As consumer technologies evolve, so do privacy-centric solutions designed to help consumers manage their data and privacy rights.
Personal data stores offer consumers a centralized location to safeguard personal data. Typically, solutions allow individuals to create and manage an inventory of personal data and choose how it can be shared.
However, many of these solutions are yet to become mainstream. And while a centralized store of personal data offers a simple way to manage data and act as the single source of truth should that copy be stolen the impact on an individual’s privacy can be amplified. At the same time, consumer demand for greater data control may serve to incentivize development and adoption of personal data stores, while the potential for insights from personalized dashboards could prove enticing for some.
Data too may continue to be the allure for organizations with the potential to access accurate ‘zero-party data’ — data that has intentionally been created and kept up to date by the individual. However, in the absence of mass adoption by individuals, organizations are unlikely to see the benefits of introducing frictions into existing processes to collect data.
The principle of centralized management of personal data offered by personal data stores can also be seen with data trusts. Defined by The Open Data Institute as ‘a legal structure that provides independent, fiduciary stewardship of data,’ individuals give control of their data to a trustee who decides, on behalf of the individuals, who is able to access and use that personal data, and for what purposes.
Should an organization using personal data provided by the trust fail to comply with privacy requirements, data access can be revoked. The data trusts also prioritize the maintenance of data interoperability while also seeking to ensure that users fully understand the use of their data and have consented to its use.
Data trust development remains nascent, however, with several challenges to overcome, including the need for universal standards for the development of data trusts and the applicability of trust law. Examples such as John Hopkins development of a data trust for medical research show the potential, while the identification of trusts as method to empower individuals to exercise their rights by the European Commission’s ‘A European Strategy for Data’ suggests that data trusts warrant further investigation.
The development, and widespread adoption, of Privacy Enhancing Technologies may further encourage the growth of data trusts via a federated approach, ideally reducing a trust deficit and encouraging more organizations to sign up.
The EU’s General Data Protection Regulation (GDPR) and the development of other privacy regulations globally has helped to formalize data-subject rights, enshrining into law several rights for individuals. Alongside this, the growing number of publicized data breaches and fines have increased consumers’ focus on data privacy.
As such, consumers are becoming more aware of how to exercise their data-subject rights. In response, the data rights-as-a-service industry is allowing individuals to automate their subject access rights, reduce their digital footprint and remove personal data from search engines and other data aggregators, or mask their email identities online.
As emerging technologies pervade into our lives, data rights-as-a-service, offer consumers the chance to exercise their rights in an efficient and automated way.
The excerpt was taken from the KPMG Thought Leadership entitled Privacy Technology: What’s Next.