beatriz.gesteves@upm.es

Who should I trust with my data? are decentralised technologies the answer to achieving ethical and lawful data governance practices?

About

Find Out More About PROTECT

Protecting Personal Data Amidst Big Data Innovation

PROTECT is an European Training Network (ETN) funded under the EU’s Marie Skłodowska-Curie Actions.

PROTECT researchers are receiving a strongly multidisciplinary training programme in Data Protection Law, Technology Ethics and Knowledge Engineering, spread throughout 3 different Work Packages:

  • WP1 - Privacy Paradigm

    Develop and assess standard forms for privacy policies consistent with GDPR requirements

  • WP2 - Ethics of Personalisation

    Assess and refine existing ethics' assessment tools for emerging technologies

  • WP3 - Processing and Purpose in Personal Data Management

    Expand existing techniques to support the development of legal and technical risk assessments

Webinar

Check out our Webinar

A discussion on rebalancing control between big tech and the citizen and how proposed new EU legislation can support new trust models.

Scenarios

Check the Scenarios discussed during the Think-In events

Discussion scenarios focused on individual and group privacy, third parties that collect and use personal data and solutions to manage the access control to said data.

Jane's Data Pod

Sarah's Android Watch

Results

Summary of the main findings of the PROTECT Think-In Events

Common topics revolve around the enforcement of individual control over data through technological developments such as personal data stores and trust on public entities over private ones for the management of said data.

  • Challenges of EU/non-EU personal data transfers due to technological developments

    Will more regulation address this?

    Current form of terms & conditions/privacy notices is meaningless, and language is too complex

    Avoid turning protecting regulation, such as the GDPR, into a checkbox compliance exercise

    Existence of guiding/recommending bodies that can point out to more “trustworthy” entities

    Involvement of users in the process of creating the privacy notice

    International bodies to go beyond the limits of GDPR

  • Emergence of new data trust schemes

    Ensure explainability to users

    Data subjects trust public entities more than private entities

    Government entities should foster trust

    Collaboration between public and private sectors towards fostering trust

    Public bodies should have control over and oversight data flows

    The reputation of big vs small companies - Create a standard for privacy rating of companies

  • Educate citizens in privacy and data protection

    Different social classes and different attitudes towards controlling data

    Being indifferent to data control due to lack of awareness of the negative consequences of losing control over one's data

    Relevance of “personal” (in particular, family) relations to foster trust in online services

    The reverse of education (from children to parents) about data literacy

    Govern the data of vulnerable data subjects (elderly, mental illness, children, ...)

    Different degrees of trust in social relationships and institution-based relationships

  • The type of data conditions and the desired level of control over it

    Individual (enforceable) control over data through technological developments (personal data stores) could play a great part

    Balance time spent on data managing and convenience of not worrying about it

    Concern about sensitive data types such as health or financial data

    Possibility to share personal data only for certain purposes or to third parties

    Relevance of consent as an enabler of data sharing - Use of dynamic consent and technological developments for it

    Return on investment of providing personal data

    Sharing data only for the people who are not able to make decisions