- The EU’s General Data Protection Regulation was passed in 2016 and went into effect in 2018.
- Gives all EU citizens the right to control who has access to their personal data and to be notified on which personal data any given company has on them.
- Since then, several countries such as Brazil, Japan, South Africa and South Korea have passed similar data regulations, whereas the UK has kept the GDPR regulations after leaving the EU.
- Violations may be punished with fines up to 20 million euros or four per cent of the company's annual turnover.
- Currently, the EU has issued around 1400 fines totaling 2,4 billion euros according to GDPR tracking service Enforcement Tracker. The biggest fine has been given to Amazon in July 2021 totaling 746 million euros – Amazon has appealed the verdict.
Taking back privacy control
Privacy-friendly big data
In essence, DataVaults wants to build up our trust so we can confidently share data without fear of it being misused. There is great potential in big data, where large data sets are used to see new connections, but it must be done responsibly. One of the project's partners is the French healthcare platform Andaman7, which uses DataVaults to collect data on patients that they use for clinical research.
"If you want to look at how many people suffer from a certain disease, we can collect the results but anonymize the individuals," says Weizhi Meng.
Similarly, a Spanish solar cell manufacturer participates in the project and uses DataVaults to obtain data on users' electricity consumption to predict the demand for electricity at different times of the day.
But DataVaults also wants to give back the financial incentives to us. Whereas Google and Facebook bring in billions of ad dollars from harvesting our data, users of DataVaults can be rewarded for sharing their data. It could be monetary, but also as the Italian municipality of Prato is doing by rewarding residents who share their cultural preferences and habits with tickets to a performance for instance.
However, DataVaults cannot do anything about the information we have already freely given away.
"We can protect the data in the DataVaults, but if Google and Facebook already have it, then there is not much we can do," says Weizhi Meng.
After three years, the DataVaults project is coming to an end, and the platform’s beta version is now ready. Long term the hope is that the EU or another authority will be interested in taking ownership of the platform, as it requires consumer trust and resources to handle the personal data of potentially millions of people.
“The more people using DataVaults, the better it will be. When it comes to big data, it obviously works best with as many users as possible," says Weizhi Meng.
In the future, the pressure on our personal data will only increase, and the DTU associate professor believes that, although GDPR is a good start, there is a need to continue to improve the rules and solutions within the protection of personal data.
“It will only become more important in the future. Suppose we enter the era of the metaverse (virtual worlds in 3D), then personal data becomes the top priority. When everything becomes digitalized, those who have data can control everything,” says Weizhi Meng.
DataVaults is a large project with 17 partners from nine EU countries. It has received funding of 7.6 million euros, the majority of which comes from the EU's research and innovation programme.
DTU is responsible for ensuring that the information is stored securely by developing a blockchain solution for DataVaults so it can always be tracked who has changed the data and when. DTU is also responsible for implementing crypto processors with Trusted Platform Module.
Read more on datavaults.eu
Denmark is at the forefront when it comes to the use of technology and digital solutions. This brings about great opportunities – but also makes Denmark an obvious target for IT crime. Consequently, there is a great need for research and training in cyber security to ensure that technology continues to create value for people.
Read more in DTU's cyber security topic.