Blog:12.01.2021

From Strategy to Practice – Data Intermediaries in the EU

Category: Conferences, data intermediaries, PIF, Privacy

 

Several members of the Privacy Icons Forum (PIF) participated at the session “From Strategy to Practice – Data Intermediaries in the EU” held during the MyData 2020 online Conference on December 11, 2020 and hosted by Zohar Efroni.

The session focused on the developing concepts of data intermediaries within the EU, for which the EU Data Strategy drafted by the European Commission and particularly the Commission’s proposal for a Data Governance Act are highly relevant. The overarching question for the session was how data intermediaries could provide answers to existing challenges such as massive power imbalance in the digital markets, the lack of control over data usage by the users and the complexity of regulating digital markets.

Data intermediaries, understood as an independent data-sharing entity (including Personal Information Management System, or “PIMS”) positioned between individuals and data users (such as online service providers and platforms) can present relevant and promising solutions when it comes to discussing pressing data policy issues. In five presentations, current research and ideas on data intermediaries were presented to the audience.

The presenters — with their backgrounds in the legal, economic, psychological, technical and web-design fields — inspired an interdisciplinary discussion. A lively participation of the audience over the chatroom evoked key questions, such as:

  • How much responsibility and control should the single user have, especially when it comes to the opportunity of monetizing personal data?

or

  • How realistic is the EU’s proposal, the idea of “Data Altruism” and working intermediaries considering the reality of typical users behavior patterns?

The following presenters participated in the session:

How EU Regulation tries to capture “MyData” operators

Malte Beyer-Katzenberger is a policy officer at the European Commission who was involved in the drafting of the European Data Strategy Proposal. In his presentation, Malte discussed the EU’s goal to create a better power balance in the digital market by giving back control over personal information to the user. In order to achieve this goal, the different actors — from the corporate side to the single, private user — must be convinced of the efficacy of technical solutions. Therefore, neutral trusted intermediaries need to gain more trust.

The novel Commission’s Proposal for a “Data Governance Act” is designed to regulate the establishment of PIMS, MyData Operators, and similar intermediaries that would function as neutral services that empower individuals and businesses concerning the use of their data. Regulation equipped with a clear agenda, operative framework and game rules at this level is meant to solve the competition problem in the digital markets while offering less complicated, more extensive and safer solutions for individual users in the future.

Feedback concerning the Commision’s proposal can be submitted until 01.02.2021 over this link: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12491-Data-sharing-in-the-EU-common-European-data-spaces-new-rules-

Link to presentation: “How EU Regulation tries to capture “MyData” operators”

PIMS for everyone (?)

Marco Mellia (Politecnico di Torino) presented an intermediary solution in the form of The PIM City Project. PimCity aims to develop next generation personal data platforms aiming to tackle the problem that the monetization of personal information lies often in the hands of monopolies. Through the PIM tools, individuals are the ones who decide what data and how their data is being released, supported by software that replicates users’ preferences on data sharing.

Though this type of a solution seems promising, Marco reminded us that such systems only work if regulation is enforced (as a negative example, he noted that about 50% of all websites currently violate EU law and regulations in the area of cookies). In addition, technical solutions cannot always provide straightforward answers in the absence of legislation vis-à-vis platforms that covers user relations. In order to make regulation adequate and enforceable, he pointed out that there should be a close communication between the legal and the tech sectors.

Link to presentation: “PIMS for everyone (?)”

Data Economy Research at the Data Transparency Group of IMDEA Networks

Nikolaos Laoutaris (IMDEA Networks Institute Madrid) showed in his presentation the economic consequences of the “giveaway culture” of personal information for “free” services. He also emphasized how this information becomes valuable by connecting it to other data.

Nikolaos explained how this factor can empower the user to gain back control over data but also pointed out to some challenges, for instance, that the operation of classic economic principles cannot always be assumed when applied to digital markets. He further explained other challenges such as the problem of determining data ownership.

Link to presentation: “Data Economy Research at the Data Transparency Group of IMDEA Networks”

Standardization of processing purposes as a component of data intermediaries solutions: Taking the example of PIMs

Max von Grafenstein (UDK Berlin) presented a data governance framework to analyze the transfer and usage of personal data on a legal, process, and technological level. On this basis, Max explained the main function of data intermediaries, such as PIMS, to reduce transaction costs on the different data governance levels. In his opinion, this has not yet worked adequately, especially not in the case of PIMS, because the actual exchanged goods are not yet properly addressed on the legal level.

Max showed that the commonly seen good of trade is not data per se (for a benefit like a free service, money, or moral satisfaction). Rather, it is the users’ “data processing risk”. In Max’ opinion, PIMS will only meet their users’ needs in practice if these intermediaries address data processing risks as the actual good of trade, instead of data as such. To further increase legal certainty of PIMS, he sees a conceptual solution in certification mechanisms and codes of conduct for the underlying personal data processing operations according to Art. 40-43 GDPR as well as Art. 10 of the European Commission’s Proposal for a Data Governance Act.

Link to presentation: “Standardization of processing purposes as a component of data intermediaries solutions: Taking the example of PIMs”

Transparency, Design & Trust

Finally, Arianna Rossi (SnT, University of Luxembourg) focused on how users’ trust in data intermediaries can be inspired and secured. She challenged classical assumptions according to which transparency, understood as provision of information and control over personal data to users, instills that trust.

Arianna’s presentation showed the double-edged power of UX/UI design, that unavoidably influences online actions: Such influence can fairly support users to take meaningful decisions about the use of their data, yet it can also unfairly manipulate them into sharing data. Thus, understanding what users want and designing ways to respect those wishes is the key to enhance trust in data intermediaries.

Link to presentation: Transparency, Design & Trust”

UPDATE: A link to the video recording of the session is available here.