Enabling the new economic actor: data protection, the digital economy, and the Databox

This paper offers a sociological perspective on data protection regulation and its relevance to design. From this perspective, proposed regulation in Europe and the USA seeks to create a new economic actor—the consumer as personal data trader—through new legal frameworks that shift the locus of agency and control in data processing towards the individual consumer or “data subject”. The sociological perspective on proposed data regulation recognises the reflexive relationship between law and the social order, and the commensurate needs to balance the demand for compliance with the design of computational tools that enable this new economic actor. We present the Databox model as a means of providing data protection and allowing the individual to exploit personal data to become an active player in the emerging data economy.The authors acknowledge the support of the EPSRC, Grants EP/M001636/1, EP/M02315X/1, EP/N028260/1, and EU FP7 Grant 611001.This is the final version of the article. It first appeared from [PUBLISHER] via http://dx.doi.org/10.1007/s00779-016-0939-

Accountable Internet of Things? Outline of the IoT databox model

© 2017 IEEE. This paper outlines the IoT Databox model as a means of making the Internet of Things (IoT) accountable to individuals. Accountability is a key to building consumer trust and mandated in data protection legislation. We briefly outline the 'external' data subject accountability requirement specified in actual legislation in Europe and proposed legislation in the US, and how meeting requirement this turns on surfacing the invisible actions and interactions of connected devices and the social arrangements in which they are embedded. The IoT Databox model is proposed as an in principle means of enabling accountability and providing individuals with the mechanisms needed to build trust in the IoT

Zest: REST over ZeroMQ

In this paper, we introduce Zest (REST over ZeroMQ), a middleware technology in support of an Internet of Things (IoT). Our work is influenced by the Constrained Application Protocol (CoAP) but emphasises systems that can support fine-grained access control to both resources and audit information, and can provide features such as asynchronous communication patterns between nodes. We achieve this by using a hybrid approach that combines a RESTful architecture with a variant of a publisher/subscriber topology that has enhanced routing support. The primary motivation for Zest is to provide inter-component communications in the Databox, but it is applicable in other contexts where tight control needs to be maintained over permitted communication patterns

Personal data management with the databox: What's inside the box?

We are all increasingly the subjects of data collection and processing systems that use data generated both about and by us to provide and optimise a wide range of services. Means for others to collect and process data that concerns each of us -- often referred to possessively as "your data" -- are only increasing with the long-heralded advent of the Internet of Things just the latest example. As a result, means to enable personal data management is generally recognised as a pressing societal issue. We have previously proposed that one such means might be realised by the Databox, a collection of physical and cloud-hosted software components that provide for an individual data subject to manage, log and audit access to their data by other parties. In this paper we elaborate on this proposal, describing the software architecture we are developing, and the current status of a prototype implementation. We conclude with a brief discussion of Databox's limitations

The practical politics of sharing personal data

The focus of this paper is upon how people handle the sharing of personal data as an interactional concern. A number of ethnographic studies of domestic environments are drawn upon in order to articulate a range of circumstances under which data may be shared. In particular a distinction is made between the in situ sharing of data with others around you and the sharing of data with remote parties online. A distinction is also drawn between circumstances of purposefully sharing data in some way and circumstances where the sharing of data is incidental or even unwitting. On the basis of these studies a number of the organisational features of how people seek to manage the ways in which their data is shared are teased out. The paper then reflects upon how data sharing practices have evolved to handle the increasing presence of digital systems in people’s environments and how these relate to the ways in which people traditionally orient to the sharing of information. In conclusion a number of ways are pointed out in which the sharing of data remains problematic and there is a discussion of how systems may need to adapt to better support people’s data sharing practices in the future

Valorising the IoT Databox: creating value for everyone

The Internet of Things is expected to generate large amounts of heterogeneous data from diverse sources including physical sensors, user devices and social media platforms. Over the last few years, significant attention has been focused on personal data, particularly data generated by smart wearable and smart home devices. Making personal data available for access and trade is expected to become a part of the data-driven digital economy. In this position paper, we review the research challenges in building personal Databoxes that hold personal data and enable data access by other parties and potentially thus sharing of data with other parties. These Databoxes are expected to become a core part of future data marketplaces. Copyright © 2016 The Authors Transactions on Emerging Telecommunications Technologies Published by John Wiley & Sons, Ltd

Valorising the IoT Databox: creating value for everyone

The Internet of Things (IoT) is expected to generate large amounts of heterogeneous data from diverse sources including physical sensors, user devices, and social media platforms. Over the last few years, significant attention has been focused on personal data, particularly data generated by smart wearable and smart home devices. Making personal data available for access and trade is expected to become a part of the data driven digital economy. In this position paper, we review the research challenges in building personal Databoxes that hold personal data and enable data access by other parties, and potentially thus sharing of data with other parties. These Databoxes are expected to become a core part of future data marketplaces.Charith Perera’s and Arosha Bandara’s work is funded by European Research Council Advanced Grant 291652 (ASAP), Hamed Haddadi’s, Richard Mortier’s, and Derek McAuley’s work is funded by EPSRC Databox (EP/N028260/1), Jon Crowcroft’s, Irene Ng’s and Susan Wakenshaw’s work is funded by EPSRC Home Hub-of-all- Things (HAT) (EP/K039911/1), Andy’s work is funded by Privacy-by-Design (EP/M001636/1), Jon Crowcroft’s and Richard Mortier’s work is also funded by EU FP7 User Centric Networking, grant no. 611001.This is the final version of the article. It first appeared from Wiley via https://doi.org/10.1002/ett.312