Multi-Protocol Frameworks for Personal Data Ecosystems
Multi-Protocol, end2end Trust Assured Frameworks for Personal Data Ecosystems
Convener: Luk Vervenne
Notes-taker(s): LaVonne Reimer & Luk Vervenne
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
This team has been grappling with rubber meets the road pragmatism, innovation meeting real use cases coupled with strong regulatory regimes
TAS3.eu = Trusted architecture for securely shared services
- Individual as empowered stakeholder
- End to end trust assurance and trust perception
- Bring analytics to the data--democratization of analytics services
Personal data as big data using Virtual personal data stores by virtue of
- Cell-level data security allowing..
- ABAC + RBAC + CBAC policy management in a big data setting
Ecosystem is managed by:
- Techno-legal-contractual framework
- Separation of concern governance
Multi-protocol stack = Open architecture using translatable
- SAML +IDWSF SSO layer
- OIDC + Kantara UMA
Personal trust manager: user can see “who asked for his data, did they got it or why not?”
Support for delegation, breaking the glass principles, …
High-level architecture with front- and back channel Throughout the architecture, every component has client & server access & authorization control points that send their audit summary data to an audit bus.
Estimates cited in Financial Times personal data is going to be worth $1T -- it's a valuation rather than assertion of revenues to be addressed. Ad tech is 10% of this and going down. So the conclusion is there is value to be gleaned that isn't all about ad tech. We need to get persons leveraging these data to begin to bring some of that value into the economy.
Eg healthcare insurance (the Netherlands) example: Risk balancing that goes beyond just the claims filed with them. Such as unemployment and other records they cannot get because of data privacy. The alternative is that insurers let go of the data, leave it in the PDS of care recipients, and organize privacy preserving analytics retrieving the insights they need rather than the data. Europe is setting up a “personal information management” industry association. Mostly SMEs, start-ups and university departments. Big ICT companies too entrenched in enterprise. Don’t see it yet. Trying to join forces on architecture to enhance their impact.
EU commission gave out $2B to big companies for big data research and optimization.
What's at stake is continuing to exploit personal data.