Navigation path

Trust and Privacy in a Cyber-society

First of all, it is important to underline that PDM (personal data management) and privacy come from a physical world governed by sovereign states within national borders. Dealing with them in a “borderless” digital world needs international agreements and standards.

In 20-30 years the user will be the pivot of the web. Users will be able not just to create contents, but to generate information by means of special filter [1] installed on our devices. A processor will monitor and collect our actions (ingoing outgoing communications, current location, physical movements etc.) and collect on the device this information.  The device then can use this dataset to make inferences and produce content about our preferences as consumer. This data will be anonymous, that is unlinked from personal data. Eventually, we can decide whether or not to share this information with marketing industry. Nowadays, consumers preferences are not disclosed, so marketers try to infer the "consumer profile" by means of  personal data available on the web. That's why personal data are so precious to market industry. Thanks to this special processor they won't.  Imagine a world where consumer preferences were public instead of private information. This world would unlock significant social benefits by reducing the cost of marketer-consumer matchmaking.

Furthermore, by 2030 this problem will no longer exist because personal data management will be “omni-directional” so that people’s right to choose what information to convey about themselves in different contexts will be a fundamental right, protected by global regulation. Basically, "omni-directional" means that users are controlled, but at the same time they can check the data controller. With the help of improvements in biometrics and data encryption (notably the code morphing) it will be impossible for hackers to attack data collected on our devices.

Thanks to global legal framework (developed by means of trans-national agreements) the token and attribute-based credentials will be the standard for identification and accountability of the user. The data minimization will be the basic principle of the PDM. So, the trustworthy infrastructure will be the basis for an omni-directional data management process. It means that the users will be able to effectively control the flow, access and use of their personal data track and auditing the data controller. That is to say users will have the complete control on their personal data and by means of push up notifications will know when their data are being used or checked. 

Key transformative forces:


In the global information society, personal data are increasingly becoming a real asset and thus “the new currency”. Currently, users are not conscious about the value of this kind of information and they disclose them for free. Personal data are more and more becoming the precious row material for services providers and marketing industry. This will lead to economic assessment of personal information where users will be able to track the PDM made by data controller.

Science and technology:

New system architectures that support privacy by design, new security instruments and infrastructures aiming at prevention, protection and recovery are being developed. This will lead to standardisation and harmony in privacy settings management. Thanks to attribute-based credentials access system development we're able to separate personal information from general information. It will become harder and harder to date back to unique identifications. Actions will be separated from persons. Data will be collected as aggregate and not as individual.

Personal life:

Through new forms of social interaction, social platforms and networking as well as through access to Web services and other online activities, we leave behind us life-long trails of personal data in the form of a digital shadow that becomes increasingly difficult to shake off. Users should be able to track and manage all the personal data and – if need be – to choose what to keep and what to delete. This could be made notably by means of dynamic activity log (recently Facebook developed a tool like this) which let the user make queries organised by chronological / topic / key words filters and have a transparent and complete record of his personal data stored on the web.

This future draws elements from the future "The Future of Personal Data and Citizenship".

The results of all brainstormings undergone at the "Ground-breaking Policies for Future Societies" workshop, including this very vision, can be found here

#808080">Leading image courtesy of

[1] Eric Goldman, in the article A Coasean Analysis of marketing (2006)  calls these filters "Coasean filter", reffering to Ronald Coase studies about transaction costs.

Supporting Evidence

Rethinking Personal Data: Strengthening Trust, John Rose and Carl Kalapesi / Boston Consulting Group (

Rethinking Personal Data: Strengthening Trust, World Economic Forum (

The midata vision of consumer empowerment, UK Government Department for Business, Innovation & Skills (

Trust On The Internet: The Solution Is Ahead, Kosta Peric / Forbes (

Trust Frameworks: an opportunity to close the gap on trust, CTRL-SHIFT (

Personal Data: The Emergence of a New Asset Class, World Economic Forum (

The rise of personal volunteered information, William Heath (

Data protection in the EU: the certainty of uncertainty, Cory Doctorow (

Privacy: for who’s eyes only?, Lou Cooper (

Personal data stores: get ready for a step change, Danny Wootton (

  • The current technology evolutions, including Web 2.0, Cloud computing, the social networks, will bring more data collection, a higher persistency of data in digital space, higher scales and more heterogeneity, pervasiveness and increased complexity. This will affect various elements of trust and render its management more difficult. Further development should be made in order to promote standardisation as well as methods for classifying and signalling trustworthiness, based for example on certification, adherence to certain standards, use of specific technologies, and reputation. The legal framework will impose the mandatory transparency on the storage of personal data.
  • Trust relationships are not solely determined, nurtured or shared just on the basis of a ‘programmatic representation’. How can we ensure our online concepts of trust are still perceived as human-centred interactions which occur across a range of different contexts?
  • We may already use a number of tools and services provided to us for free on the basis of a trade-off, that is, we don’t have to pay but we agree to give our data in return. Given how significant some of these services are, how might our relationship with them change in the future if we alter how we’d like our data to be handled? What would the implications be?
  • For wider society to accrue the greatest value from this emergent market, personal data must ‘flow’. How will liquidity be created? How might perverse or inappropriate incentives be guarded against?
  • If regarded as an asset class, personal data is currently perceived as lacking a coherent set of trading rules, behavioural norms and policy frameworks to support it which, in turn, have contributed to a reduction of trust in this area. How can this be overcome? Is this fundamental to the formation of markets in the longer term?
  • The need to face these challenges will lead to considerable improvement in cryptography and biometric authentication technology to access personal data.Nevertheless, one can never fully exclude theft and/or the abuse of credentials. A major mechanism to reduce risk in such cases is to avoid over-identification – the use of identification in contexts where it provides insufficient benefits. This risk should be an opportunity to raise  users’ awareness and sensitivity on the topic.  This is a social improvement that will be achieved. The users’ awareness on valorisation and propertisation of personal data will lead to new and innovative business models based on a different relationship between customer and service provider. Customers will be informed and conscious of this value and could have the chance to “sell” their personal data and to audit (and if need be to report) the data controller’s trustworthiness.
  • Personal data will be subject to change over time and, unlike the ‘one-off’ consumption of physical goods, its value is likely to increase as new data items are added and longer-term patterns and insights are revealed. How might we manage and utilise this dynamic?
  • Companies and governments may begin to use of data to solve a variety of different issues or problems, for example, improving the efficiency of a service. Does this begin to open new forms of remuneration and reward such as benefiting from any cost savings made? How will new forms of value be created?
  • How might providing our personal data to others – without selling it – be of wider social value, for example, donating it to a charity so they can sell it? How might our notions of ownership change in the future?
How are we going to manage our data in the future?
Will technologies allow use to be 100% sure that our data will be safe from hacking?
How can we balance the needs of citizens, industry, regulators and society as a whole, from the various perspectives given?
How to address cross-border, international aspects?
In the future, how do we overcome the existing problem of ‘data leakage’ as a result of poorly designed applications and services?
Why should companies, which can already find and use elements of your personal data for commercial gain, be interested in changing that relationship? What existing conditions have to change or new dynamics emerge? Who will drive these changes?
Will these emerging processes just be a means of using both the digital technologies themselves (and our interaction with them) to drive traditional ‘rent seeking’ economic gain rather than driving innovation towards longer term new value creation?


Underpinning policy ideas

Supporting evidence

Driving trends