Periodic Reporting for period 1 - DataVaults (Persistent Personal Data Vaults Empowering a Secure and Privacy Preserving Data Storage, Analysis, Sharing and Monetisation Platform)
Reporting period: 2020-01-01 to 2021-06-30
DataVaults aims to address this kind of concerns that pertain privacy, ethics and intellectual property rights , by allowing individuals to take ownership and control of their data and share them at will, through flexible data sharing and fair compensation schemes with other entities (companies or not).
It will deliver a novel framework and architecture that leverages personal data, coming from diverse sources (sensors, IoT, wearables, data APIs, historical data, social network data, activity trackers, health records, demographic profiles, etc.) to help individuals construct their unified personal data hub, collect at a single point all of their personal data in a secure and trusted manner, and retain ownership and control on what to share and with whom, receiving also compensation for the artefacts they place at the disposal of other third parties. In turn, third party organisations (companies, public sector, NGOs, etc.) arrive at a position where they can request and get access to tons of personal data, which can complement the ones they already manage and that can be used for generating more efficient, effective and value added services, engaging with individuals into an entirely new way for data sharing, which generates trust and an increased feeling of collaboration, as the data owners (e.g. individuals) become the centre of attention and the most important partner and collaborator of those third parties.
At the core of DataVaults lies the DataVaults personal data value chain, which could from now on be seen as a multi-sided and multi-tier ecosystem governed and regulated by smart contracts to safeguard personal data ownership, privacy and usage and attribute value to all entities that generate value within this chain and especially data owners.
1) Analysed the needs and requirements of the stakeholders and the personal data market.
2) Performed the first implementation activities toward the DataVaults product:
- Defined the integrated DataVaults methodology as a reference explaining the role and interrelations of DataVaults components.
- Defined the user stories for the DataVaults components and functional and non-functional requirements.
- Defined the DataVaults system architecture.
- Developed the alpha version of the DataVaults components, which will be integrated in the alpha version of the DataVaults platform.
3) Prepared an all-inclusive framework for verifying, validating and evaluating the outcomes of the previous phases (from their conception to final release and experimentation in pilot settings).
4) Undertook the first steps to ensure the sustainability of the project’s outputs and its operation following the end of the project.
The project aims to advance the state-of-the-art of data sharing and management but focusing on personal data, which are accompanied by strong security and privacy considerations which are in most of the cases implied by law. The project will combine semantic technologies for categorizing personal data, data sharing principles and secure data analytics, deriving to privacy respective structures that may deliver business intelligence and novel services, that can bring forward a pioneering approach as far as it regards the capture of the value of personal data and its fair distribution.
From a technical point of view, the innovation potential of the DataVaults platform is very high. There are very few cases where personal data has been combined with trusted and secure business analytics scenarios in the EU market, as previously security and data confidentiality has been highly neglected, while the last months, after the introduction of GDPR a radical shift has been witnessed where personal data ceased to be collected and analysed, due to the inability of SMEs to offer truly secure and privacy preserving mechanism. Moreover, little has been also done to give back control and ownership of data to individuals that produce it, while there are almost no initiatives which link remuneration models to personal data sharing, as opposed to industrial data markets. The technical challenges solved by the architecture and the novel tools and methods to be used, such as TPM, searchable encryption, dockerised analytics infrastructure and the combination of public and private ledgers are a perfect fit for environments of personal data management where users are willing to share their data under different levels of trust, in a secure and value generating manner. In this context, the technology to be integrated in and developed by DataVaults could boost the realisation novel services that rely on personal data access and management and could be generalised to be ported to other domains, which contain data that are sensitive, or mission critical.
From a business innovation perspective, DataVaults holds a tremendous potential as it deals with areas that can deliver added value to all the stakeholders involved, deriving directly out of the technical innovations and challenges that the platform will address and of the business concepts that are embedded in the personal data sharing economy. In the personal data domain, big data and analytics is not a novelty, and many companies have capitalised on exploiting personal data that are provided by users over internet-based platforms, such as social media. However, little has been done as stated above to comply with regulations and gain the trust of the data providers, and this is where DataVaults comes as an innovative solution that is able to truly support a data value chain around these and generate a trusted collaboration environment. As such, in terms of business innovations coming out of the use of secure, privacy preserving data access and analytics technologies, the project has a tremendous potential to capitalise on recent advancements and offer the first platform that can operate with the use of such high security and privacy primitives. The methodologies, technology and infrastructure to be designed and developed in the context of the project can be applied in other domains as well and will showcase how data can be treated in a secure, privacy respective and non-intrusive manner.