European Data Privacy: Citizens own their Data

On October 1, 2019, the Digital Twin Belgium community kicked off at DigitYser in Brussels. Collecting, processing, and storing personal data has become standard practice in the digital era. We are leaving an ever-increasing digital footprint. The consequence is that managing your data privacy is creating multiple challenges. Many organizations have an interest in your data with the intent to better serve you as their customer or citizen. However, besides advantages, there are also disadvantages like data- and identity theft, unauthorized data selling, and data leaks. That raises the question, who owns and controls your data?

Christophe Cop, Manager, and data scientist at PricewaterhouseCoopers Technology Consulting is passionate about web decentralization. “I am a firm believer in creating a European data privacy business model where citizens control their data. In the United States, corporate organizations own and manage your data and in China its the government,” he says. To get insight into the solution and technology that helps you manage, store, and commercialize your data, Christophe created the Digital Twin Belgium Meetup.

On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect. It regulates the protection of natural persons concerning the processing of personal data and rules relating to the free movement of personal data. In other words, the GDPR protects the fundamental rights and freedoms of individuals and in particular, their right to the protection of personal data. 

The GDPR triggered Christophe to think about data privacy: “Suppose you regain control of your data. How do you create your digital twin, a virtual identity that contains personal data, including criteria for commercialization? What kind of applications do you need to manage your data? What are the criteria for third parties to get access to your data?” 

Data Privacy business model
Reclaiming data control requires that you start to manage personal data. How can you do this efficiently and effectively? Besides managing it yourself, a virtual identity company might be the solution. Such a company, for example, a data broker start-up, manages and invests your data just as a money broker.

The advantage of working with a virtual identity company is, e.g., that supermarkets interested in personal data can check with the company who is willing to sell their data to them. They get authorized access to the available data and in return pay for it, provide discounts or extra services. Besides, they can receive enriched data if you decide, for instance, to share data about your overall buying behavior at supermarkets. That provides them with extra valuable info to improve your personal customer experience. Overall, it requires supermarkets to add value and act trustworthy as otherwise, they risk that you revoke their data access. 

A point of attention is the jurisdiction to hand-over your data, or part of it, to a virtual identity company. What data are they able to see? How do they get access to your data? How do they know which data you want to sell to third parties, and how do they give third parties access to it?

The Digital Twin Belgium Meetup aims to realize a sound European data privacy business model that provides citizens control over their data.”

Technological data privacy aspects
Data privacy-wise it is crucial to separate data from applications. Additionally, you need a technology that enables you to structure your data in a standardized way so that it is transferable.

Solid, an MIT project led by Prof. Tim Berners-Lee, inventor of the World Wide Web, proposes a set of conventions and tools for building decentralized social applications. It uses Linked Data principles, a collection of best practices for publishing structured data on the web. If you apply it to structuring personal data, you have to create a meaningful link between two elements. For example:

Person (element 1) – has name – Christophe (element 2)

The above structure results in an overview of connected elements, with each having a different meaning. To perform searches on data sets build on this principle, you use SPARKQL, the standard query language, and protocol for Linked Open Data on the web or semantic graph databases.

Another technological data privacy aspect is the storage of your data transactions. Here, blockchain might be the solution as it is a distributed ledger. It is a control mechanism to track, e.g., which person or company has access to what data for which time-period.

Digital Twin Meetup 
To implement and further develop the legal framework and technological aspects of the European data privacy business model, individuals, businesses, and governments have to join forces. Christophe: “Currently, we have a basic framework. The next step is to put this framework into practice and to improve it. Regaining control of your data, improving data privacy, and authorized access to (enriched) data is a win-win situation for all involved stakeholders. The Digital Twin Belgium Meetup aims to realize a sound European data privacy business model that provides citizens control over their data.”

Are you passionate about data privacy? Do you want to contribute to the creation of the European data privacy business model? Join the Digital Twin Belgium Meetup  

Share this post

Share on twitter
Share on linkedin
Share on email