Image

BLOG

PIMcity will design, build, validate and demonstrate a system of easy-to-use components to make up a PIMS – Personal Information Management Systems – development kit at the service of final users and internet commercial or advertising services.
The web economy has been revolutionized by unprecedented possibility of collecting massive amounts of personal data to be used for commercial purpose. This change has deep consequences for users, who, deprived of any negotiation power, are compelled to blindly provide their data for free access to online services.

New technologies for an effective control and use of personal data on the web

PIMCity will design, build, validate and demonstrate a system of easy-to-use components to make up a PIMS – Personal Information Management Systems – development kit at the service of final users and internet commercial or advertising services.

The web economy has been revolutionized by unprecedented possibility of collecting massive amounts of personal data to be used for commercial purpose. This change has deep consequences for users, who, deprived of any negotiation power, are compelled to blindly provide their data for free access to online services.

Personal Information Management Systems (or PIMS) are systems that allow individuals to get back control over their personal data. Using PIMS, it is possible to manage personal data in secure storage systems and share them when and with whom we choose. Providers of online services and advertisers will need to interact with the PIMS if they plan to exploit individuals’ data. This can enable a better control of personal information and new business models. For the PIMS approach to succeed for individuals and the market, it is crucial to experiment more intensely and efficiently different PIMS models.

PROJECT DESCRIPTION

PIMCity project will build, validate, demonstrate and test easy to use components in a PIMS development kit, accelerating the quest of the right PIMS to obtain a fair and transparent web data economy. Two different demonstrators will be developed: one addresses final users (B2C) and one to companies (B2B).

PIMCity offers tools to change this scenario. First, we implement a PIMS development kit (PDK) to commoditize the complexity of creating PIMS. This lowers the barriers for companies and SME to enter the web data market. Second, we design and deploy novel mechanisms to increase users’ awareness: (i) the Transparency Tags (TT) show users essential information about the services they access, in a simple and easy to understand manner; (ii) the Personal Data Avatar (PDA) is an intuitive means for users to control the information shared to third parties. Third, we demonstrate the effectiveness of the above tools by engineering EasyPIMS, our fully-fledged PIMS. We commit to build the largest-ever transparent data marketplace implementing and demonstrating EasyPIMS with hundred thousand end-users, collaborating with advertisers and operators in the web market.

Impact on society
PIMCity project will provide trusted, fair, and regulation-compliant tools for building or extending Personal Information Management Systems. This effort will contribute in a decisive manner to the creation of new services for the secure sharing of personal data, toward a transparent online economy. The new instruments will be useful to citizens to become aware about online personal data and its value, to take control over what happens to their data, possibly allowing them to monetize it. At the same time, online advertisers will be incentivized to adapt their methods and workflows for rightfully and transparently collecting data about users’ interests.

We strongly believe that an open market for data will only flourish if we stop the arms race between users and services. For this, PIMCity includes in the research consortium final users associations, publishers, technology companies to blend technological, legal and economic competences in a multidisciplinary RRI (Responsible Research and Innovation) oriented approach.

International partners
PIMCity has all these players in our consortium, along with leading IT companies and data providers, renowned research centres and universities, and SMEs already in the market of PIMS. The project will finally enable the emergence of transparent digital data markets.
• NEC Laboratories Europe GmbH, Germany
• Ermes Cyber Security SRL, Italy
• Fundación IMDEA Networks, Spain
• Universidad Carlos III de Madrid, Spain
• Telefónica Investigación y Desarrollo SA, Spain
• Fastweb SPA, Italy
• LSTECH ESPANA SL, Spain
• Katholieke Universiteit Leuven, Belgium
• Asociación de Usuarios de Internet, Spain
• Interactive Advertising Bureau Spain, Spain
• Big Data Analytics SA, Argentina

This article explores the characteristics of the main models of data exploitation: the APIS model that arises through the different organizations and companies that provide services and that take advantage of the data they have of their users, the Aggregation model of the platforms based on offering free services of high added value for the users in exchange for collecting and exploiting the data obtained for the development of businesses based on the personalization and finally the PIMS model centered in the user that allows that he is the one who has the control of his personal data.

This article explores the characteristics of the main models of data exploitation: the APIS model that arises through the different organizations and companies that provide services and that take advantage of the data they have of their users, the Aggregation model of the platforms based on offering free services of high added value for the users in exchange for collecting and exploiting the data obtained for the development of businesses based on the personalization and finally the PIMS model centered in the user that allows that he is the one who has the control of his personal data.

Personal Information Management Systems (or PIMS) are systems that help give individuals more control over their personal data. PIMS allow individuals to manage their personal data in secure, local or online storage systems and share them when and with whom they choose. Providers of online services and advertisers will need to interact with the PIMS if they plan to process individuals’ data. This can enable a human centric approach to personal information and new business models.

Figure: In the API ecosystem model (left), if the number of services increases, the number of connections will increase even faster. Centralising data management to platforms (middle) facilitates application development, but there is no incentive for different platform players to seek interoperability between platforms. Compared to the platform model, the PIMS operators infrastructure (right) is robust and scalable because it is not dependent on any one organisation providing the infrastructure.

The API ecosystem model

Application programming interfaces (APIs) allow connecting different individual services in an agile manner. The resulting ecosystem promotes the flow of information, creates new business and accelerates digital service development. Generally, the motive for organizations to develop public APIs is to position their own service as central to the broader service portfolio as possible. However, the features and technologies of interfaces vary greatly, which makes the integration of APIs between different individual service providers time-consuming and tedious.

The ease of integrating different APIs will certainly improve over time. From the point of view of human-centric control of personal data, the problem with this kind of an ecosystem is the large number of services, the mesh of connections be-tween them, and the following difficulty for people to understand how data about them is used. The only way to get a complete picture on how data about you flows between services is to log in to each service individually and look for a settings view that shows which other services have been granted permission to read data through the interface. Separate management of a few services is still possible, but with in-creasing digitalisation, every brand and service wants to establish its own digital customer relationship with the consumer, involving the collection and sharing of data. Suddenly people are involved in hundreds or thousands of managed relation-ships, and the need for infrastructure to manage data flows and digital relationships becomes evident.

Platform model

In the absence of infrastructure for managing and transmitting personal data based on open standards, individual companies operating globally are expanding their own personal data ecosystems and are seeking to become de facto standards through their sheer user volume. Common to the organization centric ecosystems created by these platform economy giants is that the data flows seamlessly within the ecosystem built around the central enterprise platform and the user identity it provides, but only to a limited extent outside of that ecosystem. There is a risk that new players will be prevented from entering the market altogether.

The platform model is also utilized in some sectors to enable the sharing of data collected by multiple actors. The health sector has many examples of this in various countries. In such a structure, companies or public authorities establish a common platform for the transmission of data. Centralization promotes the pooling of data and speeds up the development of new use cases for data, but at the same time the system becomes dependent on a single actor who defines the objectives and ways of doing things.

People’s access to and control of the data about them may not be realized with platforms which are primarily designed to support the business models of the central organization or to facilitate exchange data between organizations within a single sector. For example, online advertising companies operate in networks where few aggregator companies facilitate the movement of personal data, but with the objec-ive is not to meet people’s needs, but rather the needs of the ad tech companies in the network.

The PIMCity operator model

In the human-centric PIMS operator model, a person acts as the point of integration regarding the data about them. In this model, a person can control the use of personal data about them across services by granting or denying access to data or by assigning services to act on their data. Some people could run the necessary technology in a secure way themselves, but most will want to rely on external service providers. These service providers offer tools for people and organizations to manage multiple types of personal data coming from multiple sources.

The key difference with the platform model is that, in the PIMS model, there are many service providers that together form ecosystems in which personal data is shared with high levels of trust. The infrastructure is not based on centralizing user information to a single service, as in the platform model. Instead, the participants in the ecosystems have common standards, policies, and governance that enable interoperability and data portability. This could be compared to, say, a network of banks. Instead of being able to transfer payments only between its own customers, the banks form an international network where payments can be made between customers of different banks.

The European Commission laid down a strategic pathway to leverage data in the best possible way for the sake of the European citizens and the Digital Single Market. The Data Strategy and the White Paper on Artificial Intelligence are the first pillars of the new digital strategy of the Commission.

The European Commission laid down a strategic pathway to leverage data in the best possible way for the sake of the European citizens and the Digital Single Market. The Data Strategy and the White Paper on Artificial Intelligence are the first pillars of the new digital strategy of the Commission.

In fact, the new European data governance strategy foresees a situation where the EU will become a player in the monetization of European citizen’s personal data with the full consent of those citizens that have no objection to providing that data to organizations. That said, close to 500 million people in Europe could become a data source for governments, public bodies and private companies, effectively creating the biggest data marketplace in the world.

The first initiative is called the Trusts Project which is due to be in place by 2022. This involves the creation of a European-wide pool of personal and non-personal data that will be accessible by businesses and technology companies through a system of trusts. While they will not be able to move that data, businesses will be able to use it, although terms of usage and what they will have to offer in exchange have not yet been decided.

The EU data market trust would both create a level of anonymity for the individual and a means by which an individual would be paid for their data. This trust would hamper the capabilities of third parties to re-identify and sell data that would have otherwise been personally identifiable.

Citizens should be empowered to make better decisions based on insights gleaned from non-personal data. And that data should be available to all – whether public or private, big or small, start-up or giant. This will help society to get the most out of innovation and competition and ensure that everyone benefits from a digital dividend. This digital Europe should reflect the best of Europe - open, fair, diverse, democratic, and confident.

The EU can become a leading role model for a society empowered by data to make better decisions – in business and the public sector. To fulfil this ambition, the EU can build on a strong legal framework – in terms of data protection, fundamental rights, safety and cyber-security – and its internal market with competitive companies of all sizes and varied industrial base. If the EU is to acquire a leading role in the data economy, it has to act now and tackle, in a concerted manner, issues ranging from connectivity to processing and storage of data, computing power and cybersecurity. Moreover, it will have to improve its governance structures for handling data and to increase its pools of quality data available for use and re-use.

Ultimately, Europe aims to capture the benefits of better use of data, including greater productivity and competitive markets, but also improvements in health and well-being, environment, transparent governance and convenient public services. The measures laid out in this paper contribute to a comprehensive approach to the data economy that aim to increase the use of, and demand for, data and data-enabled products and services throughout the Single Market.

This European Data Strategy creates the vision of a European data space which adheres to rules that are directly derived from fundamental European values. It envisages the "flow of data within the EU and across sectors" and is based on the fair principles when it comes to the access, management, and use of data. The EU will become an attractive, secure and dynamic data economy by setting clear and fair rules on access and re-use of data, investing in next generation standards, tools and infrastructures to store and process data, joining forces in European cloud capacity, pooling European data in key sectors, with EU-wide common and interoperable data spaces and giving users rights, tools and skills to stay in full control of their data.

Bibliography

A real case – a business man returning to a hotel room and checking their data impact account. Human centricity and why is needed- refer to Nikos IEEE paper. Advent and role of PIMS – challenges and refer the opinion of the European Commission.
Value of personal data is uncertain (refer to studies) and traditional economic theory does not work. Could personal data protection by one of the pillars of a new HCDE in the same way as private property protection was key to the development of capitalism?

Ralph stepped out of the elevator and headed to his apartment. He pushed a broken light bulb notification using his O&M app before the door closed after him. A tiring day indeed, but fortunately he managed to boost his Data Impact Score thanks to the last report and data he delivered last week. For sure he had secured a meaty bonus this month, and this time the result was truly remarkable. “Consent to share info to get a dinner recommendation?”, the message popped up in his cellphone. He clicked “Yes” and asked also for a personalized film suggestion. However, he was cautious to avoid sharing any information to news dealers: he hated skewed news and usually preferred a more generic feed. After recommending the restaurant that served the meal, he checked his personal impact feed on his personal data vault manager. Good news! His recommendations and reviews were followed, and sharing his location while driving was especially fruitful and yielding benefits this week. He lied on the sofa, browsed the list of movies, and selected an old documentary, “The Social Dilemma”.

Data is an increasingly relevant production factor and a foundation of the web economy. Traditional data-driven service providers have built the biggest companies in history by collecting, enriching and processing huge amounts of information. According to the DataLandscape portal of the EU and IDC, 290k data suppliers in the EU plus the UK have generated 84 Billion Euro in 2019, and will grow 6%-11% in the period 2021-2025.

As demand for data grows, general-purpose marketplaces such as AWS, Advaneo, Data Intelligence Hub or Dawex have entered into scene. They are being challenged by niche marketplaces which cover data sourcing for innovative purposes, such as feeding AI / ML algorithms (Mechanical Turk, DefinedCrowd), IoT real-time sensor data (IOTA, Ocean Protocol / DEX, Datapace), or targeting specific industries and applications (e.g. Caruso for the connected car or Veracity for Energy and transportation industries). Not surprisingly, some leading data management platforms (Snowflake, Cognite) and niche digital solutions (Carto, Openprise) are integrating data exchange, and even specific data marketplace functionality into their systems.

Although users are compensated by being provided access to the services they offer, a growing number of experts (see Jaron Lanier’s “Who owns the future?” book or Nikolaos Laoutaris’ article “Why Online Services Should Pay You for Your Data?” in the scientific journal IEEE Internet Computing) is claiming protection for personal data, and additional direct compensations for consenting to its use by data service providers for each specific purpose. New legislative developments such as the General Data Protection Regulation (GDPR) in the EU or the California Consumer Privacy Act (CCPA) are aimed, among others, to this specific purpose.

This legislative context has spurred the development of Personal Information Management Systems (PIMS) empower individuals to take control and manage their personal data, stored by ISPs. Some of them (e.g. Wibson, GeoDB, MyDex or Airbloc) offer marketplace capabilities so individuals are able to make some money, or get rewards for exchanging their PI.

A human-centric data economy requires that individuals are compensated by companies for their data in proportion to the benefits that such data produce for the overall economy. Not only is this a compensation for the negative externality of privacy loss, but a way to improve the quality of data in the Internet, and eventually make the current economic model sustainable, as well. According to the EC, PIMS “deserves consideration, support and further research with a view to contributing to a sustainable and ethical use of big data and to the effective implementation of the principles of the recently adopted GDPR”.

Different studies have been conducted in order to estimate what the value of data is. From the users’ perspective, economic experiments, surveys and polls reveal that users really ignore what the value of data is. Moreover, the value of data is closely related to the context in which it is used (e.g. eBay estimated that a 15\% improvement on the recommender system translated into 6\% increase in revenues ), and this value is not tied to its volume . Only by increasing data trading and exchange will the market build a solid answer to this question.

The fact that data is a public (non-rival, non-excludable) good, and the decreasing cost of harvesting and processing it, are undeniably leading to a free-rider problem in the Internet. It is not clear how this will fire back to data-driven companies: will the abuse of companies end up raising the concern of people about their privacy being violated and reduce web use? will the quality of data, and thus their utility for these companies, degrade in time? PIMS and data marketplaces are named to contribute to changing this situation, by building a sustainable human-centric data economy, and addressing the question of how valuable your personal data is.

Santiago Andrés Azcoitia, PhD Student IMDEA Networks
Sept 2020

This Opinion explores the concept of technologies and ecosystems aiming at empowering individuals to control the sharing of their personal data (‘personal information management systems’ or ‘PIMS’ for short). Our vision is to create a new reality where individuals manage and control their online identity. Our aim to transform the current provider centric system into a hiucmsaynstecmentwr here individuals are protected against unlawful pro­cessing of their data and against intrusive tracking and profiling techniques that aim at circumventing key data protec­ tion principles.

The full text of this Opinion can be found in other languages at the EDPS website

Executive Summary
This Opinion explores the concept of technologies and ecosystems aiming at empowering individuals to control the sharing of their personal data (‘personal information management systems’ or ‘PIMS’ for short).

Our vision is to create a new reality where individuals manage and control their online identity. Our aim to transform the current provider centric system into a human centric system where individuals are protected against unlawful processing of their data and against intrusive tracking and profiling techniques that aim at circumventing key data protection principles.

This new reality will be facilitated by the modernised EU regulatory framework and the possibilities offered by vigorous joined-up enforcement by all relevant supervisory and regulatory authorities.

The recently adopted General Data Protection Regulation (GDPR) strengthens and modernises the regulatory framework so that it remains effective in the era of big data by strengthening individuals’ trust and confidence online and in the Digital Single Market. The new rules, including those on increased transparency and powerful rights of access and data portability, serve to allow users more control over their data, and may also help contribute to more efficient markets for personal data, to the benefit of consumers and businesses.

Most recently we have issued an Opinion on effective enforcement of fundamental rights in the age of big data. This highlights current market conditions and business practices that create obstacles for effective exercise of individuals’ rights to the protection of their personal data and other fundamental rights, and calls for stepping up concerted and consistent enforcement of competition, consumer protection and data protection laws. We hope that this increased enforcement will serve to create market conditions in which privacy-friendly services can thrive. The approach in this Opinion aims at strengthening fundamental rights in our digital world at the same time as opening new opportunities for businesses to develop innovative personal data based services built on mutual trust. PIMS promise to offer not only a new technical architecture and organisation for data management, but also trust frameworks and, as a result, alternative business models for collecting and processing personal data in the era of big data, in a manner more respectful of European data protection law.

In this Opinion, we briefly describe what PIMS are, what problems they are intended to solve, and how. We then analyse how they can contribute to a better protection of personal data and what challenges they face. Finally, we identify ways forward to build upon the opportunities they offer. For new data protection business models to thrive, additional incentives for the service providers offering them may be necessary. It should be explored, in particular, which policy initiatives could motivate data controllers to accept this way of data provision. Furthermore, an initiative by public services to accept PIMS as a data source instead of direct data collection could add critical mass to the acceptance of PIMS.

The emerging landscape of PIMS, aiming at putting individuals and consumers back in control of their personal data, deserves consideration, support and further research with a view to contributing to a sustainable and ethical use of big data and to the effective implementation of the principles of the recently adopted GDPR.

Day by day, the importance of personal data in society is increasing. For this reason, is urgent to make sure individuals are in position to know and control their personal data, but also to gain personal knowdlegde from them and to claim their share of their benefits. MyData pursues that goal, a network of 90 organisations and 600 individuals. MyData is working to empower individuals with their personal data, helping them develop knowledge, make informed decisions and interact more consciously and efficiently with each other as well as with organisations.

Today, the balance of power is massively tilted towards organisations, who alone have the power to collect, trade and make decisions based on personal data, whereas individuals can only hope, if they work hard, to gain some control over what happens with their data. The shifts and principles that we lay out in this Declaration aim at restoring balance and moving towards a human-centric vision of personal data. We believe they are the conditions for a just, sustainable and prosperous digital society whose foundations are:

Trust and confidence, that rest on balanced and fair relationships between people, as well as between people and organisations;
Self-determination, that is achieved, not only by legal protection, but also by proactive actions to share the power of data with individuals;
Maximising the collective benefits of personal data, by fairly sharing them between organisations, individuals and society.

1. MYDATA SHIFTS: WHAT NEEDS TO CHANGE
Our overriding goal is to empower individuals to use their personal data to their own ends, and to securely share them under their own terms. We will apply and practice this human-centric approach to our own services, and we will build tools and share knowledge to help others do the same.

1.1. FROM FORMAL TO ACTIONABLE RIGHTS
In many countries, individuals have enjoyed legal data protection for decades, yet their rights have remained mostly formal: little known, hard to enforce, and often obscured by corporate practices. We want true transparency and truly informed consent to become the new normal for when people and organisations interact. We intend access and redress, portability, and the right to be forgotten, to become “one-click rights”: rights that are as simple and efficient to use as today’s and tomorrow’s best online services.

1.2. FROM DATA PROTECTION TO DATA EMPOWERMENT
Data protection regulation and corporate ethics codes are designed to protect people from abuse and misuse of their personal data by organisations. While these will remain necessary, we intend to change common practices towards a situation where individuals are both protected and empowered to use the data that organisations hold about them. Examples of such uses include simplifying administrative paperwork, processing data from multiple sources to improve one’s self-knowledge, personalised AI assistants, decision-making, and data sharing under the individual’s own terms.

1.3. FROM CLOSED TO OPEN ECOSYSTEMS
Today’s data economy creates network effects favoring a few platforms able to collect and process the largest masses of personal data. These platforms are locking up markets, not just for their competitors, but also for most businesses who risk losing direct access to their customers. By letting individuals control what happens to their data, we intend to create a truly free flow of data – freely decided by individuals, free from global choke points – and to create balance, fairness, diversity and competition in the digital economy.

2. MYDATA ROLES: WHO DOES WHAT
Please note: “Roles” are not “Actors” an individual or organisation may fulfill one or more roles at once.

MYDATA ROLES

PERSON
An individual that manages the use of their own personal data, for their own purposes, and maintains relationships with other individuals, services or organisations.

DATA SOURCE
A data source collects and processes personal data which the other roles (including Persons) may wish to access and use.

DATA USING SERVICE
A data using service can be authorised to fetch and use personal data from one or more data sources.

PERSONAL DATA OPERATOR
A Personal Data Operator enables individuals to securely access, manage and use their personal data, as well as to control the flow of personal data with, and between, data sources and data using services. Individuals can be their own operator. In other cases, operators are not using the information itself, but enabling connectivity and secure sharing of data between the other roles in the ecosystem.

3. MYDATA PRINCIPLES: WHAT WE WANT TO ACHIEVE
In order to produce the shifts that are needed for a human-centric approach to personal data, we commit to working towards and advocating the following principles:

3.1 HUMAN-CENTRIC CONTROL OF PERSONAL DATA
Individuals should be empowered actors in the management of their personal lives both online and offline. They should be provided with the practical means to understand and effectively control who has access to data about them and how it is used and shared.

We want privacy, data security and data minimisation to become standard practice in the design of applications. We want organisations to enable individuals to understand privacy policies and how to activate them. We want individuals to be empowered to give, deny or revoke their consent to share data based on a clear understanding of why, how and for how long their data will be used. Ultimately, we want the terms and conditions for using personal data to become negotiable in a fair way between individuals and organisations.

3.2 INDIVIDUAL AS THE POINT OF INTEGRATION
The value of personal data grows exponentially with their diversity; however, so does the threat to privacy. This contradiction can be solved if individuals become the “hubs” where, or through which cross-referencing of personal data happens.

By making it possible for individuals to have a 360-degree view of their data and act as their “point of integration”, we want to enable a new generation of tools and services that provide deep personalisation and create new data-based knowledge, without compromising privacy nor adding to the amount of personal data in circulation.

3.3 INDIVIDUAL EMPOWERMENT
In a data-driven society, as in any society, individuals should not just be seen as customers or users of pre-defined services and applications. They should be considered free and autonomous agents, capable of setting and pursuing their own goals. They should have agency and initiative.

We want individuals to be able to securely manage their personal data in their own preferred way. We intend to help individuals have the tools, skills and assistance to transform their personal data into useful information, knowledge and autonomous decision-making. We believe that these are the preconditions for fair and beneficial data-based relationships.

3.4 PORTABILITY: ACCESS AND RE-USE
The portability of personal data, that allows individuals to obtain and reuse their personal data for their own purposes and across different services, is the key to make the shift from data in closed silos to data which become reusable resources. Data portability should not be merely a legal right, but combined with practical means.

We want to empower individuals to effectively port their personal data, both by downloading it to their personal devices, and by transmitting it to other services. We intend to help Data Sources make these data available securely and easily, in a structured, commonly-used and machine-readable format. This applies to all personal data regardless of the legal basis (contract, consent, legitimate interest, etc.) of data collection, with possible exceptions for enriched data.

3.5 TRANSPARENCY AND ACCOUNTABILITY
Organisations that use a person’s data should say what they do with them and why, and should do what they say. They should take responsibility for intended, as well as unintended, consequences of holding and using personal data, including, but not limited to, security incidents, and allow individuals to call them out on this responsibility.

We want to make sure that privacy terms and policies reflect reality, in ways that allow people to make informed choices beforehand and can be verified during and after operations. We want to allow individuals to understand how and why decisions based on their data are made. We want to create easy to use and safe channels for individuals to see and control what happens to their data, to alert them of possible issues, and to challenge algorithm-based decisions.

3.6 INTEROPERABILITY
The purpose of interoperability is to decrease friction in the data flow from data sources to data using services, while eliminating the possibilities of data lock-in. It should be achieved by continuously driving towards common business practices and technical standards.

In order to maximise the positive effects of open ecosystems, we will continuously work towards interoperability of data, open APIs, protocols, applications and infrastructure, so that all personal data are portable and reusable, without losing user control. We will build upon commonly accepted standards, ontologies, libraries and schemas, or help develop new ones if necessary.

4. ACTIONS: WHAT SHOULD HAPPEN NOW
Sign the Declaration, as an individual and/or as an organisation. This Declaration is written in the future tense: if your organisation isn’t quite there, but is committed to moving into this direction, it should still sign it!
Comment on the Declaration. This Declaration will evolve over time, based on your ideas and practical experience. There will be an initial review after 6 months.
Use the Declaration to further your own projects and intentions. Base your trust framework, or your terms of services, on it. Use it to lobby and convince clients, partners, stakeholders etc.

REFERENCES
This Declaration of Principles draws upon many sources of inspiration, the most significant ones being:

- The MyData Principles (Open Knowledge Finland)
- The MesInfos Self Data Charter (Fing)
- The Project VRM Principles (Project VRM)
- The ODI data sharing principles (Open Data Institute)
- The Personal Data Ecosystem Roles & Definitions (PDEC)

La percepción que los usuarios tenemos sobre tratamiento de nuestros datos personales está en plena evolución y debemos de ser capaces de encontrar respuestas y soluciones que generen confianza en un entorno, el digital, que necesita de estos datos para prestar nuevos servicios que den respuestas personalizadas y adaptadas a cada uno de nosotros. En este articulo lo analizamos en detalle y te proponemos algunos documentos que te ayudaran a entender como esta cambiando.

Si analizamos las encuestas y trabajos de investigación que se ocupan de medir las percepciones de confianza observamos un interesante cambio de tendencia. Hasta hace poco la falta de confianza era mayor hacia los organismos públicos que hacia las empresas u organizaciones privadas algo que ha empezado a cambiar a raíz de irse conociendo sucesivos usos fraudulentos o abusivos sobre datos personales y privados de todos los ciudadanos por empresas relacionadas con internet y las nuevas tecnologías.

Si bien la confianza de los usuarios en la Internet sigue siendo elevada, ya que el 74% de los usuarios dijo que confiaba en Internet en 2019, la preocupación por nuestra privacidad está aún más extendida y sigue creciendo año tras año.

Los usuarios siguen señalando a los delincuentes cibernéticos como una importante fuente de desconfianza y de preocupaciones sobre la privacidad en línea, pero no como su única fuente de preocupación. En lugar de ser considerados como una mejora de la seguridad y la privacidad en línea, muchos encuestados también consideran que los gobiernos, los medios sociales y las empresas de Internet contribuyen a la desconfianza en la Internet o a las preocupaciones sobre la privacidad en línea.

Los ciudadanos cada vez confíanos menos en las organizaciones que gestionan nuestros datos y esta falta de confianza contrasta con un elevado nivel de incomprensión de cómo se recogen y cómo se utilizan estos datos personales. Esto explicaría las contradicciones que encontramos entre lo que pensamos y lo que hacemos cuando utilizamos los nuevos soportes digitales al no cuestionar el uso que hacen de nuestros datos estas plataformas y empresas que cuestionamos y de las cuales decimos mayoritariamente que no nos fiamos.

Los estudios también ponen de relieve las percepciones muy diferentes de los usuarios de Internet en función de los niveles de ingresos y educación, en particular cuando se enfrentan a problemas de confianza en el mundo digital. Quienes ocupan posiciones de mayor nivel social -los más ricos, bien educados o los hombres- tienen sistemáticamente más probabilidades adoptar medidas que puedan mejorar eficazmente su confianza y privacidad en línea.

Y esto está provocando ya algunos cambios en los comportamientos y en el uso que hacemos de las diferentes herramientas y plataformas on-line tal y como recoge esta gráfica del estudio realizado por IPSOS para la Internet Society (ISOC) CIGI-Ipsos Global Survey on Internet Security and Trust

También muestra las diferencias generacionales los mayores tenemos poca confianza y seguridad en nosotros mismos al contrario que los más jóvenes que creen tener el monopolio de la comprensión de la tecnología y le otorgan un mayor nivel de confianza.

La regulación ayuda a generar confianza

La regulación ayuda tanto a las empresas de datos y a los ciudadanos
Las nuevas regulaciones y políticas adoptadas en materia de privacidad proporcionan "guarda railes" que incentivan la innovación y que, sin duda, ayudan a crear confianza en las sociedades. En general, los consumidores aceptan mejor a las empresas que usan sus datos cuando estos conocen las normas de privacidad (por ejemplo, el Reglamento General de Protección de Datos de la UE - o GDPR) se sentían mucho más cómodos que los encuestados que no las conocían.

Los consumidores valoran el papel del gobierno en la regulación del uso de los datos, y ven la GDPR muy favorablemente. Los encuestados quieren que el gobierno desempeñe un papel de supervisión y que se asegure de que las empresas cumplan la ley y sus políticas declaradas. Tal vez por esta razón, la GDPR se percibe muy positivamente en todo el mundo (55% favorable frente a 5% desfavorable). Además, los consumidores consideraron que la GDPR les ha dado más control sobre sus datos y ha aumentado su confianza en las empresas que utilizan sus datos.

Nuevos modelos de explotación de datos personales PIM

Coinciden los diferentes estudios y encuestas en que, a pesar de que Internet sigue siendo mayoritariamente confiable para los usuarios, cada vez aumenta la desconfianza y por tanto no podemos ni debemos mirar para otro lado y debemos de actuar y promover iniciativas como las que plantea el proyecto www.PIMCity.org