How PoSeID-on addresses DS-08 challenges

For all strands, proposals should identify and address the societal and ethical dimensions of the strand they choose to cover taking into consideration the possibly divergent perspectives of pertinent stakeholders.

PoSeID-on outcomes will be evaluated in four pilots involving end-users, where the presence of both genders will be balanced in order to catch both dimensions. At user requirements level and during the pilot execution, end-users will be asked to assess the acceptability and desirability of the final solution. Feedback will be thus used by project developers to fine tuning the prototype in order to address their societal and ethical dimension. Moreover, the ethical aspects related with the access and manipulation of private data, are in the core of the project and will be addressed orthogonally by all the expected contributions.

In addition, the consortium includes a partner with the legal expertise in privacy, as well as an external Advisory Board through which ethical experts will support the project to manage ethical and privacy issues for the whole duration of the project.

 

DS-08 Specific Challenge How PoSeID-on will get it
Novel designs and tools to provide users with the functionality they require… PoSeID-on will support compliance to the GDPR in ensuring the right to access, data portability, rectification, right to be forgotten and the right to restriction of processing. It will enable data subjects with control of own data and permissions by mean of an accessible and an easy to use solution. That solution will adopt Permissioned Blockchain and Smart Contracts technologies to manage secure and tracked transactions, providing the means for accountability and transparency principles the data protection impact assessment is based on. Moreover, PoSeID-on will use data subjects’ identity encryption as a mean to secure qualified anonymity in accessing Internet services. Also, it will be compliant with eIDAS Regulation, to reduce identity fraud and protect the access to personal data. The privacy enhancing dashboard will also integrate Risk Management and Personal Data Analyser modules providing online threats identification, further safeguarding to personal information and alerting data subjects by means of the blockchain platform in case of potential threats.
…without exposing any more information than necessary, and without losing control over their data, to any third parties. PoSeID-on will reduce the exposure of Personally Identifiable Information (PII) on data subjects side while at the same time limiting the data controller to the “need to know” personal data subset; this will be achieved by allowing the data subject to authorize which service provider’s functionality has access and to which specific personal data subsets the authorization applies; consistency between data subjects authorizations and service provider needs will be validated in real time by the creation and validation of smart contracts.
PET should be available in a broad spectrum of products and services, with usable, friendly and accessible safeguards options. PET should be developed having also cost effective solutions. PoSeID-on will provide an innovative and portable approach to deal with the privacy of data subjects both on the technological and business model grounds, by (i) implementing a Privacy Enhanced Dashboard as a Service (PEDaaS) model based on a cloud solution; (ii) providing PoSeID-on as a solution that will mainly make use of and provide Open Source software architecture components, available to be customized by the different data controllers in order to have their own privacy protecting solution; (iii) PoSeID-on will also be an integrated framework that organizations can use to provide data protection to their customers. The offering of these three different models will support a broad number of organizations as it minimize the total cost of ownership including public agencies with budget constrain and SME with limited economic resources, to be compliant with the GDPR and access state of the art solutions with a limited investment.
Comprehensive and consistent Privacy Risks Management

Framework should be available, in order to allow people to understand their privacy exposure (i.e. helping people to understand what happens to their data when they go online, use social networks etc).

Thanks to the adoption of machine learning and artificial intelligence mechanisms, PoSeID-on solution will advise the data subject for any kind of privacy threats and risk exposure, through warnings/alarms generated by the blockchain platform (trough the Risk Management module) or generated by the analysis of historical data to identify anomalous patterns of transactions (through the Personal Data Analyser module). This will represent a valuable instrument supporting also the private or public organizations processing personal data for demonstrating their compliance with the EU regulations, as required by the GDPR.
Open source and externally auditable solutions are encouraged in order to maximise uptake and increase the trustworthiness of proposed solutions.  PoSeID-on solution will mainly make use of and will contribute with Open source architecture components, for future enhancement and customization in different sectors.
Proposals have to address the specific needs of the end-user, private and public security end users alike. Proposals are encouraged to include public security end-users and/or private end users. PoSeID-on solution will reach a TRL 6/7 by demonstrating a system prototype in four different controlled operational environments. It will be fully tested by actual endusers in four pilots to validate the solution functionalities and gather user feedback. End-users will be public administrations, public employees, private companies and private citizens: two public administrations are involved as partners in the Consortium

(MEF and SAN) and a third one, the Austrian  Bundesministerium Für Digitalisierung und Wirtschaftsstandort is a linked third party of partner BRZ. A further pilot will be implemented for the end-users from private sector by SOFT, for their customers.