Skip links

EU Report: PIMS Can Support Data Protection Principles

Report. An EU opinion explores the concept of technologies and ecosystems aiming at empowering individuals to control the sharing of their personal data. The so-called personal data stores entail huge perspectives in supporting data protection principles, but they also face huge challenges such as penetrating a market of ‘free’ services and keeping data secure.

This opinion has decided to call the new trend ‘personal information management systems’ or ‘ PIMS’ for short – others call it Personal Data Stores, PDS, MyData, Selfdata or Vendor Relationshop Management.
The opinion describes what PIMS are, what problems they are intended to solve and how. It analyses how PIMS can contribute to a better protection of personal data and what challenges they face. Finally, it identifies ways forward to build upon the opportunities they offer.

The core idea behind the PIMS concept is to transform the current provider centric system into a system centred on individuals able to manage and control their online identity. In principle, individuals should be able to decide whether and with whom to share their personal information, for what purposes, for how long, and to keep track of them and decideto take them back when so wished.
There are many different PIMS, some storing data in the cloud, others locally, some commercial, others non-profit. And despite the fact that they deliver great promises, there are several hurdles according to the opinion:
  • they face the overarching difficulty of penetrating a market dominated by online services based on business models and technical architectures where individuals are not in control of their data
  • they face huge risk regarding storage of data. Centralised storage of all or a very significant portion of a user’s personal data might represent a high risk per se. But also local storage on the device as well as cloud-based services bear their own specific security risks.

The paper concludes: The emerging landscape of PIMS, aiming at putting individuals and consumers back in control of their personal data, deserves consideration, support and further research with a view to contributing to a sustainable and ethical use of big data and to the effective implementation of the principles of the recently adopted GDPR.

Read the opinion