting to exchange personal data on demand of their users must:

      • be able to know when permission for data transfer is granted by their users and when it is revoked
      • be able to transfer data from one organization to another
      • be able to identify uniquely a user cross-organizations
      • be able to warn each other when new data is available
      • benefit from means to avoid data overload
      • benefit from means of conflict resolution and error management

      All the features above can be proposed by digital services and Operators directly. But in order to level the playing field and offer a sustainable and modular architecture, we have to build the Commons for Personal Data Transfer with open components or frameworks. The complexity of this task is that there are already many standards available and we have to take into account a huge variety of legacy systems. To be inclusive and allow small and medium-size companies to join the network, the common components also have to be easy to implement. The Governance body we are creating will have to coordinate all the infrastructure players of the ecosystem in order to achieve interoperability.

        2. The Permission Ledger

        The Permission / Consent Ledger has to allow:

        • Personal Data Operators to register individuals’ permissions/consents for data transfer on behalf of the individual
        • Organizations wanting to exchange data to access permissions/consents in order to know if they can transfer or access data

        Personal Data Operators will be mandated by the individual to represent him or her in the management of his or her consents/permissions.  The services need to recognize the operator as a legitimate representation of the individual, for this new and clear legal contracts are needed. aNG is working on those.

        Standard Permissions / Consents will protect individuals legally and improve the auditability of the global infrastructure. Relying on the Separation of Powers Principle (SPP) and the Personal Data Operators, which act as trusted third parties between organizations, will strengthen the human-centricity of the infrastructure.

        The Permission / Consent Ledger has to follow a specific Data Model for consent (Kantara consent receipt). Personal Data Operators have to follow design standards when presenting consents/permissions to users. They will at first store consent separately but we will build a distributed Permission / Consent Ledger based on the blockchain technology in order to ensure maximum interoperability, security, and transparency. The Governance body will be in charge of the distributed Permission Ledger.

        3. The Contract Ledger

        Each data transfer use case between 2 or more organizations will be uniquely tied to a legally binding contract. Contracts will protect organizations and define precisely the scope of liabilities for each party. Regulations like the GDPR will be the building blocks of the contracts.

          Contracts will have to follow a specific Legal standard still to be built. Personal Data Operators will at first store contracts separately but we will build a distributed Contract Ledger based on the blockchain technology in order to ensure maximum interoperability, security, and transparency. The Governance body will be in charge of the distributed Contract Ledger.

          Contracts will have to follow a specific Legal standard still to be built. Personal Data Operators will at first store contracts separately but we will build a distributed Contract Ledger based on the blockchain technology in order to ensure maximum interoperability, security, and transparency. The Governance body will be in charge of the distributed Contract Ledger.

          4. The charters framework

          Personal data ecosystems need rules whatever their scale. Rules have to be defined collectively through charters that will give guidelines for all stakeholders. Those charters include:

          • ethical basic principles
          • does and don’ts
          • duties for all stakeholders
          • business practices
          • etc.

          In order to ensure the coherence of the ecosystem through the governance body, we need to build a top-down and bottom-up charter framework for all levels of the ecosystem:

          • ethical principles derived from human fundamental right at a global level
          • sector-specific guidelines at a sectoral level
          • ecosystem guidelines at a project level

          5. The trust framework

          All stakeholders need to be reassured when sharing personal data. The trust framework has to:

          • allow individuals to feel safe when transferring personal data
          • allow organizations to feel safe when transferring personal data

          The trust framework is composed of the following components:

          • Certifications of the Personal Data Operators that have to comply with rules defined by the governance body. Third-party organizations will be able to deliver certifications (like the MyData Operator certification) based on commonly agreed on labels.
          • Services, operators, and use cases finalities registries that will facilitate audits in case of malfunction
          • A rating system for organizations exchanging data assessing their compliance level to privacy regulations. Rating will be displayed directly to users.

           

          6. The personal data exchange marketplace

          For the whole Personal Data Sharing infrastructure to be sustainable, we need a value distribution system. We remind that data transfer has to be free for individuals. The personal data exchange marketplace will allow organizations to:

          • discover available external personal data sets
          • request personal for specific use cases
          • offer personal data sets

          Prices will be determined by the organizations themselves. The governance body will help to regulate the marketplace and to assess transparency levels, according to regulations.

            Non-personal and personal data sharing standards

            Personal data sharing is highly related to non-personal data sharing. Indeed when sharing personal data, an important part of the shared information is non-personal. In order to facilitate cross-sectoral personal data circulation, information related to individuals have to be defined identically for all sectors (health, finance, retail, etc.). At the same time, information that is not related to an individual and are sector-specific should be defined at a sector level.

              Use case example:

              A user wants to share food purchase receipts from its retailer to a diet coach app

              in order to get advice on its eating habits.

              Information about the user (name, etc.) is always personal and not dependant on the sector (retail, health, finance, etc.). The person data model has to be defined at a cross-sectoral Personal Data Space level.

                Information about the user (name, etc.) is always personal and not dependant on the sector (retail, health, finance, etc.). The person data model has to be defined at a cross-sectoral Personal Data Space level.

                  Later on if the same user wants to transfer the same set of data to a healthcare app that will add health-related information to the data set, non-personal health sector standards will be used but personal data standards will be identical.