Forward-thinking organizations recognize that old ways of working often hold them back. Many are finding that they do not always have to go it alone in delivering either public and private services. After all, digital technologies are powering a whole new era of collaboration and data sharing with platform-based business models at the heart of it all.
In this scenario, public agencies can create the ecosystem where agencies act with other public organizations, businesses, NGOs and citizens themselves to reinvent the delivery of services (and related goods). ccc c
This is the essence of what is called Ecosystem Platform: a collaborative and innovation-focused approach where governments openly collaborate with citizens, companies, other government organizations for the sake of service delivery. Public agencies might be the orchestrators of ecosystem collaboration, however an ecosystem platform can also be with undefined participant roles.
While the technology it is not an issue anymore to create an ecosystem platform which can deliver a significant and measurable value to citizen and customers and the whole community, many are the obstacles to be overcome: regulation compliancy, individuals and organizations trust, investment size, standardizations most of which are related to PII (Personal Identifiable Information).
On the regulation side, the EU’s General Data Protection Regulation (GDPR) set a new mandatory step on the path toward the establishment of any ecosystem platforms as well as a unique opportunity to leverage a cross border standard. It was ratified by mid-2016 and immediately became law. Member states now have a few months ahed for implementation. During this period, all public and private organizations selling goods or services or indeed collecting and processing personal data of individuals residing in the EU, regardless of the company’s physical location, must get compliant. They will be directly accountable to those whose data they process. With new requirements for organizations and new rights for individuals, there is no doubt that the GDPR will have a significant impact on both individuals and Internet service providers that process PII. In fact, while from one side the GDPR entails different obligations for those companies, on the other side it has been designed to enable individuals to better control their personal data and eventually improve the trust.
Keeping with this, PoseID-on will develop and deliver an innovative intrinsically scalable platform, namely the Privacy Enhancing Dashboard for personal data protection, as an integrated and comprehensive solution aimed to safeguard the rights of data subjects (i.e. all those natural persons that represent the primary target of the new GDPR), as well as support organizations in data management and processing while ensuring GDPR compliance. The Privacy Enhanced Dashboard will integrate cutting edge technologies and towards the organizations accountability and GDPR compliance as fa as data processing and exchange is concerned. Also, it will contribute to help organizations in the guarantee of fundamental rights of data subjects.
The objective is to create a solution for many of the obstacles to a smooth and agile ecosystem platform establishment especially those related to the individual (data subject) trust, the regulation compliance and the size of the investment.
The Privacy Enhanced Dashboard will empower data subjects in having a concise, transparent, intelligible and ease access, as well as tracking, control and management of their Personally Identifiable Information (PII) processed by public and private organizations, acting as data controllers and/or data providers. They will be able to make conscious decisions about who can process their own data, by enabling, restricting or revoking permissions in accordance to the data minimisation principle, as well as to be alerted in case of privacy exposure.
A Risk Management Module will be also integrated into the Privacy Enhancing Dashboard, which will automatically check the legitimacy of data processing and exchanges between different parties by alerting data subjects in case of aberration, potentially leading to infringement of fundamental rights and freedom.
Paralleling this, PoseID-on aims at supporting public and private organizations to properly respond to the new EU regulations by also gaining substantial advantages for their own activities. In fact, the Privacy Enhanced Dashboard will enable organizations to enforce their traditional procedures.
The main novelty of all the tools that will be developed and delivered by PoseID-on, within the Privacy Enhanced Dashboard, is the securitization of their open architecture by means of the implementation of the Permissioned Blockchain and Smart Contracts, which will enable contextual guarantee of accountability, transparence and compliance with rights to data protection. Additional innovation is also provided by the integration of the Permissioned Blockchain technology with other state of the art technologies within the Privacy Enhanced Dashboard namely, cloud, access management according to eIDAS (electronic IDentification, Authentication and trust Services, the EU regulation on electronic identification and trust services for electronic transactions in the internal market) and privacy management. These will make the Privacy Enhanced Dashboard (PED) a novel tool offering most of the latest innovative technologies in the ICT sector in a box.
Moreover, PoSeID-on will be delivered as a set of open source tools and toolkits, that can be separately deployed by potential users, according to their specific needs. This will definitely mitigate the TCO (Total Cost of Ownership) for public agencies facing budget constraints as well as for private SME with limited IT budget thus increasing the number of the potential joiners to a specific ecosystem platform. Accordingly, PoseID-on envisages different services/products to be potentially delivered, according to the considered target. The primary expected outcomes of PoseID-on are:
- Privacy Enhanced Dashboard as an ICT integrated prototype, also provided with an innovative webbased dashboard for data subjects with a user-friendly interface. It can be used by organizations that want to integrate their procedures with a GDPR compliant tool.
- Open source components or API, as interoperable ICT components to be potentially integrated in any public or private ICT architecture. PoseID-on will make available each single component/toolkit of the privacy enhanced dashboard, so as to allow EU organizations to integrate these components in their own systems. This option can potentially guarantee high technological development and competitiveness, and the creation of new business opportunities in the EU market.
- Cloud-based Privacy Enhanced Dashboard as a Service (PEDaaS). Organizations can benefit from this service, in case they do not have their own blockchain and/or cloud or they don’t want to afford for any reason the cost of managing GDPR compliant tools. In this case, they can access the PoseID-on cloud service and use the Privacy Enhanced Dashboard to monitor and control the data processing.
In this light, PoSeID-on will be a strong enabler for implementing any kind of digital collaboration between public organizations as well as private ones and among themselves as it will solve or mitigate most of the privacy issues and concerns which represents the main obstacles to ecosystem platform establishment.
PoSeID-on will develop and deliver an innovative intrinsically scalable platform, as an integrated and comprehensive solution aimed to safeguard the rights of data subjects , exploiting the cutting-edge technologies of Smart Contracts and Blockchain, as well as support organizations in data management and processing while ensuring GDPR compliance.