Citizen Data Vault
Many services on the Internet depend on the availability of secure digital identities which play a crucial role in safeguarding the data and privacy of citizens. Personal data is becoming a new economic “asset class”, a valuable resource for the 21st century that will touch all aspects of society (Source: World Economic Forum).
Citizen Data Vault – CDV is a Personal Data Service and Repository that enables citizen to gather, store, update, correct, analyse, and share personal data. The tool provides a set of secure APIs and a “Data Dashboard” with the goal to manage and control “personal data” during the interaction with real life services (PA, Social, IoT, B2C).
What is the problem?
Many services on the Internet depend on the availability of secure digital identities which play a crucial role in safeguarding the data and privacy of citizens.
How to collect, store, share my Personal Data? Who actually processes my Personal Data and how to track the flow? How to use personalized service assuring privacy and transparency? How to provide personalized services and be compliant with the upcoming EU General Data Protection Regulation (GDPR)?
What is the solution?
With CDV Citizens/Business have a practical mean to manage their data and privacy. They became empowered actors, not passive targets, in the management of their personal information.
Who is the beneficiary?
Companies, Municipalities, PAs and Citizens as legal roles involved to personal data processing (Data Subject, Controller, Processor).
CDV has been designed to meet SIMPATICO Pilots requirements. Besides, CDV follows a set of initiatives, standards and regulations.
The Citizen Data Vault addresses interoperability requirements, in particular the “once-only” principle in the context of public sector where citizens and businesses should supply information only once to a public administration in the EU and reuse them in the next interactions or in another different service.
Of particular importance on data sharing processes is the ability to grant and withdraw consent to third parties for accessing to data about oneself. The consent is a “contract” that allows to:
- Understand the data you share, where it goes, who has it and why
- Keep a proof of consent and enable consistent consent practices.
- Simplify terms and conditions
CDV addresses legal requirements towards the new EU GDPR (General Data Protection Regulation):
- Smart contracts and policies that govern the access and distribution of data
- consent-based data management
- technical means to verify compliance with data handling prescriptions
- Right to have a copy of personal data
- Right to be forgotten
An infrastructure to securely protect personal data
The CDV avoids the fraudulent access to the user personal data by:
Adopting the HTTPS protocol to transmit securely the user data.
Exposing a set of OAUTH 2.0 protected APIs, to ensure the interaction only with the authorized data consumers and sources (services and applications).
Consent and Rule based techniques for Data Management.
Adopting a multiple keys based data encryption.