MYDATA Control Technologies for strengthening informational self-determination
it-sa 2018: Fraunhofer IESE presents new technology for data sovereignty
The exchange of data presents companies with great challenges: Granting access to one’s data without exercising control entails great risk. However, it would be counterproductive and would diminish the company’s competitiveness to forego exchange entirely. With MYDATA Control Technologies (MYDATA), the Fraunhofer Institute for Experimental Software Engineering IESE in Kaiserslautern has developed a technology for the implementation of data sovereignty to strengthen informational self-determination. How this next-generation data protection works will be demonstrated by the researchers from Fraunhofer IESE at the IT security trade fair it-sa in Nuremberg from 9 to 11 October 2018.
Make the most of opportunities with MYDATA, without ignoring the risks!
Not least since the European General Data Protection Regulation entered into force, organizations must take into account diverse data privacy requirements such as self-determination and transparency. In addition, data exchange with business partners always becomes a risk whenever it involves sensitive, personal, or business-critical data. Yet it would be counterproductive and would diminish the company’s competitiveness to forego exchange entirely.
MYDATA Control Technologies (MYDATA) enables companies to strike a smart balance in data transfer: They can filter or mask their data in accordance with legal requirements and company regulations before passing it on. MYDATA is a technical implementation of data sovereignty that represents an essential component for informational self-determination. It is based on the IND²UCE framework for data usage control developed at Fraunhofer IESE. MYDATA implements data sovereignty by interfering in security-relevant data flows. This enables fine-grained masking and filtering of data flows at interfaces (APIs) in order to make these anonymous, for example.
Compared to traditional access control systems, MYDATA can enforce partial filtering and masking of data, context- and situation-dependent restrictions, as well as limitations regarding the usage purpose. Compliance with data sovereignty through changes in the data flows is controlled by a set of policies.
Data usage control has a wide variety of application areas
At it-sa 2018, Fraunhofer IESE will present different scenarios illustrating how the MYDATA technology can be used in companies, banks, or in rural areas to preserve data sovereignty. If, for example, a supplier wants to notify a company of an imminent delivery bottleneck, this information should not be published or disseminated in an uncontrolled manner. In such a case, MYDATA can ensure that usage of this data is limited in terms of time and that only an authorized group of people can use this data. In the bank scenario, the bank customers can decide for themselves which transaction data will be released to external companies. Thanks to MYDATA, customers can also use the added value provided in the context of the EU Payment Service Directive (PSD2), while simultaneously being able to exercise self-determination with regard to data usage by third parties. This creates more trust by strengthening their data sovereignty.