Currently, public administration is undergoing significant transformations, driven by a greater demand for transparency and efficiency in a participative framework involving nonprofit organizations, enterprises, and citizens, with the modern network infrastructure as a common medium. The Open Data movement is considered one of the keys to this change. To the best of our knowledge, the current generation of Open Data has to date provided only static datasets in which no data concerning specific individuals could be included, due to obvious privacy issues. Public administrations hold a great deal of data of a personal kind, as do many private entities. Consider, for instance, the huge amount of personal data contributed to the various online social networks, or the electricity consumption data collected and stored by energy providers, or the telephone and internet data collected by telecommunications companies. The lack of such personal data in the Open Data realm, and the static nature of the released datasets, are weaknesses of the current generation of Open Data. Without personal data and without timeliness, it is impossible to build useful services tailored to the actual needs of a given individual at a given time. We argue that, by segregating or "protecting" our personal data, those public and private entities become the "owners" of our data. This means they hold a monopoly on services, while we, the legitimate owners of the data, must abide by their terms and conditions concerning how our data are treated and used. By unleashing personal data "into the wild", such a monopoly would collapse and a new ecosystem of personal services based on these data could flourish. Of course nobody wants personal data to enter the public domain without any control. We argue that an appropriate policy for online disclosure of personal data is one where the individuals are restored to their role of "data owners" and are allowed to exert online control over data accesses being performed by third parties. This idea of "smart disclosure" of personal data is expected to be one of the forthcoming evolutions of Open Data. Based on the above arguments, we propose a possible implementation of "smart disclosure" that takes advantage of the OAuth 2.0 authorization framework. If properly implemented, OAuth 2.0 guarantees access to selected personal data upon authorization by the individual data owner. An implementation is presented together with possible use cases.
Open Data and Personal Information: A Smart Disclosure Approach Based on OAuth 2.0
CIACCIO, GIUSEPPE;RIBAUDO, MARINA
2013-01-01
Abstract
Currently, public administration is undergoing significant transformations, driven by a greater demand for transparency and efficiency in a participative framework involving nonprofit organizations, enterprises, and citizens, with the modern network infrastructure as a common medium. The Open Data movement is considered one of the keys to this change. To the best of our knowledge, the current generation of Open Data has to date provided only static datasets in which no data concerning specific individuals could be included, due to obvious privacy issues. Public administrations hold a great deal of data of a personal kind, as do many private entities. Consider, for instance, the huge amount of personal data contributed to the various online social networks, or the electricity consumption data collected and stored by energy providers, or the telephone and internet data collected by telecommunications companies. The lack of such personal data in the Open Data realm, and the static nature of the released datasets, are weaknesses of the current generation of Open Data. Without personal data and without timeliness, it is impossible to build useful services tailored to the actual needs of a given individual at a given time. We argue that, by segregating or "protecting" our personal data, those public and private entities become the "owners" of our data. This means they hold a monopoly on services, while we, the legitimate owners of the data, must abide by their terms and conditions concerning how our data are treated and used. By unleashing personal data "into the wild", such a monopoly would collapse and a new ecosystem of personal services based on these data could flourish. Of course nobody wants personal data to enter the public domain without any control. We argue that an appropriate policy for online disclosure of personal data is one where the individuals are restored to their role of "data owners" and are allowed to exert online control over data accesses being performed by third parties. This idea of "smart disclosure" of personal data is expected to be one of the forthcoming evolutions of Open Data. Based on the above arguments, we propose a possible implementation of "smart disclosure" that takes advantage of the OAuth 2.0 authorization framework. If properly implemented, OAuth 2.0 guarantees access to selected personal data upon authorization by the individual data owner. An implementation is presented together with possible use cases.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
