Giuseppe Ciaccio, Antonio Pastorino and Marina Ribaudo
names and addresses of restaurants in the region). No data concerning individuals have been released because of obvious privacy reasons. As already stated in a position paper of ours( Ciaccio 2012), such a lack of personal data in the Open Data realm, along with the static nature of the released datasets, are weaknesses of the current wave of Open Data. Without personal data and without timeliness, it is indeed impossible to build useful services tailored to the actual needs of a given individual at a given time.
Many of the data managed by public administrations as well as private entities are of a personal kind. Consider, for instance, the huge amount of personal data contributed to the various online social networks, or the electric consumption data collected and stored by energy providers, or the telephone and internet data collected by telecommunications companies. As these data are not in the Open Data domain, those public and private entities may act as the“ owners” of our data. This means they hold a monopoly on services while we, the legitimate owners of the data, must abide by their terms and conditions concerning how our data are treated and used.
By unleashing personal data“ into the wild”, such a monopoly would collapse and a new ecosystem of personal services based on these data could flourish. In such a scenario, the various administrations holding our data are responsible for ensuring data authenticity and integrity, preventing any unauthorized access, yet allowing what is called a smart disclosure of personal data to the web.
The importance of personal data as an economic asset on its own is now being acknowledged worldwide( Schwab 2011), along with the need to strengthen trust by people in the possible process of smart disclosure to be undertaken by public administrations( Hoffman 2012). Smart disclosure of personal data is considered a forthcoming process capable of“ enormous economic and civic good opportunities”( Howard 2012). A recent white paper from the UK Government( UK Government Cabinet Office 2012) stresses the importance of smart disclosure as an enhancement of the current Open Data movement. The `midata ' initiative by the UK Government( www. bis. gov. uk / news / topstories / 2011 / Nov / midata) and the Smart Disclosure initiative by the White House( www. whitehouse. gov / blog / 2012 / 03 / 30 / informing‐consumers‐through smart‐disclosure) are two programs aimed at promoting smart disclosure of customer ' s personal data held by companies and providers, so as to allow people to make better choices.
It might be argued that adding personal data to the Open Data heap might jeopardize our privacy, if done in the wrong way. However, this risk is also present with the current process of releasing massive anonymized datasets. By definition, these datasets leak personal information, and information from many datasets may be jointly mined in search of individual profiles. The inferred profiles may sometimes be linked to real identities, leading to statistical de‐anonymization or“ identity disclosure through mosaic effect”( Hoffman 2012). The whole Open Data movement would immediately come to an end, should these confidentiality concerns prevail over the individual and social benefits of transparency and smart disclosure. A balance between privacy and transparency must clearly be sought, with the information technology playing a key role.
Another criticism is that, once disclosed and no matter how“ smartly” this is done, our personal data might be copied somewhere else and we, the legitimate owners, would no longer be able to exert control over the copies. But this indeed holds without disclosure as well, as we currently have no choice but to trust the entity that stores and“ owns” our data, without any actual control by us. In addition, due to the lack of smart disclosure, we are forced to input our personal information by hand every time we register for a new online service( and abide by their terms and conditions). It would be much easier to refer to a single master copy of our personal data, either centrally stored or scattered across servers in a distributed system, and smartly disclose them to third parties after obtaining their formal commitment online to our terms and conditions( for instance, prohibiting unauthorized distribution of copies).
Last but not least, a proper technology for a“ sufficiently smart” disclosure of data remains to be identified, along with a number of practical use cases working as an informal definition of what a smart disclosure is. In this paper we propose a few such use cases, and we advocate the use of the OAuth 2.0 authorization framework( OAuth Working Group 2010) to achieve smart disclosure. On the basis of this approach, individuals are restored to their role of resource owners while administrations( public or private ones) are stripped of their de‐facto ownership of personal data and keep a role of bare resource managers. A resource owner( namely, an individual) may grant online authorization to any third party application to use a given item of personal data located on a given resource manager, in exchange for a useful personalized online service that the application
136