The European Commission’s Roadmap on “eGovernment towards 2010” contains an item called “Personal Data Ownership Model”, which flags the issue of how personal data might be managed in the future with greater automation of eServices and greater demands for both privacy and security.
I drafted a short set of slides for discussion at a quadrilateral governmental meeting in London in June, but which were not discussed because of lack of time. Nonetheless, several people have indicated that this is an important approach that needs to be discussed further.
In the meantime, at the XML Summerschool in Oxford last week, there was a whole day discussion on eID, personal data and SOA-approaches to eServices as well as some out-of-session bilateral meetings. I discussed my slide set with several people and there is considerable interest in the basic premise: how the citizen can maintain control and overview of use of his/her personal data in/by eServices, whilst providing stronger authentication and simultaneously data protection. Some in particular believe the time is right to start an activity within OASIS to develop a standard model for handling personal data. I will be assessing the level of support for this approachin the coming weeks.
In the Commission “Roadmap”, we refer to “ownership model”, but there are several issues including a personal data model, service model, as well as ownership model. I have already offered to transform the slideshow into a working document that could/should contain “actionable” items and not just an overview of the problem and issues. Such a document could include technology issues, standards issues, and policy issues.
The draft slideshow is available and is being constantly updated. I would propose to base a discussion paper on this slide set.
Added: the draft discussion paper Outline of possible standards-based approach is now available…