Many services on the Internet depend on the availability of secure digital identities which play a crucial role in safeguarding the data and privacy of citizens. Personal data is becoming a new economic “asset class”, a valuable resource for the 21st century that will touch all aspects of society (Source: World Economic Forum).
Citizen Data Vault (CDV) is a Personal Data Service and Repository that enables citizen to gather, store, update, correct, analyse, and share personal data. The tool provides a set of secure APIs and a “Data Dashboard” with the goal to manage and control “personal data ” during the interaction with real life services (PA, Social, IoT, B2C). In this way, the citizens have to provide the PAs with their personal data only the first time, without repeat the same action for every online service they want to use, being compliant with Once Only principle.
With CDV, Citizens, as Data Subject, have a practical mean to manage and have control over their data and privacy. They became empowered actors, not passive targets, in the management of their personal information.
Of particular importance on data sharing processes is the ability to grant and withdraw consent to third parties for access to data about oneself. The consent is a “contract” that allows to:
- Understand the data you share, where it goes, who has it and why
- Keep a proof of consent and enable consistent consent practices.
- Simplify terms and conditions
The Personal Data Space addresses interoperability requirements, in particular the “once-only” principle in the context of public sector where citizens and businesses should supply information only once to a public administration in the EU and reuse them in the next interactions.
CDV addresses also legal requirements towards the new EU GDPR (General Data Protection Regulation):
- consent-based data management
- technical means to verify compliance with data handling prescriptions
- Right to have a copy of personal data
- Right to be forgotten
CDV can be seen as a transversal tool for privacy enhancement.
In the context of SIMPATICO Project, CDV is experimented in PA use cases where public services can access to citizen and/or business entities data stores. In particular in Trento “Sportello Telematico” use case personal data can belong to “certified” data store as “Sistema anagrafe” or to “Citizen generated” data store. By means of a Dashboard (i.e Data Wallet) Citizen will have a single point to verify which data is used, and how, by PA services.