We are delighted to inform you that Privacy and Sustainable Computing Lab in collaboration with the Institute of Information Systems and New Media (WU Wien) has started the interdisciplinary research project EXPEDiTE. The full title of the project is “EXPloring opportunities and challenges for Emerging personal DaTa Ecosystems: Empowering humans in the age of the GDPR – A Roadmap for Austria“. The Linked Data Lab of the Vienna University of Technology and the NGO OwnYourData are our partners in this project which is funded by the Austrian Research Promotion Agency (FFG). Soheil Human and Dr. Ben Wagner are project leads for EXPEDiTE. Prof. Axel Polleres, Prof. Sarah Spiekermann, and Prof. Gustaf Neumann shape the advisory board of the project. Here is a short description of the project:
In our increasingly digital societies, data is perceived as a key resource for economic growth. Among the highest-valued corporations today, many have business models that are essentially based on data of or about their users. This development has raised serious concerns about individuals’ right to privacy and their ability to exercise control over their own data, as well as about the broader shifts of power between data subjects and data controllers that this development entails. Consequently, European policy makers have passed the General Data Protection Regulation (GDPR), which has imposed stricter regulations on personal data handling practices within the EU.
In parallel, a movement – often associated with the term “MyData” – has emerged in the civil society with the goal to put individuals in control of their personal data. One of the major adoption barriers for such platforms, however, has been the difficulty individuals face in acquiring their personal data from data controllers. The GDPR, which came into effect on March 25, 2018, requires data controllers to provide individuals access to all data they have about them, as well as to facilitate “portability” of that data. These new rights under the GDPR could drive the emergence of “human-cantered” personal data ecosystems, in which individuals’ roles are no longer limited to that of passive “data subjects”, but in which they become active stakeholders that have access to, exercise control over, and create value from their personal data.
However, although the provisions of the GDPR align closely with this vision, it is still largely unclear how they will be implemented by data controllers and whether and how citizens will exercise their digital rights in practice. In the EXPEDiTE project, we will investigate these timely questions, as well as more broadly explore challenges, barriers and drivers for the emergence of human-cantered personal data ecosystems. Furthermore, we will investigate how individuals — once they become able to acquire their personal data – can integrate and analyze it. To this end, we will explore the concept of context-rich personal knowledge graphs that “liberate” data from closed environments, link and enrich it with other available (e.g., open) data, and create insights and value from individuals’ previously dispersed data. Additionally, such graphs have the potential to facilitate innovative products and services without locking individuals into proprietary environments. In this project, we will tackle key technical challenges involved in realizing this vision, including technical interfaces, syntactic and semantic interoperability, and mechanisms that allow users to share data, exercise control over its utilization, and automatically manage consent for the use of their data. The project results will feed into a comprehensive roadmap that will assess the current state of personal data ecosystems in Austria and in the broader international context, synthesize the major challenges and opportunities they face, and outline a path towards human-centered personal data ecosystems.
The main aims of EXPEDiTE can be summarised as follows:
- This interdisciplinary research project aims to resolve key tensions between providing personalized services and the right to privacy, by envisioning new human-centric personal data ecosystems (PDEs) in which personal data can only be collected and processed under the control of the data subject.
- While the right to privacy is not new, the European General Data Protection Regulation (GDPR) will considerably contribute to the implementation of this right and provides new opportunities to study the way in which a balance between the right to privacy can be achieved through data portability or the right to access and modify personal data.
- In this project, we will analyze how GDPR is perceived and implemented in practice, what key barriers hinder its implementation, and how the implementation of GDPR Exploratory Projects can be improved by changing the socio-technical configuration of actors.
- We will use an interdisciplinary approach to develop a roadmap towards human-centric PDEs in Austria, which describes the current state of personal data processing in Austria, conceptualizes technical requirements of human-centric PDEs, develops the concept of personal knowledge graphs, discusses barriers and challenges ahead of human-centric PDEs, and envisions technological, social, and economic opportunities that human-centric PDEs will bring.
- Finally, our project will connect Austria – for the first time – to the global MyData movement which aims to empower humans with their own personal data – enabling novel business models, innovative technologies, and R&D projects that not only benefit citizens within and beyond the borders of Austria, but also foster economic growth while respecting the right to privacy.