Multi-Protocol Frameworks for Personal Data Ecosystems

From IIW

Multi-Protocol, end2end Trust Assured Frameworks for Personal Data Ecosystems

Wednesday 2A

Convener: Luk Vervenne

Notes-taker(s): LaVonne Reimer & Luk Vervenne

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

This team has been grappling with rubber meets the road pragmatism, innovation meeting real use cases coupled with strong regulatory regimes = Trusted architecture for securely shared services

  • Individual as empowered stakeholder
  • End to end trust assurance and trust perception
  • Bring analytics to the data--democratization of analytics services

IIW21 W 2A MultiProtocolFramworks1.jpg

Personal data as big data using Virtual personal data stores by virtue of

  • Cell-level data security allowing..
  • ABAC + RBAC + CBAC policy management in a big data setting

Ecosystem is managed by:

  • Techno-legal-contractual framework
  • Separation of concern governance

Multi-protocol stack = Open architecture using translatable

  • SAML +IDWSF SSO layer
  • OIDC + Kantara UMA

Personal trust manager: user can see “who asked for his data, did they got it or why not?”

Support for delegation, breaking the glass principles, …

High-level architecture with front- and back channel Throughout the architecture, every component has client & server access & authorization control points that send their audit summary data to an audit bus.

Estimates cited in Financial Times personal data is going to be worth $1T -- it's a valuation rather than assertion of revenues to be addressed. Ad tech is 10% of this and going down. So the conclusion is there is value to be gleaned that isn't all about ad tech. We need to get persons leveraging these data to begin to bring some of that value into the economy.

Eg healthcare insurance (the Netherlands) example: Risk balancing that goes beyond just the claims filed with them. Such as unemployment and other records they cannot get because of data privacy. The alternative is that insurers let go of the data, leave it in the PDS of care recipients, and organize privacy preserving analytics retrieving the insights they need rather than the data. Europe is setting up a “personal information management” industry association. Mostly SMEs, start-ups and university departments. Big ICT companies too entrenched in enterprise. Don’t see it yet. Trying to join forces on architecture to enhance their impact.

EU commission gave out $2B to big companies for big data research and optimization.

What's at stake is continuing to exploit personal data.