Posted on: Friday 6th of December 2013
At the Privacy by Design User Forum in Toronto, attending Founding Partners from the Respect Network, the world’s first peer-to-peer network for personal and business clouds, today named Ontario’s Information and Privacy Commissioner Dr. Ann Cavoukian as the network’s first Honorary Architect.
The occasion was not only the conference, but also the release of a ground-breaking paper “Big Privacy: Bridging Big Data and the Personal Data Ecosystem through Privacy by Design” co-authored by Commissioner Cavoukian and Respect Network Corporation’s CEO Drummond Reed. I had the honor of contributing to it from the Respect Network side as we took it from the inception of an idea to a completed project. It has been a fascinating journey.
The paper analyzes the privacy challenges of Big Data and how they can be overcome by applying the 7 principles of Privacy by Design on a macro scale, resulting in a set of systemic protections for personal data called Big Privacy.
We started with Dr. Cavoukian’s premise (itself one of the PbD principles) that the solution must create a “positive sum” or win-win outcome. We had to create a technology framework powerful and flexible enough to bridge the principles of Privacy by Design with the unique needs of Big Data. And I think we accomplished that with the following framework of 7 mutually-reinforcing architectural elements.
1) Personal clouds linked into personal cloud networks manifest a real, active Personal Data Ecosystem; they are virtual compute capabilities and apps that provide individuals with what Dr. Cavoukian likes to call “radical control” to proactively protect personal information and engage as peers with other personal clouds or business clouds on the individual’s terms.
2) Semantic data interchange gives individuals fine-grained information sharing control and enables personal cloud services to attach privacy preferences and policies to the data in a standard, interoperable and machine-readable form.
3) Trust frameworks provide transparent, open governance of personal cloud network ecosystems where individuals, organizations and service providers are members, contractually binding them to respect the rules and tools established by the trust framework.
4) Identity and data portability provides the ultimate guarantee that individuals and organizations-not their service providers-control their own data.
5) Data-by-reference (or subscription) enables individuals or organizations to change their minds about how their data may be used-for example, by revoking the rights of a Big Data system to analyze their data.
6) Accountable pseudonyms allow individuals to express themselves freely but with a certain discretion, remaining within the context of what is legally acceptable.
7) Contractual data anonymization provides a way for valuable Big Data systems to operate in compliance with all privacy regulations and personal preferences, allowing patterns to be found on an aggregate level without the need for identifiable personal data.
This architecture may sound futuristic, but the paper also describes a contemporary Exemplar. Next year the Founding Partners of Respect Network will launch a network for personal clouds and business clouds leveraging Extensible Data Interchange (XDI, a semantic data interchange standard) under the governance of the Respect Trust Framework. These three core foundational elements will in turn enable the remaining four architectural elements. Big Privacy is closer than you think!
‘Big Privacy: Bridging Big Data and the Personal Data Ecosystem through Privacy by Design’ is available here.
short link: http://bit.ly/1cWkP4o
Dan Blum is Principal Consultant and Chief Security and Privacy Architect at the Respect Network.