The increasing availability of big-data software and cloud services has resulted in a large ecosystem of networked data brokers that collect, share, and analyze large quantities of personal information. Using this data businesses, governments, and other organizations can provide new and improved services that many now depend on for their daily activities. As emerging technologies for self-monitoring, smart cities, and the Internet-of-Things advance, ever more data and insight on our lives will be captured and stored online. This mass-scale recording of our digital lives has not come forth without generating strong concerns regarding our privacy. The European Commission has already asserted that we do have the right to control our own data, including the right to be forgotten. The White House has recently also recommended new legislation, granting consumers greater control over their personal information. However, current big-data software stacks and cloud infrastructures does not readily support such rights. The individual, whose life is being recorded, has alarmingly little control and insight in what is being collected and how it is used. Existing computer systems lack effective means to express and enforce privacy policies on information after it has been shared or stored online. To provide that means, systems must support data policies that change depending on how data are manipulated, apply policies to all copies of data and to any derived data, and enforce policies wherever and whenever the original or derived data are used. This project will research and develop the concept of privacy automatons, an emerging technology that can capture and enforce complex privacy policies across multiple heterogeneous distributed cloud systems and client devices. To ensure relevancy, an use-case in medical epidemiological cohort studies will drive the research. Our goal is to empower the end users with greater control and insight into how their data is used and shared.
Project leader: Håvard Dagenborg Johansen
Institution: Institutt for informatikk