Apr 25, 2011
Personal Data Service
From Paul Trevithick:
What is the problem this idea addresses, why does it matter?
To create the kind of society that most people want, personal data must be be managed differently than it is today. Adaptations to technical, operational, and regulatory aspects of the Internet are necessary to ensure better protection and privacy for personal data.
What is the goal of the idea?
To change some of the data architecture and policy layers of the Internet in order to enable the individual to control the storage and dissemination of his personal information. Taken together these changes can bring about the end of today’s personal data feudalism.
How does the idea work?
There are technical, operational and regulatory aspects to what must be changed.
In terms of the technical aspects, every person must have access to a personal data service that provides a central point of control (i.e. a dashboard) for that person’s physically distributed data. To genuinely shift control to the individual at least some of the places where personal data is stored must hold only encrypted attribute values (so-called translucent storage) with the individual in exclusive possession of the encryption key.
Operationally, networks of people and services must have the ability to adhere to multiple trust frameworks, each of which includes rules for data schemas, roles, authentication methods & levels, auditing, compliance, etc. As far as possible the policies of these trust frameworks must be machine, lawyer and human readable.
Regulations must be changed to make it illegal for anyone (except law enforcement) to cache personal data by another actor for more than 24 hours.
