Privacy By Design – The Case for 1st Party Data Sharing
- Use specificity: Existing national data protection acts all over the world often severely limit the processing that can be performed on citizen data if it isn’t explicitly defined at the time of collection (use-specificity)
- Transparency and portability: The forthcoming European Data Protection Act places a great deal of further limits on use, and requires an interface for persons to download their own data.
- Right to be forgotten: The act also requires identity providers enable persons to delete their accounts and associated data.
Publicity about the regulatory requirements, and more importantly, about data breaches and rising problems with cyber-surveillance, crime, fraud, extortion, bullying and breaches feed a rising tide of privacy concerns from individuals. Online providers are trying to respond to these concerns in various ways:
- Building new interfaces and processes to comply
- Publishing complex privacy policies to rationalize and justify practices
- Offering improved privacy settings and other features
- Offering encryption features for individuals (such as Google and Apple’s reportedly surveillance-proof smartphones OSes)
However, none of these efforts can change the fact that the third-party personal data storage architecture will continue to face challenges in the present climate of international distrust, regulatory zeal and national data protectionism.
Advantages and Disadvantages of the 1st Party Model
In the 1st party model, a breach of all the personal data touched by the application would be unlikely because that data actually resides in millions of little repositories rather than in one large repository. Thus, if a hacker gained access to a system administrator password (as we are told occurred in the recent JP Morgan breach) he would not be able to download millions of records from any database. Instead, he would have to connect to every single personal cloud and request data from it. This type of breach would be much more easily detected and stopped before it affected millions or even just hundreds of customers.
There will be challenges to the first party privacy and security architecture model as well. Rather than living in one heavily protected fortress, 1st party personal data resides in smaller structures protected by individuals who, in general, don’t have the greatest record for keeping their devices free from malware and preventing their accounts from being compromised. Much will depend on the market providing software or services built for the 1st party model with professional levels of security.
These tools and services for 1st party storage must not only remain decentralized and under the individuals’ complete control, they must also maintain an adequate level of interoperability and consistency so that online applications which rely on them don’t have to reinvent the wheel too often. An example of companies following the personal cloud model are SocialSafe (which allows you to download and own a copy of all your social network activity), Meeco (which is developing applications enabling personalized connections to trusted brands) and Personal.com (which has developed a PDS application).
The pure first party model isn’t sufficient to support some analytics which, unlike other forms of online interactions and customer data processing, depend not on one customer’s data but on the aggregation of many customers data. One solution for privacy-compliant big data is to aggregate only non-sensitive personal information thus lessening the impact of a breach and potentially making it easier to obtain informed consent from individuals. This requirement could be satisfied by the hybrid first party architecture shown in the figure below, which introduces a repository for analytics into the 1st party model. This repository, shown in a pink color, would contain non-sensitive or de-identified personal data, leaving most personal data back in the personal clouds.
For many IT business and security people, the very idea of a decentralized first party PDS may seem crazy, going against the grain of long held views on the need for organizational control. So dominant has the notion of a centralized PDS architecture become that many forget the Internet itself was first conceived of as a peer to peer network and only later became more centralized. This post has pointed out 1st party PDS architecture alternative and some compelling reasons to consider it.