The EU’s General Data Protection Regulation (GDPR) is a great step forward for privacy online, but it still leaves users with little means to manage exactly how their data is being used. The EU-funded PoSeID-on project aimed to fill this gap with what researchers call a ‘Privacy-Enhanced Dashboard’. With this, users of online services from governments and private organisations can take control of their own data.
“As they use our Privacy-Enhanced Dashboard, people will be granted concise, transparent, intelligible and easy access to their personal data,” says Roberta Lotti, coordinator of the project on behalf of the Italian Ministry of Economy and Finance. “They will know how their personally identifiable information (PII) is being tracked, and by which service. They will control and manage how this data is processed by public and private organisations, and they will very much act as data controllers and/or providers by enabling, restricting or revoking access permissions.”
Securing GDPR compliance
To provide this service, PoSeID-on uses permissioned blockchain and smart contracts – self-executing code that enables contextual guarantee of accountability, transparency and compliance with rights to data protection. All in all, the team created an integrated prototype that is GDPR-compliant and boasts a user-friendly interface, open-source interoperable ICT components that can be integrated with any public or private ICT architecture and, finally, a cloud-based version of the Privacy Enhanced Dashboard as a service. The latter is specifically aimed at organisations which cannot afford their own blockchain or cloud GDPR-compliant tool.
The team tested these solutions with four use cases in France, Italy, Malta and Spain. In France, Softeam developed a Business Process Management Platform called e-Citiz, which enables customers to manage access to their data through a single platform. In Italy, they integrated the platform with the NoiPA Internal Service Provider Platform used by the Ministry of Economy and Finance. The Maltese use case allowed MITA (an organisation in charge of implementing IT programmes for the government) to avoid the resubmission of information to a government entity when it has already been submitted to another. Finally, the Spanish use case saw the Santander City Council testing more efficient digital services with full data management options.
In all of these four countries, users were particularly pleased with the outcomes. “For citizens, PoSeID-on is an empowering tool,” adds Lotti. “They are finally able to control their personal data and have a clear overview of the consent they provided, and the data shared with third parties. At the same time, they enjoy the possibility of withdrawing such permissions at any point in time.”
The process is smooth and user-friendly, which is also a strong point. To access the cloud-based dashboard, citizens can use standard electronic IDentification (eID) accounts. Once connected, users will immediately see global and service-specific risk scores indicating levels of privacy exposure. It’s then up to them to decide which of these services can retain access to their data.
Public and private organisations stand to benefit as well. Public bodies can integrate new services into the platform to make traditional procedures simpler and more transparent. Meanwhile, businesses can speed up innovation through more efficient tools centred on users’ needs and expectations, while ensuring full compliance with current policies and regulations.
Citizens take back control
In the future, Lotti sees PoSeID-on contributing to enhance the security of public e-services and improve digital processes. “PoSeID-on will keep extending its user base, tools and services ecosystem to reach a much broader spectrum of EU citizens and organisations. It will eventually be known for safeguarding fundamental rights, giving control back to citizens, and ensuring the EU’s role as an independent global leader of digital transformation,” she explains.
JIBE has already developed a new platform called dataU based on PoSeID-on work and expects to secure up to six customers to work on platform validation by the end of the year. The company hopes to reach 1.9 % of the total European population within 5 years.