With the support of the European Commissions’ Next Generation Internet DAPSI (NGI DAPSI), Trace Labs, core developer of OriginTrail, is now developing an open-source infrastructure to help organizations automate their GDPR compliance and have a transparent way of handling personal data. With its decentralized data provenance system utilizing the OriginTrail Decentralized Network (ODN), the Open Provenance Knowledge Graph (OpenPKG) is introducing an efficient approach to tackling data transparency and portability challenges and advancing governance and control over personal data for users. Following the launch of several solutions for the assurance and compliance sector, the British Standards Institution and Trace Labs are now looking to use OpenPKG to strengthen businesses’ information resilience.
Personally identifiable information (PII) has been piquing interest over the course of the last several years, especially after a significant shift from consumers to “prosumers” occurred, which effectively included consumers in the production of digital products, making them a part of the product itself. With ample amounts of personal data involved in this shift, a regulatory vacuum was created, which tilted the power balance heavily towards organizations, allowing them to capture prosumers’ personal data.
The Facebook-Cambridge Analytica data breach is one such example. Users were utterly unaware that their personal data was being used for reasons (political purposes) other than those stated. The Times reported that in 2014, contractors and employees of Cambridge Analytica, eager to sell psychological profiles of American voters to political campaigns, acquired the private Facebook data of tens of millions of users — the largest known leak in Facebook history.
One of the most influential legislative approaches to address such challenges was introduced by the European Union with the General Data Protection Regulation (GDPR). Despite the GDPR creating a movement towards improving the balance of power when it comes to managing data with PII, a lot is left to be desired. Data transparency, data compatibility and interoperability, and the security and privacy of consumers are subpar with regards to the importance of personal data challenges.
Even though there are many highly privacy-aware actors on both sides, among individuals and organizations alike, the current situation is still plagued by limited insight into the entire personal data lifecycle as a response to Data Subject Access Requests (DSAR). Despite GDPR, governance over one’s personal data is hard to enforce, and even when exercising DSAR rights, the responses vary greatly among organizations and are difficult to understand (they often are in the form of an unstructured text blob). On the other hand, organizations are having a difficult time creating an efficient system around managing and tracing personal data across their IT infrastructure, investing substantial budgets to achieve compliance and increase transparency (DSARs can be notoriously time-consuming to manage and, under the GDPR, the time frame organizations have to respond has been reduced to one month).
What Is OpenPKG?
The OpenPKG system introduces a middle ground between data subjects, data controllers, and data processors that enables required transparency when it comes to managing personal data. The OpenPKG system is open-source, neutral, and inclusive in order to omit service provider lock-ins. It supports key vocabularies and ontologies (W3C PROV and the developing GDPRov ontology extending PROV-O, W3C Verifiable Claims Data model, and JSON-LD) to ensure interoperability and enable data connectivity. In order to achieve data integrity, it leverages decentralized networks without ever exposing personal data to anyone without permission. Most importantly, it takes into account both, users and services providers, by allowing clear data ownership and flexible consent management for users and automated GDPR DSAR compliance and positive differentiation for service providers.
Moving beyond the state-of-the-art, Trace Labs is kicking-off the OpenPKG, a decentralized knowledge graph for improved governance, portability, and privacy of personal data. Putting the open-source OriginTrail Decentralized Network at the core of the OpenPKG, the required neutrality, transparency, and interoperability are available by design.
OpenPKG will provide an easy-to-use tool that organizations can deploy on their websites to automate their GDPR compliance and have a transparent way of handling personal data. It will consist of two parts: the infrastructural component intended for organizations and an individually focused web application that allows searching for the provenance of a PII within selected organizations, triggering responses to DSAR, and providing full visibility into which data is accessible to organizations and what type of usage/processing it was subjected to.
The OpenPKG, therefore, includes advances for both individuals (data subjects) and organizations (data controllers). In a situation of balanced powers, individuals will truly own, understand, and be able to manage their personal data. In the OpenPKG system, no personal information is appropriated unknowingly or without a clear (non/monetary) quid-pro-quo. Arrangements of personal data sharing will also be more straightforward, granular, and easily understood by individuals. Organizations will be able to perform PII data management with full traceability and transparency easily by using the OpenPKG, enabling real-time access to individuals whose PII they control, and empowering them to view, erase, and port the data when they deem appropriate. This will be done using neutral, open systems that operate in a trust-less way.
OpenPKG in Action
Following the release of several solutions that show best-in-class use of public networks in the enterprise context, the British Standards Institution (BSI) and Trace Labs are continuing to build on that strong foundation and expand collaboration towards DSAR. Today, BSI is regarded as one of the global leaders in assisting companies with optimizing their processes when it comes to DSAR and compliance with the GDPR legislature. Over the course of the next nine months, BSI will follow the development of the OpenPKG and explore the usage of this open-source technology in its DSAR offering. In addition to the collaboration with BSI, OpenPKG will also be available to other companies. Key OpenPKG technical components will all be published under an open-source license, allowing anyone to leverage the OriginTrail Decentralized Network and OpenPKG to automate their GDPR compliance.
The Next Generation Internet initiative aims to shape the future internet as an interoperable platform ecosystem that embodies the values that Europe holds dear: openness, inclusivity, transparency, privacy, cooperation, and protection of data. The data economy in EU27 is predicted to reach €829 billion in value by 2025. With OpenPKG, Trace Labs is making a strong move beyond state of the art by extending the usability of OriginTrail Decentralized Knowledge Graph to personal information. It is only by including the individual consumers (prosumers) that all aspects of the data economy (both industrial and personal data) are covered in a single decentralized knowledge graph, providing the most value.
About Trace Labs — Core Developers of OriginTrail
Trace Labs is a blockchain company developing enterprise solutions for trusted data exchange across the supply chain. Their solutions enable forward-thinking organizations to gain the most knowledge and make better decisions based on interconnected data from their supply chains. Trace Labs is also the core development company of the open-source OriginTrail protocol for blockchain-based data exchange. Founded in 2013, Trace Labs has built award-winning enterprise solutions for supply chains, including those for traceability and verifiable claims. In 2017, Trace Labs received an award from the Walmart Food Safety Collaboration Center. Trace Labs believes sustainable supply chains are only possible when all organizations, big or small, are allowed to benefit from trusted data exchanges.
For more information about Trace Labs, please visit: tracelabs.io.
For more information about OriginTrail, please visit: origintrail.io.
BSI is a business improvement company that enables organizations to turn standards of best practice into habits of excellence. For over a century, BSI has championed what good looks like and driven best practices in organizations around the world. Working with more than 86,000 clients across 193 countries, it is a truly international business with skills and experience across a number of sectors including aerospace, automotive, built environment, food, and healthcare. Through its expertise in standards development and knowledge solutions, assurance, and professional services, BSI improves business performance to help clients grow sustainably, manage risk, and ultimately be more resilient.
To learn more, please visit: www.bsigroup.com.
About NGI DAPSI
Under the European Commission’s Next Generation Internet (NGI) initiative, the Data Portability and Services Incubator (DAPSI) was launched in November 2019, to empower top internet innovators to develop human-centric technology solutions addressing the challenge of personal data portability on the internet as foreseen under the GDPR. DAPSI has received funding from the European Union’s H2020 research and innovation program under Grant Agreement no 871498.
To connect and learn more, visit: https://dapsi.ngi.eu.