Technical Building Blocks Workshop

Technical Building Blocks Workshop

Sign-up to this workshop in advance!

This workshop is hosted by Kai Kuikkaniemi, Markus Sabadello and Joachim Lohkamp

In room A-046, Tallinn University

This workshop is focused on identifying the core technical questions for a human-centric personal data platform. We aim at identifying the core elements of the platform, and draft what are the fundamental underlying questions such as how does the platform support pseudonymization, or does the platform provide some means for massive data analytics without disclosing identity.

This workshop requires pre-registering. We have 11 presentations, 5 hosts and we allow in addition maximum 15 other participants, hence the workshop total is 30. The pre-registration for the non-presenting workshop participants will be opened in August.

The workshop is divided in two parts. During first part we go through all technical presentations. Presentations have 15 minutes time and 5 minutes for discussions. Other audience focuses on taking collective notes and identifying the core observations during the first part of the workshop. All presenters are encouraged to identify the core technical elements (technical building blocks) related to their proposal.

The latter part is then focused on discussing the presentations through facilitate process that aims at delivering list of core questions for a personal data management platform. This list will be published under / conference website and also used as a narrative template in the follow-up session during the conference day 2.


Session agenda:

SESSION 1: (max. 12 mins per presentation + short Q&A)

10 minute introduction

Dan Bogdanov // Sharing Your Data with Strings Attached

The success of digital computing rests on the ease of storing and copying large amounts of data. The common thread in the development of both computing and networking architectures is that security and privacy were an afterthought, something that got added later when the technology had already established itself. As a result, copying is easy and sharing data gives no control to their owners.

This creates an asymmetric situation where the data owner has much less power than the service provider. If I want to share my data with a service provider or another database (e.g., measure my power consumption to others in a similar house or apartment), the service will learn all about me, but I will learn only little.

Fortunately, technology is catching up. Today, we can already build data sharing and linking systems that give control back to the data owner as well. With secure computing techniques, the data owners will learn the result of the query (e.g., whether their buildings are energy-efficient or not), but the service provider will not learn the details of the individual. This talk will focus on the applications made possible by such technologies and discuss the implications to data protection regulation.

Luk Vervenne //  Separating Data and Services

Personal Data Management and GDPR should be considered as being part of "Digital Transformation" (DT). Any personal data "solution' therefore needs to answer the DT problem, and so go beyond privacy or personal data control. Organizations should forget about data and focus on algorithms and insights. Personal data itself will be placed in a "Civilization Infrastructure". We propose a model.

Christophe Philemotte // A DIY Data Lake

When we want to take over our data, naturally comes the question where to store them. By building our own Data Lake, we can understand better how our data are stored and protected. We'll see how we can build a simple Data Lake based on REST APIs, blob storage, and a classic database and what we can guarantee with it.

Jacob Baytelman // Privacy by Design Delivers a Social Platform with No Privacy Settings

If you actually care about privacy, you end up building an app without privacy settings at all.Needing for privacy settings is a privacy fail. But well-architected private-by-design system clarifies to people what data is taken for what purpose.

Simon Crossley // Building a Population Scale API

A technology strategy for, and real-world instance of, truly citizen-centric consent management services. The architecture is developed using privacy by design principles and supports both organisations’ and citizens’ needs. The platform is already live and managing millions of citizens’ consent status.


12 mins each + short Q&A

Geoff Revill // Proven Interoperability Through Semantic Data Architecture

15+ years of work in the US DoD has proven APIs and protocols are irrelevant to achieving system interoperability! Instead architect systems & applications through their data.  A Personal Data Ecosystem needs interoperable personal data & the only way to achieve that is to build a semantic model of the data with an extensible framework to accommodate future data and processing perspectives.

Harri Honko // Architecture Framework for GDPR-Framed MyData Use Cases ('MyData Reference Architecture 2.0')

The MyData White Paper inspired reference architecture for MyData has been updated from a pure consent-centric, data re-use/delegation focused specification package to cover all legal bases GDPR defines. Core concepts and roles are detached from a particular technical realisation of the framework's use cases. Some implementation profiles (OAuth for example) are introduced and explained.

Kristian Bäckström // Why Governed Networks Benefits of Autonomous Identity Layer Providing Self-Determination as a Foundation

Trust and authority need to correlate to the context, and has to mimic the real world. Positions with excessive power causes silos, and contributes to fragmentation.

ControlThings is a distributed trust framework provider, with an identity solution designed to fit Industry 4.0, IoT, M2M, smartphone apps and online services. It glues different ecosystems together. The product is a software stack.

Sabri Skhiri // Data Architecture Vision / the Sustainable Foundation for Regulation & Data Usage

How to collect, Store, expose, secure, govern the data ? How the data lake and EDW can co-exist ?

Is my Point to point data architecture sustainable ? where is my data

We have developed a data architecture vision for tackling those challenges and set of technical components to foster its implementation. As a result, it provides a sustainable foundation for implementing data regulation.

Axel Polleres  // SPECIAL / Scalable Policy-awarE linked data arChitecture for prIvacy, trAnsparency and compLiance

The SPECIAL project aims to address the contradiction between Big Data

innovation and privacy-aware data protection by proposing a technical

solution that makes both of these goals realistic. SPECIAL will enable

citizens and organisations to share more data, while guaranteeing data

protection compliance, thus enabling both trust and the creation of

valuable new insights from shared data.

Robert Guinness // The Role of Open Source Software in Enhancing Privacy

Some privacy advocates view open source software as key to ensuring adequate privacy protections. The best way for consumers to know what kind of data are collected from them is to have access to the source code of the software that collects and processes the data. My proposal is for a session focused on discussion and examples of open source software for MyData applications.


12 mins each + online Q&A

Hanna Niemi-Hugaerts and Aapo Rista // How to enable call-for-data in the era of mydata?

Public sector organizations such as cities could improve their operations, service quality and customer experience if they had more accurate and timely data. With the human-centric approach to personal data (including data gathers using mobile phones, DIY or commercial sensors) the processes for granting access to data will mature and thereby ease data sharing between citizens and the city. We call for solutions to give consent, store and utilize such data - and to deny access if no longer willing to share the data. How could the city call for sport facility usage data? How would citizens give consent for using their data and define the level of detail that the city can explore and use that data? Would the donated data be stored in city’s or third parties' data lakes?

Andy Brooks // User Empowerment as Business Strategy / GDPR and Fitness Wearables

GDPR presents fitness wearable companies with an opportunity to redesign their personal data ecosystems, and in so doing address industry stagnation: slowing user adoption, high churn rates, and uncertainty regarding long-term fitness improvements. This talk draws on industry case-based research to demonstrate that surpassing regulations to empower users with control can create tremendous value.

Päivi Karkkola // Personal Data to Open Data

Personal data to open data -Government agency is making its data resources available to support experiments and business growth. How personal data is made open data without compromising privacy? Can open data be my data?

Ziad Wakim // Building a privacy respectful startup

Online tools and services can greatly accelerate building and launching a startup project, but it often comes at the cost of users data privacy, and sometimes security. In this short lightning talk, I'll explore some of the existing pitfalls, and the available options to efficiently build an online service while maintaining privacy.