Abstract
Personal information management systems (PIMS) aka personal data stores (PDSs) represent an emerging class of technology that seeks to empower individuals regarding their data. Presented as an alternative to current ‘centralised’ data processing approaches, whereby user data is (rather opaquely) collected and processed by organisations, PDSs provide users with technical mechanisms for aggregating and managing their own data, determining when and with whom their data is shared, and the computation that may occur over that data. Though arguments for decentralisation may be appealing, there are questions regarding the extent to which PDSs actually address data processing concerns. This paper explores these questions from the perspective of PDS users. Specifically, we focus on data protection, including how PDSs relate to rights and the legal bases for processing, as well as how PDSs affect the information asymmetries and surveillance practices inherent online. We show that, despite the purported benefits of PDSs, many of the systemic issues of online/data ecosystems remain.
Highlights
Online systems and services are driven by data
A Personal data stores (PDSs) device provides the user with technical means for mediating, monitoring and controlling: (i) the data captured, stored, passing through, or otherwise managed by their device; (ii) the computation that occurs over that data; and (iii) how and when the data, including the results of computation, is transferred externally
PDSs are grounded in the mistaken idea that with enough information presented in the right way, individuals will be able to overcome barriers that are structural and systemic in nature (Nissenbaum, 2011)
Summary
Online systems and services are driven by data. There are growing concerns regarding the scale of collection, computation and sharing of personal data, the lack of user control, individuals’ rights, and generally, who reaps the benefits of data processing (German Data Ethics Commission, 2019). Proponents of PDSs argue that it empowers users, by “put[ting] individuals in control of their data” (Crabtree et al, 2018) This is because PDSs provide means for ‘users to decide’ what happens to their data; in principle, third-parties cannot access, receive or analyse the data from a PDS without some user agreement or action. PDSs seek to provide an alternative to today’s predominant form of data processing, where organisations collect, store and/or use the data of many individuals. As this often occurs within a single organisation’s technical infrastructure, there may be limited scope for individuals to uncover – let alone control – what happens with their data.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
