PoseID-on will develop and deliver an innovative intrinsically scalable platform, namely the Privacy Enhancing Dashboard for personal data protection, as an integrated and comprehensive solution aimed to safeguard the rights of data subjects, as well as support organizations...
PoseID-on will develop and deliver an innovative intrinsically scalable platform, namely the Privacy Enhancing Dashboard for personal data protection, as an integrated and comprehensive solution aimed to safeguard the rights of data subjects, as well as support organizations in data management and processing while ensuring GDPR compliance. The Privacy Enhanced Dashboard will integrate cutting edge technologies and towards the organizations accountability and GDPR compliance as fa as data processing and exchange is concerned. Also, it will contribute to help organizations in the guarantee of fundamental rights of data subjects. The objective is to create a solution for many of the obstacles to a smooth and agile ecosystem platform establishment especially those related to the individual (data subject) trust, the regulation compliance and the size of the investment.Paralleling this, PoseID-on aims at supporting public and private organizations to properly respond to the new EU regulations by also gaining substantial advantages for their own activities. In fact, the Privacy Enhanced Dashboard will enable organizations to enforce their traditional procedures. The main novelty of all the tools that will be developed and delivered by PoseID-on, within the Privacy Enhanced Dashboard, is the securitization of their open architecture by means of the implementation of the Permissioned Blockchain and Smart Contracts, which will enable contextual guarantee of accountability, transparence and compliance with rights to data protection. Additional innovation is also provided by the integration of the Permissioned Blockchain technology with other state of the art technologies within the Privacy Enhanced Dashboard namely, cloud, access management according to eIDAS and privacy management.
To realise the main goal of PoSeID-on, the activities will be split down in 6 SMART Objectives:
1: Data subject empowerment - PoSeID-on will provide a Privacy Enhancing Dashboard allowing the data subjects to maintain the control of their own data.The development of the web based dashboard will follow some principles of accessibility in order to provide a great user experience with a system that responds to users’ requests in a reasonable timeframe and provides the functionality useful for the user when he needs it most. Furthermore, all the functionalities will be intuitive and easy to access.
2: Personal data safeguarding - PoSeID-on will adopt a series of security mechanisms in order to protect PII and the communication between the data subjects and the data controllers/processors:
- transactions and access management will be secured and managed through the adoption of the Permissioned Blockchain technology
- through a specific connector, the system architecture will be opened to Digital Identity management systems in accordance with eIDAS Regulation
- state of the art encryption mechanisms will be used to secure data eventually saved on cloud
3: Data minimization and data quality - Through the implementation of Smart Contracts on the permissioned blockchain, PoSeID-on will ensure the quality of personal data collected that will be managed directly by the data subject in order to be accurate and up-to-date.Moreover, the specific Smart Contract will contain the reference to just the users’ personal data necessary for the that specific transaction, in compliance with the data minimization principle.
4: Detection of unexpected and potentially harmful behaviors - Through Artificial Intelligence and Machine Learning algorithms, PoseID-on will monitor privacy risks (Personal Data Analyser module), notifying privacy threats to data subjects during data transactions and discovering all previously non-identified personal data, such as personal data for which there is not data subject authorization. Data subjects will be then allowed to react to the identified risk, for instance revoking the permission to process their data to the specific data controller or third party. The PoSeID-on platform will also include a Risk Management module that will monitor risks in the permissioned blockchain platform
5: System demonstration through testing and validation - PoSeID-on will be evaluated through four pilots in 4 different countries (Italy, Spain, Austria and France) either in public, private and mixed scenario to replicate as much as possible the ecosystem platform conditions. PoSeID-on solution will be integrated with the current platforms already in use by the involved public administrations currently used by employees and citizens. Pilots will involve firstly a basic set of users to be enlarged during the evaluation months while the solution gets mature. The pilots will run in a controlled environment trying to replicate as much as possible live services, while using actual end-user data.
6: PoSeID-on sustainability model - PoSeID-on will be offered in the market following three different models:
- As an ICT integrated prototype provided with an innovative web-based dashboard for data subjects with a user-friendly interface, that can be used by organizations to provide data protection mechanisms.
- As interoperable open source ICT components to be potentially integrated in any public or private existing platforms, enhancing them with data protection mechanisms.
- Cloud-based Privacy Enhanced Dashboard as a Service (PEDaaS).
PoSeID-on will be delivered as a set of open source tools and toolkits, that can be separately deployed by potential users, according to their specific needs. This will mitigate the TCO (Total Cost of Ownership) for public agencies facing budget constraints as well as for private SME with limited IT budget thus increasing the number of the potential joiners to a specific ecosystem platform.
Accordingly, PoseID-on envisages different services/products to be potentially delivered, according to the considered target. The primary expected outcomes of PoseID-on are:
1) Privacy Enhanced Dashboard as an ICT integrated prototype, also provided with an innovative web-based dashboard for data subjects with a user-friendly interface. It can be used by organizations that want to integrate their procedures with a GDPR compliant tool.
2) Open source components or API, as interoperable ICT components to be potentially integrated in any public or private ICT architecture. PoseID-on will make available each single component/toolkit of the privacy enhanced dashboard, so as to allow EU organizations to integrate these components in their own systems. This option can potentially guarantee high technological development and competitiveness, and the creation of new business opportunities in the EU market.
3) Cloud-based Privacy Enhanced Dashboard as a Service (PEDaaS). Organizations can benefit from this service, in case they do not have their own blockchain and/or cloud or they don’t want to afford for any reason the cost of managing GDPR compliant tools. In this case, they can access the PoseID-on cloud service and use the Privacy Enhanced Dashboard to monitor and control the data processing.
In this light, PoSeID-on will be a strong enabler for implementing any kind of digital collaboration between public organizations as well as private ones and among themselves as it will solve or mitigate most of the privacy issues and concerns which represents the main obstacles to ecosystem platform establishment.
More info: http://www.poseidonproject.eu.