Periodic Reporting for period 2 - PoSeID-on (Protection and control of Secured Information by means of a privacy enhanced Dashboard)
Reporting period: 2019-09-01 to 2021-03-31
PoseID-on developed an innovative intrinsically scalable platform, namely the Privacy Enhancing Dashboard (PED) for personal data protection, as an integrated and comprehensive solution aimed to safeguard the rights of data subjects, as well as support organizations in data management and processing while ensuring GDPR compliance. The PED integrates cutting edge technologies towards the organizations accountability and GDPR compliance as fa as data processing and exchange is concerned. Also, it contributed to help organizations in the guarantee of fundamental rights of data subjects. The objective was to create a solution for many of the obstacles to a smooth and agile ecosystem platform establishment especially those related to the individual (data subject) trust, the regulation compliance and the size of the investment. In this way, PoseID-on supported public and private organizations to properly respond to the new EU regulations by also gaining substantial advantages for their own activities. In fact, the PED enabled organizations to enforce their traditional procedures. The main novelty of all the tools that were developed by PoseID-on, within the PED, is the securitization of their open architecture by means of the implementation of the Permissioned Blockchain and Smart Contracts, which enabled contextual guarantee of accountability, transparency and compliance with rights to data protection. Additional innovation is also provided by the integration of the Permissioned Blockchain technology with other state of the art technologies within the PED namely, cloud, access management according to eIDAS and privacy management. The solution proposed by PoSeId-On, and the Platform in particular, was tested in four different pilots, namely in the Italian, Spanish, French and Maltese contexts.
From the beginning of the project, the consortium worked together to deliver an innovative scalable Platform for personal data protection, supporting the pillars of the EU's General Data Protection Regulation (GDPR), with regards to digital security, that was implemented within a single, integrated tool, adopting blockchain and smart contracts technology.
The main goal of this Platform was to provide targeted benefits for the final end users by enabling data protection by design and by default. In particular, the project delivered an easily accessible and simple Privacy Enhancing Dashboard useful for monitoring, keeping track record, and controlling all aspects related to data subjects, personal data, privacy settings, eventually deciding to authorize/un-authorize personal data transfers.
Thus, PoSeID-on aimed at empowering data subjects in having a concise, transparent, intelligible and easy access, as well as tracking, control and management of their personal data processed by public and private organizations, acting as data controllers and/or data providers, allowing them to make conscious decisions on who can process their own data based on data controller trustworthiness, enabling or revoking permissions, asking for definitely remove their personal data or restricting the data to be shared following the data minimisation principle.
To do so, project partners worked to develop a risk management framework to be integrated into the Privacy Enhancing Dashboard and which automatically checks the legitimacy of data processing and exchanges between different parties by alerting data subjects in case of aberration, potentially leading to infringement of fundamental rights and freedom.
As a further aim, PoSeID-on worked to support the compliance of technological services and products with the GDPR regarding personal data, by integrating advanced ICT-based tools within a replicable and scalable framework, which was implemented within a broad spectrum of products and services.
Thus, the work done in the past 35 months of project, allowed the implementation of:
-a Privacy Enhanced Dashboard as an ICT integrated prototype also provided with an innovative web-based dashboard for data subjects with a user-friendly interface.
-Open source components or API, as interoperable ICT components to be potentially integrated in any public or private ICT architecture.
-a Cloud-based Privacy Enhanced Dashboard as a Service (PEDaaS) to be adopted by public or private organizations in case they do not have their own blockchain and/or cloud or they can't afford the cost of managing GDPR compliant tools.
These tools were finally tested in four different use cases which took place in four different countries: Italy, Spain, France, Malta.
In this regard, the second reporting period was fundamental to finalise the development of the tools and of the PoSeID-on architecture (Web-based Dashboard, the Risk Management module and the Personal Data Analyser), to guarantee the full integration between the Blockchain and the PoSeID-on platform and so the deployment of the use cases.
The main goal of this Platform was to provide targeted benefits for the final end users by enabling data protection by design and by default. In particular, the project delivered an easily accessible and simple Privacy Enhancing Dashboard useful for monitoring, keeping track record, and controlling all aspects related to data subjects, personal data, privacy settings, eventually deciding to authorize/un-authorize personal data transfers.
Thus, PoSeID-on aimed at empowering data subjects in having a concise, transparent, intelligible and easy access, as well as tracking, control and management of their personal data processed by public and private organizations, acting as data controllers and/or data providers, allowing them to make conscious decisions on who can process their own data based on data controller trustworthiness, enabling or revoking permissions, asking for definitely remove their personal data or restricting the data to be shared following the data minimisation principle.
To do so, project partners worked to develop a risk management framework to be integrated into the Privacy Enhancing Dashboard and which automatically checks the legitimacy of data processing and exchanges between different parties by alerting data subjects in case of aberration, potentially leading to infringement of fundamental rights and freedom.
As a further aim, PoSeID-on worked to support the compliance of technological services and products with the GDPR regarding personal data, by integrating advanced ICT-based tools within a replicable and scalable framework, which was implemented within a broad spectrum of products and services.
Thus, the work done in the past 35 months of project, allowed the implementation of:
-a Privacy Enhanced Dashboard as an ICT integrated prototype also provided with an innovative web-based dashboard for data subjects with a user-friendly interface.
-Open source components or API, as interoperable ICT components to be potentially integrated in any public or private ICT architecture.
-a Cloud-based Privacy Enhanced Dashboard as a Service (PEDaaS) to be adopted by public or private organizations in case they do not have their own blockchain and/or cloud or they can't afford the cost of managing GDPR compliant tools.
These tools were finally tested in four different use cases which took place in four different countries: Italy, Spain, France, Malta.
In this regard, the second reporting period was fundamental to finalise the development of the tools and of the PoSeID-on architecture (Web-based Dashboard, the Risk Management module and the Personal Data Analyser), to guarantee the full integration between the Blockchain and the PoSeID-on platform and so the deployment of the use cases.
Talking about expected results after the end of the project, we can affirm that the PoSeID-onPlatform can be considered a valuable tool for all public and private entities that intend to be in line with the GDPR and the latest regulations in terms of privacy preservation. Furthermore, PoSeID-on can also represent the starting point for new developments, as for example by integrating additional new services and tools.
In terms of societal implications, PoSeID-on impacts both private and public organisations, and citizens; indeed, the PoSeID-on Platform is a tool that can be easily adopted by any entity that aims to provide newer and safer services to its users; in particular, PoSeID-on provides open source components or API, as interoperable ICT components to be potentially integrated in any public or private ICT architecture and makes available each single component/toolkit of the Privacy Enhanced Dashboard, so as to allow EU organizations to integrate these components in their own systems. This option guarantees high technological development and competitiveness, as well as the creation of new business opportunities in the EU market.
Furthermore, PoSeID-on provides a cloud-based Privacy Enhanced Dashboard as a Service (PEDaaS) to be adopted by public and private organizations in case they do not have their own blockchain and/or cloud or they cannot afford the cost of managing GDPR compliant tools. In this case, they can access the PoseID-on cloud service and use the Privacy Enhanced Dashboard to monitor and control the data processing.
Last but not least, PoSeID-on represents a strong enabler for implementing any kind of digital collaboration between public organizations as well as private ones and among themselves as it contributes to the mitigation of most of the privacy issues and concerns which represents the main obstacles to ecosystem platform establishment.
From the citizens' perspective instead, the Privacy Enhanced Dashboard provides an innovative web-based dashboard for data subjects with a user-friendly interface that allows them to easily control their personal data and have a clear overview of the consents they provided and the data they shared with third parties, as well the possibility to easily withdraw such permissions at any time. This possibility allows citizens to increase their trust on public and private services and therefore increasingly rely on the services and tools offered to them.
In terms of societal implications, PoSeID-on impacts both private and public organisations, and citizens; indeed, the PoSeID-on Platform is a tool that can be easily adopted by any entity that aims to provide newer and safer services to its users; in particular, PoSeID-on provides open source components or API, as interoperable ICT components to be potentially integrated in any public or private ICT architecture and makes available each single component/toolkit of the Privacy Enhanced Dashboard, so as to allow EU organizations to integrate these components in their own systems. This option guarantees high technological development and competitiveness, as well as the creation of new business opportunities in the EU market.
Furthermore, PoSeID-on provides a cloud-based Privacy Enhanced Dashboard as a Service (PEDaaS) to be adopted by public and private organizations in case they do not have their own blockchain and/or cloud or they cannot afford the cost of managing GDPR compliant tools. In this case, they can access the PoseID-on cloud service and use the Privacy Enhanced Dashboard to monitor and control the data processing.
Last but not least, PoSeID-on represents a strong enabler for implementing any kind of digital collaboration between public organizations as well as private ones and among themselves as it contributes to the mitigation of most of the privacy issues and concerns which represents the main obstacles to ecosystem platform establishment.
From the citizens' perspective instead, the Privacy Enhanced Dashboard provides an innovative web-based dashboard for data subjects with a user-friendly interface that allows them to easily control their personal data and have a clear overview of the consents they provided and the data they shared with third parties, as well the possibility to easily withdraw such permissions at any time. This possibility allows citizens to increase their trust on public and private services and therefore increasingly rely on the services and tools offered to them.