PrivacyByDesign eco-sys

Applications and data interoperability infrastructure with effective anonymous confidence maintaining complete control to users

Comment

What is the problem

There is a similar problem of privacy compliance in many of the solutions to contrast diffusion of Covid-19, from the tracking systems to health-related App. Information is sensible from a privacy point of view, and regulators are blocking various solutions.

Anonymization of data in a centralized database most of the time not solve, remains various kinds of hacking, including deductive ones allowing to link information to profiles.

Other solutions can use pseudo anonymization, permitting more sophisticated levels of elaboration. In this case, augmenting the control by the user with additional security concerns requiring more reliable organization and trust.

Interoperability is required to create an open environment where data is shared to maximize results and permit multiple subjects to offer services and front-end (App).

The challenge is in how to operate according to GDPR in this complexity one side, and without technical or inertial bottleneck the other, this is continuously slowing or blocking projects.

Example of App & Services needing a solution like the one we are proposing:

  • Tracing-system with high performance (centralized)
  • Health-related with interoperability requirement
  • Epidemic study with voluntary participation
  • Advanced insurance and financial services
  • Laboratory and research field

Inspiration

"Privacy by Design" paradigm permits to approach from the fundaments the problem of data property and confidence. Later to completing the model was added security and default, starting from the first one because it is inner related to privacy. By default is the idea it does not depend on the correctness of stakeholder's actions.

Appling the complete model "Privacy & Security by Design & Default" can create an open and interoperable eco-system that guarantees a standard environment and data protection.

We started from the experience of a user-centric eco-system to manage chronic diseases resulting in a patented technology, Kopernican (https://patents.google.com/patent/EP3432547A1). The point on modern health solution is the holistic approach required around the user; the patient at the center is not a question of attention but reversing the paradigm; only the user can manage all. From sensors to interfaces, from quality-big-data to support analytics, from pro-activity to measures. To have a full engagement and exponential result, the user must be in control and support. The information remains all the time encrypted and the keys in the sole availability of the owner.

In the same field, there various projects like Solid by Berners Lee, but almost all are addressing public data with fewer performances of security and for sure of the inner capability to support confidence.

The complete paradigm results in:
"Privacy & Security by Design & Default" is when the user is in control of his data in scope and time.

the solution

We create an infrastructure based on a new paradigm putting the user in control of his data in scope and time with innovative confidentiality aspects. For example, permitting to combine anonymized-services rating out of GDPR scope but maintaining complete control of data like pseudo-anonymized data.

Our technology creates a separation between domains, roles thanks to cryptography, and a distributed architecture based on a strict command line supported by smart-contract like instructions.

In this mode, we act as an enabling technology to permit a faster adoption and, at the same time, raising the level of user confidence in these solutions.

Our project uses the Kopernican technology, free in case of public use, to create a common data and services infrastructure to create an exponential grown of applications and solutions.

Kopernican can permit to App to save data in pseudo-anonymization, and at the same time promoting a level of security and control much higher than anonymized services.

Kopernican is by nature distributing roles and domains between different subjects: App, transportation layer, storage, control layer, laboratory, analysis services, insurance services…

This federation of components has two base glue technology: pervasive cryptography using public-key infrastructure, smart-contract like control line transmission.

The result is the capability of the foundation to have not a single point of failure (depending on the kind are needed from two to three-point to access the private data with various limits).
The distributed federation of App and Services is managed by different subjects/organization to guarantee also physical and organizational security.

Kopernican in the way is separating App and Services stakeholder permit to build public infrastructure, ensuring the availability in a controlled eco-system of data. Meaning the nature of data collected, pseudo-anonymization, granularity, and functionality of services can be guarantee by a public trust. Creating a public infrastructure permits an exponential effect on App and services development, ensuring at the same time, the level of confidence to engage users.

The implementation characteristic of transparency permits to asses the full infrastructure and all App and Services from all point of views:

  • GDPR compliance as effective anonymization
  • Security, with assessment and certification of infrastructure and subjects
  • Ethics, the reverse of the real ownership of data open complete new scenarios

To see how Privacy by Design can support a broad scope, you can look at the project proposed to Unite Nation on their call for innovations supporting Sustainable Development. The solution proposed, based on the concept of “nudge” as eco-kudos, use the distributed architecture and privacy widely: https://www.globalinnovationexchange.org/innovation/eco-kudos

How I built it

The current presentation is the demonstration of the model as a capability to fulfill the need to empower the contrast to Covid-19 thanks to an infrastructure capable of multiplying App, Services, and adoption exponentially.

In the attached document, there are further descriptions about the assessment of the model, also with certifications and implementation.

Challenges I ran into

Representing a benchmark of a complex system requires the capability to share the dynamic model with schemas, and evaluation matrix with canvas covering the main tree aspects: privacy, Security, Ethics.

We need support in both the assessment and developing phase, in particular, to understand the interest of the government to support the infrastructure as a public benefit.

What's next for PrivacyByDesign eco-system

We need to catalyze the interest of the private and public sectors to find the investment required to start the assessment and development process.
The modular architecture will permit a gradual release as features and components starting operations in the early stages of development.
Thanks to the nature of the infrastructure, the scalability is maximum, permitting to pair requests and costs.

Our positioning

Impact We want to improve the overall Privacy and Security compliance, permitting a better and faster development of health-related App & services. We think there is a public interest in a moment like the current one but in general to create a European approach and eco-system to leverage in our values. This regional resource is built through standards, open systems, infrastructure, and interoperability to achieve a more straightforward approach to the market, optimal total quality, and competition. The use of a distributed architecture can permit to create a real European regional infrastructure with Service and App provider across the countries. Intrinsic characteristics like scalability and granularity with modular distributed architecture represent a solution across Europe. At the same time, without conditioning local intrapreneur and regulations.
We think this is very different from the primary cloud provider and is more in the interest of European stakeholders and future innovations.

Technical Complexity & Novelty On depositing the patent, we did extensive research on what is the technical/business model of other solutions. The result is none of the more prominent players have an interest in users controlling their data.
Creating an open eco-system is not a priority even for a solution using decentralized data. So we think there is a space for something new focused on the add-value of the system; all stakeholders and, in particular, the user respect the interest of one player. More than complex is the technical model that is difficult to understand for the company concentrated more on control and revenue than creating value. The focus on the confidence of data is also differentiating respect other solutions like Solid founded by Berners Lee. User-centric solutions are currently one of the trending topics in many research, Kopernican is human-value centric also from ethics.

Completion The patent itself is a technical model description with details of the implementation and qualifying of the solution. We already did an initial assessment with professionals in Privacy and Security. We use consolidated technologies like public-key infrastructure and standard protocols. Adding the progressive development enabled by modularity, we plan a fast-moving through from developing to Proof of Concept arriving in production.
Application and Service templates are focus on making the eco-system faster in growing and adoption.

Business Plan The business model is focused, and targeting the minimal: defining standards, creating initial software and templates, providing startup services. Base infrastructure and providing standards and controls is a minimal role with a substantial catalyzing capability; this can be called a commodity in the end model like the 3WC consortium. It can be from the initial startup services the project split in two, but the base technology requires the separated entity to manage the different parts.

Built With

  • api
  • json-rpc
  • soap
Share this project:

Updates