This interdisciplinary talk aims to reflect on a solution for resolving key tensions between providing personalized services and the right to privacy, by envisioning new Cognitive Human-centric Personal Data Ecosystems (C/CH-PDEs) in which personal data can only be collected and processed under the control of the data subject.
In our increasingly digital societies, data is perceived as a key resource for economic growth. Among the highest-valued corporations today, many have business models that are essentially based on data of or about their users. This development has raised serious concerns about individuals' right to privacy and their ability to exercise control over their own data, as well as about the broader shifts of power between data subjects and data controllers that this development entails. Consequently, European policy makers have passed the General Data Protection Regulation (GDPR), which has imposed stricter regulations on personal data handling practices within the EU.
In parallel, a movement - often associated with the term “MyData” - has emerged in the civil society with the goal to put individuals in control of their personal data. One of the major adoption barriers for such platforms, however, has been the difficulty individuals face in acquiring their personal data from data controllers. In this talk after introducing the technical aspects of the Cognitive Human-centered Personal Data Ecosystems, I discuss how the new rights under the GDPR could drive the emergence of such ecosystems, in which individuals' roles are no longer limited to that of passive "data subjects", but in which they become active stakeholders that have access to, exercise control over, and create value from their personal data. Finally, some of the sociotechnical drivers and barriers of cognitive human-centric personal data ecosystems will be discussed.