Decentralised Data Processing: Personal Data Stores and the GDPR

International Data Privacy Law, Volume 10, Issue 4 Pages 356–384, https://doi.org/10.1093/idpl/ipaa016 (28 December 2020). Please note that the SSRN-version of this article includes an analysis of the ePrivacy Directive in the lawful grounds section.

54 Pages Posted: 6 May 2020 Last revised: 29 Jun 2021

See all articles by Heleen Janssen

Heleen Janssen

University of Cambridge - Computer Laboratory; University of Amsterdam - Institute for Information Law

Jennifer Cobbe

University of Cambridge - Computer Laboratory

Chris Norval

University of Cambridge - Computer Laboratory

Jatinder Singh

University of Cambridge -- Dept. Computer Science & Technology (Computer Laboratory)

Date Written: December 28, 2020

Abstract

When it comes to online services, users have limited control over how their personal data is processed. This is partly due to the nature of the business models of those services, where data is typically stored and aggregated in data centres. This has recently led to the development of technologies aiming at leveraging user control over the processing of their personal data.

Personal Data Stores (“PDSs”) represent a class of these technologies; PDSs provide users with a device, enabling them to capture, aggregate and manage their personal data. The device provides tools for users to control and monitor access, sharing and computation over data on their device. The motivation for PDSs are described as (i) to assist users with their confidentiality and privacy concerns, and/or (ii) to provide opportunities for users to transact with or otherwise monetise their data.

While PDSs potentially might enable some degree of user empowerment, they raise interesting considerations and uncertainties in relation to the responsibilities under the General Data Protection Regulation (GDPR). More specifically, the designations of responsibilities among key parties involved in PDS ecosystems are unclear. Further, the technical architecture of PDSs appears to restrict certain lawful grounds for processing, while technical means to identify certain category data, as proposed by some, may remain theoretical.

We explore the considerations, uncertainties, and limitations of PDSs with respect to some key obligations under the GDPR. As PDS technologies continue to develop and proliferate, potentially providing an alternative to centralised approaches to data processing, we identify issues which require consideration by regulators, PDS platform providers and technologists.

Keywords: Federated data processing, personal data stores, data protection, responsibility, transparency, control, GDPR, lawful grounds, personal and household exemption, special categories of data

Suggested Citation

Janssen, Heleen and Cobbe, Jennifer and Norval, Chris and Singh, Jatinder, Decentralised Data Processing: Personal Data Stores and the GDPR (December 28, 2020). International Data Privacy Law, Volume 10, Issue 4 Pages 356–384, https://doi.org/10.1093/idpl/ipaa016 (28 December 2020). Please note that the SSRN-version of this article includes an analysis of the ePrivacy Directive in the lawful grounds section., Available at SSRN: https://ssrn.com/abstract=3570895 or http://dx.doi.org/10.2139/ssrn.3570895

Heleen Janssen (Contact Author)

University of Cambridge - Computer Laboratory ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

University of Amsterdam - Institute for Information Law ( email )

NIeuwe Achtergracht 166
Amsterdam, North Holland 1018 WV
Netherlands

HOME PAGE: http://https://blockchain-society.science/?page_id=67

Jennifer Cobbe

University of Cambridge - Computer Laboratory ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Chris Norval

University of Cambridge - Computer Laboratory ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Jatinder Singh

University of Cambridge -- Dept. Computer Science & Technology (Computer Laboratory) ( email )

15 JJ Thomson Avenue
William Gates Building
Cambridge, CB3 0FD
United Kingdom

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
234
Abstract Views
1,128
rank
160,709
PlumX Metrics