From Data Citizen to Data Subject (DSDC)

There is strong evidence that citizens will participate more actively and wholeheartedly in the “information society” if they have more access to and control over what information is held about them, by whom and where. The potential benefits of such data citizenship are manifold: increased data quality, reduced risks and payload from identity theft, improved transaction quality, reduced data maintenance costs, improved trust and so on. Using a soft systems approach, this project aims to deliver a system for enabling such control. The method is multidisciplinary, bridging technical, legal and social issues.

The key outputs will be:

* Multidisciplinary model for understanding and computing the risks involved in operating such a system both to the citizen and to the data holding organisation.socio-technical specification of the necessary
* Infrastructure for constructing such a system.
* Conceptual framework of the use case scenarios for such systems
* Implemented exemplars


Given the increasing complexity and interconnection of services handling personal data, the growing public perception is that businesses’ and organisations’ abilities to protect privacy is increasingly inadequate. Further, due to increases in regulation and litigation this will eventually become a costly risk.The vision is to make giving consent for the use, storage and sharing of personal data as easy as turning on a tap, and to make revoking it as easy as turning it off. The project proposal is focused on the issue of providing more rigorous means for individuals to grant and revoke their consent, taking an end to end view that enmeshes technological, procedural and regulatory development. The challenge is achieving this across varying scales of infrastructure, and diverse current and future devices, to provide transparent and robust direct user control over this consent and revocation process.The main exploitable outputs of this proposal are intended to be:

* Technologies (architectures and components).
* Validating prototypes (products and/or services).
* Best practices/standards/compliance regimes and a two way dialogue that informs a regulatory/legislative regime development process.

Our consortium includes UK industrial partners with capabilities and services across a wide range of business, thus providing a basis for rollout of the project’s results.


Visualisation and Other Methods of Expression (VOME) is a research project that aims to reveal and utilise external representations of end users’ ideas and concepts surrounding privacy and consent.

End user engagement with privacy issues is vital if we are to achieve truly informed consent but there is no denying that this has proved difficult to achieve. Concepts of privacy and consent are complex and highly dependent on the social, political and economic context in which electronic transactions occur. Our aim is to exploit methodologies from a range of disciplines and, by mediating between them, develop a richer dialogue with end users. Our consortium members give us access to a large group of end users with whom we plan to engage in a longitudinal study. This will result in a circular engagement between developers and end users that will be validated through a clearer understanding of the risks faced in this environment. In turn this will facilitate end users’ interaction with technology and the capture of more granular requirements for hardware and software that supports end users’ expectations of privacy and consent.

Privacy Value Networks (pvnets)

The key pvnets goal is to generate a detailed understanding of ndividuals’ and organisations’ conceptions of privacy and identity cross a range of contexts and timeframe. We will obtain rich empirical data on users, organisations, identity and privacy using a range of in-depth innovative privacy-sensitive methods and evaluation techniques.

At the same time we will advance the state of the art in these methodologies, which is particularly important in a field that has so far proven extremely difficult to study due to the reluctance of privacy-sensitive individuals to participate in such investigations.

The project will be rigorously user-centric and based around the principle of genuine user participation and involvement. We will study people’s attitudes, values and behaviour in a number of domains through research around five different case studies: financial exclusion; sensor-enhanced Facebook; mobile families; biographical footprint interviews and a collaborative case study with another EPAC project
(currently being finalised).


While it is possible for the same technology to address this crisis of confidence in both public and private contexts, the Personal Policies Leveraging Compliance (PPL-C, pronounced “People See”) project is being modelled first to deal with the former and a particularly pressing problem for privacy and consent today: that is, cases in which individuals are not entitled to know details about the international transfer of their personal data due to government’s need for concealment. These transfers might occur, for example, as part of intergovernmental cooperation to deal with cybercrime, money laundering, terrorism, or the spread of infectious disease.

In this situation, what is needed is a technically competent “trusted intermediary” to look after the interests of all stakeholders and to ensure that personal data receives proper protection. In this way, people will know that the rule of law applies, and trust in the information society will grow. Therefore, the main objective of PPL-C is to demonstrate a policy compliant system that can bridge the gap between, on the one hand, the current practices in the treatment of personal data as it flows internationally, and on the other, the need for public confidence in these processes. Specifically, PPL-C will demonstrate a policy driven system that enables the parties involved in the transfer of personal data to ensure that the data flows across borders only as the law of the person’s home country permits. Legal policies governing the transfer of data will be expressed in easy-to-manage, machine-readable and enforceable terms; a trusted intermediary will be able to audit that the data has been treated appropriately; and with this transparency, people will have an opportunity for redress and restitution when something goes wrong.


One Response to “Possible Projects”

  1. this is really useful to get some ideas on possible new projects which can be taken up by research organisations.
    Would like some ideas as some of theese projects can be taken up in SETS (email at no-profit basis)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: