DECODE – Decentralised Citizens Owned Data Ecosystem (EU Project)

Executive summary

DECODE will increase digital sovereignty of European citizens by enabling them to produce, access and control their data and exchange contextualized information in real-time, and in a confidential, and scalable manner.
DECODE will develop a modular privacy-aware IoT hub with a free and open source operating system backed by a state of the art distributed ledger technology (DLT) infrastructure supporting smart-contracts and privacy protections.

Background

Today’s Internet is becoming increasingly centralized, slowing innovation and challenging its potential to revolutionize society and the economy in a pluralistic manner. DECODE will develop practical alternatives through the creation, evaluation and demonstration of a distributed and open architecture for managing online identity, personal and other data, and collective governance in a citizen-friendly and privacy-aware fashion. Strong digital rights that makes it possible for data subjects to determine access rights to their information through flexible entitlements and open standard-based agreements regarding data governance (on the model of Creative Commons licenses) will be woven into the technological architecture.

Objectives

The DECODE project develops a distributed and privacy-aware architecture for decentralized data governance and federated identities. The platform adopts Attribute-Based Cryptography (ABC) to sensitive information, ideas from Certificate Transparency (CT) for identification, and Blockchain Technology for federated data access, distribution and resilience.
The DECODE architecture is fully decentralized and allows for a flexible and extensible data governance that can be applied to different regimes of data ownership and privacy, implemented through smart contracts that will define access to subsets of data for specific use(s) granted to specific subject(s), according to a defined ontology.
DECODE allows the consensual use of personal data in anonymous form for personalized services and applications that may be authorized to manage it. This mechanism defines the rules for data flow among any type of data sets or indexes provided by data aggregators.
Once the access is granted the data can be processed by services subscribed to its feed and entitled to access it. It can be collected by any of these services or IoT applications. The DECODE platform aims to integrate the technical, economical and legal frameworks, managing common data, public data and personal data.
The results of the project (smart rules, platform specifications, protocols, ontology, semantic specifications) will be released under a Free and Open Source Software (FOSS) license. General DECODE’s objectives in which Nexa Center is involved are:
1) Create actionable legal and governance tools for European citizens, companies and cities running on a distributed cryptographic ledger that enable disruptive commons-based business models intrinsically respectful of privacy and digital sovereignty;
2) Empower citizens to control and own their data;
3) Contribute to an open standardization process in the fields of data portability, federated or distributed identity management, blockchains, and smart rules.

Results

The project ended on December 2019. The Nexa Center for Internet and Society has been responsible for the task to analyze the legal and ethical frameworks involved in the adoption of the Decode technology, including the cases where the processing of personal data is involved. In October 2018, the document “Legal Framework for digital commons Decode OS and Legal Guidelines” was published. It concerns the review of the legal sets of rules involved by the creation of digital commons including (or not) personal data through the use of the Decode OS technology, and guidelines to be practically used for the development of the Decode OS.
In October 2018 was released the document “Licensing of digital commons including personal data”, that was updated in August 2019. The updated version provides a review of the licensing options for data commons, even cases in which data commons include personal data, and the design of a set of smart rules to be adopted (also within the context of the DECODE pilots) when personal data are processed. In addition, the document offers an initial set of smart rules to be adopted by the pilots or other services based on DECODE OS in order to strength users control on data commons, a table for evaluating the compatibility of free licenses to be adopted for DECODE artefacts, and a Data Commons Privacy Pledge, that is a pool of voluntary standard commitments for strengthening data privacy rights and digital commons values.
The Nexa Center was involved in the definition of the legal ontology adopted for Decode Smart Contracts and supported the legal compliance of the pilots. The Center was also involved in the dissemination activities of the project.