BLOG

Current Solutions for Personal Data Management

Image

The first countermeasures against the collection of user data were solutions to block online ad- vertisements and trackers, usually implemented via browser plugins. AdBlock Plus and Ghostery are notable examples that have become popular in recent years and count millions of users. They block ads and offer the ability to limit common tracking mechanisms and many privacy-invasive practices, such as browser fingerprinting. In re- sponse, services have attempted to circumvent blocking with a variety of more sophisticated tracking techniques. This has led to a continu- ing arms race that is detrimental to the positive potential of data-driven decision making and the Internet economy in general.

The first countermeasures against the collection of user data were solutions to block online ad- vertisements and trackers, usually implemented via browser plugins. AdBlock Plus and Ghostery are notable examples that have become popular in recent years and count millions of users. They block ads and offer the ability to limit common tracking mechanisms and many privacy-invasive practices, such as browser fingerprinting. In re- sponse, services have attempted to circumvent blocking with a variety of more sophisticated tracking techniques. This has led to a continu- ing arms race that is detrimental to the positive potential of data-driven decision making and the Internet economy in general.

Recently, several technological solutions and business models have emerged to balance the above tensions, based on proposals and opinions maturing in the European policy scene and its instruments, such as the European Data Protec- tion Supervisor (EDPS). Similarly, the concept of European Data Spaces was recently introduced by the European Commission to allow citizens to share their data, although its business model is still in its early days, but potentially relevant for citizen data valuation and reward.

In this picture, Personal Information Man- agement Systems (PIMS), also called personal data banks or personal data vaults, appear to be a promising alternative to the uncontrolled collection, processing and use of people’s data, including personal and sensitive information. At a high level, a PIMS can be thought of as a software interoperability layer between end users and data services, responsible for ensuring that data is passed from the former to the latter in a controlled manner.
PIMS look to empower individuals to take control of their personal data. For that purpose, they include capabilities such as: let user collect their personal information from internet service providers; exercise their erasure and modification rights, as granted by data protection laws (GDPR, CPA); help users manage cookie settings and pri- vacy permissions in their devices; provide a fine- grained consent management for sharing personal data to services; allow to revoke such permis- sions; monetize their data by allowing users to negotiate their consent and receive payments for sharing their personal data. Currently, PIMS from academia and industry are attempting to rewrite the rules of the information economy on the In- ternet with various business models, technological solutions and marketing strategies.

Among the wide ecosystem of data platforms, we identified 19 systems that deal with personal data, and hence can be classified as PIMS, in a recent survey of entities trading data in the Internet. We summarize them in Table XX. [mt: Add discussion from D3.1. Discuss: What kind of data? Target? Data Buyer Fee? How they price data? Have test before you buy?]

Despite the impressive number of such at- tempts, none of them has yet reached business or technological maturity nor managed to attract a sizable user base.
Our goal is to bridge this gap by offering a set of open-source building blocks to unlock the potential of data-driven decision making. As part of the EU-funded PIMCity project, we have de- signed, developed and validated a set of reusable, flexible, open and user-friendly components in the form of a PIMS Development Kit (hereafter PDK, effectively an SDK for PIMS). Being aware of the complex and non-standard definition of PIMS, our goal is not to develop a monolithic solution that cannot withstand the ever-changing requirements of business and regulations, but to provide a modular approach that can be flexi- bly improved and refined as needed. In short, the PDK provides the ability to rapidly develop new PIMS solutions and easily experiment with possible alternatives. We make it available to the community as open-source software, which can be found at https://easypims.pimcity-h2020.eu.