Fostering trust with transparency in the data economy era: an integrated ethical, legal, and knowledge engineering approach

Why is it hard for online users to trust service providers when it comes to their personal data? While users might give away their data when using their services, this does not mean that they necessarily trust these companies. Building trust in online services is particularly relevant as digital economy policy strategies, such as the EU Data Strategy, deposit a considerable amount of faith in the benefits of a data-driven society. To achieve this goal, transparency should be considered a necessary feature, on which trust can be built. According to scholarly literature, the more information provided to data subjects, the less power asymmetry, caused by a lack of knowledge, between them and data controllers will exist. In this respect, transparency around data processing has been, and still is, conveyed through privacy notices. But these are far from being used as helpful tools to navigate complex data-intensive environments. Technical developments, such as Solid personal datastores, provide a fertile ground for the negotiation of privacy terms between the involved parties. But to do so, it is necessary to have clear and transparent processing conditions. However, while certain specifications have been developed to accommodate for the representation of privacy terms, there is still a lack of developed solutions to address this problem. With this in mind, we propose the usage of the Privacy Paradigm ODRL Profile (PPOP), which extends ODRL and DPV to specify data processing requirements for personal datastores envisaged as key core elements of the data economy. To demonstrate the usage of PPOP, a set of policy examples will be provided, as well as a prototype implementation ofa generator of machine and human-readable PPOP policies.