OwnYourData/Data Donation

From Data Privacy Vocabularies and Controls Community Group

Data Donation

The OwnYourData data donation page allows you to donate data (e.g. for resarch experiments) in a privacy respecting way. Data requestors describe the data that they are looking for and provide the necessary infrastructure. Individuals who want to participate in the data donation can submit there data and specify the allowed usage policy. The website https://donate.ownyourdata.eu acts as a user interface to perform the data donation, allows to configure individual choices and provides meaningful responses.

Use-Case Overview

The data donation use-case demonstrates transforming user data and merging relevant metadata to be automatically checked against a well defined data request. Additionally, it implements the necessary infrastructure and provides services to cover the following requirements from a user perspective:

  • data validation: check provided data records against specified data
  • provenance trail: describe data source with optional unambiguous identification of the data donator
  • usage policy: restrict allowed usage of the data
  • data integrity: the complete data set including provenance trail and usage policy is made immutable through writing the hash value into the Ethereum blockchain

1. Categories of personal data involved

all types of personal data can be used for data donations

2. Purposes for personal data handling

  • sharing data for a good cause
  • supporting research out of personal interests

3. Different kinds of processing of personal data involved

the framework allows any kind of data processing and is based on the concept of Semantic Containers

4. Data subjects, Controllers, Processors, and Recipients involved

participating actors and their role is described in the section "Actors" below.

5. Storage & Security aspects

Storage Locations and Duration

The data donation web page itself is just a frontend to a Semantic Container. Information about storage location and duration is shown for the selected Data Donation when clicking the button "About Donation Request".

Security Measures (including e.g. anonymisation "levels", pseudonymisation)

Semantic Containers will provide OAuth2 access methods to access the data. Currently, there are no plans to encrypt the data in containers.

6. Means of Legitimation for Personal Data Processing

A user of this service can set detailed options for exposing his/her identity and specifying the allowed usage policy for using the submitted data.

Actors

Data Requestor: person or institution that is looking for data; this actor provides a publicly available Semantic Container initialized with a semantic description of the data request and intended purpose of the collected data

Data Donator: a person donating personal data with the option to provide his/her email, signing the data with a private key, and restricting the allowed usage of the provided data

OwnYourData: a public charity operating the web site https://donate.ownyourdata.eu, developing Semantic Containers as open source project and offering a public API to write data to the Ethereum blockchain (https://seal.ownyourdata.eu)

Requirements

  • Taxonomy for personal data - provided by Data Donator
  • Taxonomy of purposes

Pre-conditions

  1. Data requestor semantically describes requested data and intended purpose of the data
  2. Semantic Container infrastructure as promoted by OwnYourData is used

Workflow and Dataflow Description

  • Data Requestor identifies data need
  • Data Requestor semantically describes requested data and intended purpose of the data
  • Data Requestor sets up a Semantic Container by uploading the semantic description from above to a Base Container (a Base Container is a docker container with the necessary infrastructure to act as a Semantic Container when initialized with a semantic description)
  • Data Requestor makes Semantic Container available on a public server and promotes data donations
  • Data Donator enters data and specifies privacy of donation and allowed usage of data donation
  • Data Donator can optionally review the data to be submitted
  • Semantic Container validates data donation and if the check is positive it stores the data donation
  • further optional processing steps take restricted usage definition of individual data donations into account

Examples

Step Count Data Donation: Todays smartphones record a rough estimate of steps we walk every day and interviews with various people indicate that this personal data is deemed suitable to try a personal data donation scenario. On the website https://donate.ownyourdata.eu individuals can submit their step count data and get an aggregated list from all participants.

Retrieved from "https://www.w3.org/community/dpvcg/wiki/index.php?title=OwnYourData/Data_Donation&oldid=255"