For any business or individual, data storage is an essential part. However, it should go without saying that they must keep their data securely and reliably. Today Large organizations centrally store data in a cloud storage system. That way data becomes open to security concerns like cyberattacks and other data-related risks. Facebook’s data breach and leak crises from 2018 and 2021 provide the most recent examples of that. These occurrences highlighted the vulnerabilities in the centralized storage systems. A centralized storage system keeps all of an enterprise’s data on the host’s main server. The hosts have the power to monitor, filter, or even disclose any data to any outside parties. Naturally, the business or individual of that data loses the capacity to manage and alter its data storage configuration. Data owners with more large data find this lack of control and customization to be an inconvenience.
Decentralized storage solutions rely on a peer-to-peer network of user-operators who share pieces of encrypted segments of overall data. A reliable system for sharing and storing data is produced as a result. Personal Data Store (PDS) technology entails providing an individual (a PDS user) with a device dedicated to managing their data without the involvement of a third party. This technology provides a technical environment that encapsulates the user’s data and provides mechanisms that allow the user to monitor, mediate and control tasks such as data flow in/out of the device and computation over the device’s data. In line with this, PDSs claim to empower users by putting “individuals in control of their data.” In essence, the concept is that third parties cannot access, take data from, or compute the personal data store without user agreement or intervention.
Instead of having data about us owned by decentralized internet monopolies, PDSs promise to return control to users, allowing them to ‘own’ their data and control access through granular permissions. The precise definition of “ownership” varies, and not all providers offer clear legal frameworks. In addition to storing self-asserted data, some take copies of data from existing companies (similar to the ‘personal cloud’ model). The fundamental concept is that you input personal information about yourself and documentation of your identity (which includes passports and bank statements), which you can then permit others to access or indirectly use to offer you services.
PDSs involved in providing a user with a device dedicated to the user’s personal data. It enables the capture and storage of a user’s personal data within their own device—managed by the user—as well as local, on-device computation (analytics) via constrained and managed apps in accordance with user preferences, management and control over the transfer of (raw) data and/or results of analytics or other computation from the device, and a degree of user monitoring, management, and control over the foregoing. The common thread is that a PDS would ensure that your personal data is not lost if the company pivots, is bought out, goes bankrupt, or decides to delete or suspend your account because you maintain it.
Because you own the data and have the ability to revoke access, you are less vulnerable to misuse, exploitation, or data breaches. can be easily kept accurate and up to date from a single central location. Because you can see what data is accessed, you may eventually gain greater transparency into how decisions about you are made (particularly relevant for banking, government, insurance, advertising, etc.).
PDSs are said to provide the following benefits:
- Granular controls over data processing
- Better inform user consent as users gain more control over data processing (e.g., through specifications derived from manifests, risk rankings, real-time logs, audits, permanent monitoring, and visualizations).
- The architecture, which includes controlled collection, transfer, and on-device processing, ensures that data (including “sensitive data”) is better protected from unauthorized access.
- Isolated storage of user data and apps to prevent apps from interfering with data (and other apps) without user permission/intervention.
- incentivizing app developers to take more privacy-friendly approaches in general
- Possibilities for users to transact with and monetize their personal data
When it comes to the alternatives for the PDS in the industry, though still in its infancy, the technology is gaining popularity. There are several PDS initiatives in various stages of maturity, but all appear to be ‘underdevelopment’ and evolving. Examples of current deployments include Dataswift/Hub of All Things (hereafter ‘Dataswift/HAT’8), Mydex, DigiMe, or CitizenMe, while others, such as Databox and Solid (led by Sir Tim Berners-Lee9), are still in the early stages of development and gaining popularity.
With increasing volumes of commercial and personal data, there is a greater demand for safe and cost-effective storage solutions. Since the technology of personal data storage is still relatively new, it might take some time for it to gain widespread acceptance and enter the mainstream. However, it is widely acknowledged that the advantages of decentralized systems for storing personal data now outweigh those of centralized systems, and it is expected that these systems will get better over time in the future.
About The Author: Shanika Dananjani
More posts by Shanika Dananjani