After 25th May 2018, each of us having an email address has received a message about the new General Data Protection Regulation (GDPR). This new regulation issued by European Parliament protects the individual rights about privacy when someone uses a service.
The SIMPATICO project addresses this principle through the Citizen Data Vault (CDV), a personal data wallet that allows managing the personal data of the citizens, implemented following the privacy by design principle.
Indeed, the CDV is designed in order to exploit and support the new GDPR to be compliant with it both from interoperability, technical and legal point of view. In particular, the CDV addresses legal requirements:
- adopting smart contracts and policies that govern the access and distribution of data
- managing the consent-based
- using technical means to verify compliance with data handling prescriptions
- providing the right to have a copy of personal data
- giving user the right to be forgotten
The Citizen Data Vault addresses interoperability requirements, in particular the “once-only” principle in the context of public sector where citizens and businesses should supply information only once to a public administration in the EU and reuse them in the next interactions or in another different service.
The approach followed for the definition of CDV is based on MyData stack for a “user centric” and consent based personal data service architecture.
Of particular importance on data sharing processes is the ability to grant and withdraw consent to third parties for access to data about oneself. The consent is a “contract” that allows to:
- Understand the data you share, where it goes, who has it and why
- Keep a proof of consent and enable consistent consent practices.
- Simplify terms and conditions
CDV follows a structured and simplified formalization of a data processing consent, based on Consent receipt specification of Kantara initiative.