French-German Workshop on Standardization in Data Economy
Smart Data Forum Berlin March 30, 2016
Contents Introduction............................................................................................................................................. 3 Background and Previous Work .............................................................................................................. 4 Standardization Organizations and Processes in France and Germany .............................................. 4 French Governmental Programs and Activities in Standardization .................................................... 4 German Governmental Programs and Activities in Standardization .................................................. 5 A European Perspective ...................................................................................................................... 5 Identified Areas of Common Interest ...................................................................................................... 6 A Taxonomy for Standards in Big/Smart Data and other Higher Level Activities, e. g. Studies ......... 6 ISÆN – Individual Social Data Auditable Access Number.................................................................... 7 Quality and Certification Processes – Meta Process Standards .......................................................... 8 Responsible/Ethical Data Management and Analytics ..................................................................... 10 Outlook .................................................................................................................................................. 12 Appendix A: Agenda .............................................................................................................................. 13 Appendix B: Participants ....................................................................................................................... 14 Appendix C: Details on Project ISÆN..................................................................................................... 15
Contact Prof. Dr.-Ing. Stefan Jähnichen,
[email protected] Luise Kranich,
[email protected] Leif Bonorden,
[email protected] Accompanying Research of the BMWi Smart Data Program,
[email protected] FZI Forschungszentrum Informatik Außenstelle Berlin Friedrichstr. 60 10117 Berlin
2
Introduction On October 27, 2015, a Conference Numerique took place in Paris – the first instance of a binational conference for France and Germany covering a variety of topics in the digital landscape. The organization was led by the national ministries for economics. The participation of François Hollande, President of France, Dr. Angela Merkel, Chancellor of Germany, and JeanClaude Juncker, President of the European Commission, illustrates the importance of this topic and the joint work. Several participants in a workshop on data economy as part of this conference observed common interest and, thus, founded a further initiative on standardization in big data/smart data. The jointly held workshop on standardization in data economy in Berlin on March 30, 2016, serves the intensifying of relations and the identification of topics with common interest in more detail. In this report the contents of the workshop as well as first results are presented. The workshop was locally organized by the FZI Research Center for Information Technology as part of the accompanying research in the German Federal Smart Data technology program. The workshop took place in the Smart Data Forum, a partner for networking, communication and knowledge transfer in the Smart Data program. The program is managed and funded by the German Federal Ministry for Economic Affairs and Energy. The coordination on the French side has been run by a task-force on big data with the Ministère de l’Economie, de l’Industrie et du Numérique, the standardization organization AFNOR and several partner companies and organizations. The Alliance Big Data has been established to coordinate efforts in this sector.
3
Background and Previous Work Presentations on the background of big data and its standardization as well as previous and current work in the field formed the workshop’s first part. The covered topics are summarized in the following.
Standardization Organizations and Processes in France and Germany The national standardization organizations in France and German presented their respective roles in standardization for the field of big/smart data. Both work on the coordination of national with international interests and standards, especially the transfer of standards on the international level to local circumstances, and act as the nations’ representatives in European and international standardization organizations. The strategic committee Information et communication numérique (Digital information and communication) of AFNOR highlights the need for voluntary standards in the sector – in contrast to mandatory regulations. Furthermore, a working group has identified several priorities for standardization work. • • •
Trust, data protection and privacy Semantics, quality of data and metadata Management systems for data, including best practices
The work is mainly driven by use cases from different sectors, e.g. industry & manufacturing, e-health & personalized medicine, e-administration & e-services. Further priorities and work are presented in the white paper Données massives - Big Data / Impact et attentes pour la normalization. The German DIN emphasizes its work as a coordinator for standardization efforts, not primarily for standards itself. Several paths are available to the development of new standards, of which the DIN SPEC is of major interest for standardization in the field of big/smart Data. The DIN SPEC process offers a fast way into a first standardized form, which appears as a major advantage towards traditional standardization processes. While the assembly of committees and number of stages to be passed are less regulated, DIN nevertheless assures the DIN SPEC to be free of conflicts with existing regulations and also provides results in a generally accepted form, thus, enabling the later transfer to a DIN or international standard. As an example, a DIN SPEC process initiated by the accompanying research in the Smart Data Program is expected to finish within nine to ten months.
French Governmental Programs and Activities in Standardization The Directorate General for Enterprises (DGE) in the French Ministère de l’Economie, de l’Industrie et du Numérique has established a program on cloud computing and big data. Projects for the “Industry of the future” and solutions for data economy – involving cloud, big data and high performance computing – are supported and funded. Focus lies on the support of sectors where the topics are not or less considered yet. For the latest call for projects in the area of cloud computing & big data EUR 25 million have been endorsed. Several partners have founded the Alliance Big Data which coordinates the efforts of different players and sectors. The topics of data itself, data management and infrastructure, as well as data usage and its presentation have been addressed within the alliance. Working from use cases, needs have been identified and an architecture for data processes has been introduced. 4
German Governmental Programs and Activities in Standardization The German Federal Government has called out a Hightech strategy in 2010 – an action plan covering several digital topics – followed by a new Digital Agenda 2025, which is currently defined. These strategies involve multiple sectors and ministries, whereas big data is primarily considered in the Federal Ministry for Economic Affairs and Energy (BMWi) and in the Ministry of Education and Research (BMBF). Recent BMBF research programs on big data include R&D projects – funded with EUR 21.4 million – and competence centers in Dresden/Leipzig and Berlin – funded with EUR 11.67 million. In the Smart Data program initiated by the BMWi thirteen projects, an accompanying research project and a forum for transfer and presentation are funded with EUR 30 million. The accompanying research within the Smart Data program covers topics of interest to all stakeholders and projects. Cross-cutting issues include legal frameworks & security, economic potential & societal acceptance, and standardization. Currently a taxonomy for rules and regulations in smart data is initiated by the Smart Data program and developed in a DIN SPEC process. The taxonomy’s objective is to enable a view on rules, which include formally specified standards, de-facto standard technology, and sets of best practices amongst others. Both perspectives, identifying a standard in the context of others, and getting an overview on standards for a specific field, will be addressed.
A European Perspective The European Commission’s aim is the creation of a Digital Single Market independent of nationality and location, and with free movements ensured. Activities of the Data Value Chain Unit (DG Connect G3) support community building and framework conditions for a data-driven economy, including the promotion of (big) data interoperability and standardization. This is for example supported by research, development and innovation projects, the Big Data Value Public-Private Partnership, and workshops and other events.
5
Identified Areas of Common Interest A Taxonomy for Standards in Big/Smart Data and other Higher Level Activities, e. g. Studies Development of the Taxonomy The German Smart Data accompanying research develops a taxonomy of rules and regulations in smart data and initiated a corresponding DIN SPEC process (DIN SPEC 91349 Taxonomy of Rules and Regulations in Smart Data). The work has been presented at the French-German workshop. While the taxonomy received positive feedback in general, some areas require additional consideration: •
•
Appropriation and applicability among various players in the field of big data need to be assured, especially different types of companies (e. g. size, sector) and organizations with different interests (e. g. providers of standard technology, services using standard technology). Internationalization needs to be considered from the start in order to enable later formal international use. Thus, in the evaluation of the taxonomy a limitation to German conditions or participants needs to be avoided.
In the French task force on big data a white paper (Données massives - Big Data / Impact et attentes pour la normalisation) has been developed. In the process of development existing standards have been evaluated in order to enable an overview on the standardization landscape in big data. While the formal DIN SPEC process is limited in participation, the French task force shall be included in evaluation of drafts and shall be able to provide input for further development. Since the task force contains or partners with various companies and other involved parties, both points needing additional consideration are tackled. The research done during the development of the French white paper serves as early help in the process.
Metadata and Data Quality With increasing amounts of data shared on data portals – either as a product for sale or according to the principles of open data – also the need to handle various different kinds of data in a meaningful way arises. Metadata and ontologies are the most common tools to link data and supporting information. Nevertheless, both do not guarantee readability and understandability – especially, when previously independent data sources are combined. While there are (de facto) standards in the area, some challenges remain in the fields of metadata ontologies, their mapping and related tools. Furthermore, the quality of shared data is a major concern. It comprises widely relevant aspects, e. g. accuracy and timeliness of data, as well as domain specific issues, e. g. the ambient air temperature during a medical measurement. With the ISO 8000 Data Quality standard a general framework exists, but the application to big/smart data and the various use cases has yet to be developed. In this area no concrete action is concluded, but these topics shall be observed and discussed when required. Possible joint activities may arise in the future.
6
ISÆN – Individual Social Data Auditable Access Number This standardization initiative is set against the backdrop of the rapidly expanding digital era of big data. It seeks to operationalize the bourgeoning policy initiatives related to big data, in particular in relation to personal data management and the protection of individuals' fundamental rights. To develop the project set forth in this paper, we have gathered an interdisciplinary team, composed of marketing and innovation specialists, data architects and lawyers specialized in issues related to business and human rights and policy making. This combination of expertise has led to the creation of a European project whose core feature is the design of an algorithm-based indicator for the use of policy makers, companies, and individuals. This indicator serves as a measurement tool to empower individuals, help them take control of their personal data, and make their fundamental right to privacy more actionable. The algorithm-based indicator we designated offers individuals, also known as end users, the possibility by blockchain and watermarking technologies to mark their stream of data. We call this indicator the ISÆN: Individual Social data Auditable accEss Number. Individuals would each be allocated an ISÆN allowing them to retrieve information about the exact localization and use of their data across the world wide web. This smart navigation could be compared with a GPS for the data. A GDPS: Global Data Positioning System. With the help of the BMWI and DGE a European working group already including the Fraunhofer Institute, AOK GeWINO and ITSO has been constituted. By sharing technologies and data experiment, this group will build a demonstrator and promote the “ISÆN Big Data & Privacy” at the national, European and international standardization bodies (AFNOR, DIN, CEN, ISO).
More details on this initiative are presented in Appendix C.
7
Quality and Certification Processes – Meta Process Standards The main idea of this topic is to define “proto-standards” enabling companies to replicate acceptable practices for a given context of use and obtain a “validation” on this basis. In the close future, the number of smart data usage will grow extremely fast. One or more proto-standards (like the ISO 9001 for organizations) will be crucial to be efficient. We will develop a bottom-up approach driven by use cases. Some use cases are already identified:
Health Design your privacy: the TIC & Santé Paris Ile de France and the FING project develop a French “blue button” or how the citizen can get his own health data in order to give access to other services. A description of the pre-definition of the project is available at mesinfos.fing.org/sante/ . The objective of the project is to allow people to see and get their personal health data and to use them for their own interest in a secure way. At this stage four objectives are set for 2016: • • • •
Demonstrate the feasibility and the potential for such a project in France. Demonstrate the interest for the citizens and the players from the health sector. Identify lockers, points of vigilance in order to define a concrete plan in 2016. Present the subject to the various players, digital health startups, decision markers, medias and the general public.
Smart Manufacturing: Project SAKE SAKE aims to develop a framework for analyzing sensor data. The project focuses mainly on applications in mechanical engineering. The project participants are currently concentrating on detailed error analysis for printing presses, with the aim of developing an automated selfoptimization system and an automatic failure prediction algorithm. In another scenario, SAKE is developing error detection software for the optimized and safe operation of compressor systems.
Supply Chain: Certificate the Process Where the Supplier is Involved (Product from Data) Project PRO-OPT smart ecosystems: PRO-OPT follows an integrated modeling approach that takes local data sovereignty into account by modeling information together with its usage restrictions and its quality. The companies involved can then analyze this secure data precisely and integrate it into their own processes. Besides preparing the data, PRO-OPT provides the platform for the distributed data analysis, data visualization and for the secure exchange of internal and external data in compliance with the usage restrictions. PRO-OPT enables companies to design production and value chains more effectively and to fix errors promptly – or even prevent them – through the effective, timely and inter-company analysis of production data. Furthermore, by making its technology available, the project creates an important stimulus for the development of new business models and processes. Project SIDAP: The smart data solutions developed within the project will be used to identify in the massive volumes of cross-company operational data the causes of equipment failures and previously unknown relationships within this context. They will also be used to develop specific countermeasures. The objectives are to improve product quality, reduce device and equipment failures, improve device performance and increase machine availability. Improved machine availability forms the basis for further automation and the remote monitoring of plants. 8
France Connect 1 Similar to the Facebook connect feature this project proposes to citizens, organizations, associations and companies a unique identification mechanism available for all digital public service available in France. The other objective of “France Connect” is to put France in conformity with the European directive eIDAS (Electronic Identification and Signature). One example of France Connect use case: "Mon dashboard Entreprise" (My company dashboard) is a website that aims to simplify the company–administration relationship. This simplification is done by three core features stack: 1) access to all the administration's documents and information about my company on one page 2) personalized legal and administrative information based on my company's data 3) tiers services that provide me features based on information I share with them with full control These features are based on two main technical principles: A) France Connect: an eIDAS compatible implementation that allows me to log-in and retrieve data in the administration's information system B) The reflexive API: an API that respects the five core principles of CNIL (France's personal data protection authority) and allows me to share data confidently with tiers operators. As eIDAS is a Europe-wide authentication technology and the reflexive API is a design principle we can imagine to use the dashboard to make French-German cooperation and installation in further countries a lot simpler for entrepreneurs.
1
www.modernisation.gouv.fr/ladministration-change-avec-le-numerique/par-son-systeme-dinformation/franceconnect-un-acces-universel-aux-administrations-en-ligne – currently no translation to English or German available
9
Responsible/Ethical Data Management and Analytics Background Due to the data explosion in the last couple of years 2 big data solutions were developed in order to provide users with tools to harness all the information. In general, big data solutions allow data consumers and analysts to get access to the filtered and processed source data. The digital world tends to establish an asymmetry of information between citizens and public authorities on one hand and private companies on the other hand with respect to collection and processing of personal data. This asymmetry creates a mistrust: fueled by hidden data usages, dissemination practices escaping the control of individuals, business models based on data over-collection – the whole framed by an obsolete regulation. Economic, political and social consensus is emerging to build trust for resolving the dilemma between the expected benefit of innovations exploiting these new potentials and the threats on privacy. Nowadays, the economic success of digital technologies on markets depends on consumers’ appropriation, and trust is a key concept explaining this process – including its first step of adoption. In areas like the health and legal domain it is important to know where the data is coming from and how it was processed in the big data pipeline. Since the same requirements apply for many other domains, this proposal suggests three standards on trust and transparency for big data: 1) 2) 3)
Trust and transparency of data: What information/data was used and where does it come from? Trust and transparency of data used and produced by algorithms: What data comes in and out of algorithms which are used in the big data pipeline? Trust and transparency of computer-aided decision-making process: What are the different criteria/steps/settings that have led to the specific decision in order to understand the global path for the reasoning?
Trust and Transparency of Data (Provenance) This point is about what data is available to the system and under what regulations (e. g. licenses, etc.). This is required in order to get traceability and provenance information about the data corpus which is used in the big data pipeline. Since the linked data community 3 has dealt with this topic before, the W3C provenance standard 4 could be reused in the big data domain. In this regard, we can consider the ISÆN development (see page 7) as the beginning of the solution coupled with the W3C provenance initiative.
Trust and Transparency of Data Used and Produced by Algorithms (Control) This point is about which and when the data of the previous point is used and what is produced out of it. It is required in order to provide evidence of usability of the input data sets and the output data sets of big data pipeline algorithms. From a user’s perspective, it represents tools allowing more control on their data towards fairness and privacy. For example, information flow monitoring approaches provide tools and methods to measure the transparency of pieces of software allowing the checking whether it behaves as announced with regards to data sources usage. This question is frequent in the free mobile apps context 5 where we have no guarantee of their trustfulness about used and exploited personal data sources and their purpose.
2
en.wikipedia.org/wiki/Information_explosion en.wikipedia.org/wiki/Linked_data 4 www.w3.org/TR/prov-primer/ 5 ercim-news.ercim.eu/en93/special/mobilitics-analyzing-privacy-leaks-in-smartphones 3
10
Trust and Transparency of Computer-Aided Decision-Making Process (Decision Responsibility) This point is about the recording of what algorithms were executed in what order to produce a system output. It is required in order for the computer-aided decision-making process to become transparent to the user. Especially for the big data consumer it is not always possible to know what data pipeline processing steps were executed in what order in order to create the big data pipeline output. The choice of algorithms and the order of execution can have a massive impact on the results. They can affect the precision and trustworthiness of big data pipeline output. Hence it is important to know which algorithm (with which settings) was executed when. Most of the time there are several combined algorithms or approaches; this information-level needs to be transparent too. For instance, deep learning methods use several layers of resolution and diverse settings leading to different results sometimes not reproducible and the path can be complicated to represent. The consumer of such computer-aided decision (professionals or individuals) needs to have understandable decision construction to be adopted. It's also important to make use of verifiable steps in case of doubt or sensitive topics allowing to verify responsibility properties. The ability of an algorithmic process to provide explanation and traceability of its decision-making process will be an economic competitiveness factor. From a standardization’s point of view, it's appropriate to recommend such best practices in big data algorithmic processes. All of these three dimensions should foster trustworthiness in big data technologies through the development of fairness and transparency.
11
Outlook The identified topics will be jointly addressed and further developed as needed. The possibilities for funding of resulting projects are being evaluated and for future project calls joint projects will be discussed among the workshop’s participants. The respective national programs plan to provide information on future development. The participants emphasize the need to discuss the topic across borders of companies, sectors and countries. The French-German cooperation serves as a first step towards the internationalization of ideas and projects. Similar approaches are taken by British BSI and French AFNOR. Further coordination and internationalization has to be done between countries, in the European Union and on a worldwide level. On the occasion of the next digital conference – which is expected to take place in Berlin on December 12, 2016 – the joint work in general and the specified topics and results will be presented. Furthermore, possibilities for cooperation will arise on several international occasions in the near future, such as the European Data Forum (Eindhoven, June 29–30).
12
Appendix A: Agenda 10:00
Welcome and tour de table
10:10
Jean François Legendre, AFNOR Introduction of AFNOR on standards, procedures etc. in France
10:30
Filiz Elmas, DIN Introduction of DIN on standards, procedures etc. in Germany
10:50
Coffee break
11:10
Cédric Mora, Ministère de l’Economie, de l’Industrie et du Numérique Programmes, projects on big data supported by the French ministry
11:30
Volker Genetzky, Bundesministerium für Wirtschaft und Energie Programmes on smart data supported by the German BMWi and big data funding of German BMBF
11:50
Carola Carstens, European Commission EC perspectives on (big) data interoperability and standards
12:10
Lunch Break
13:20
Charles Huot, Expert System France S.A. Report on French activities to support standardization, proposed or existing standards in the area
13:40
Leif Bonorden, FZI Branch Office Berlin Smart Data Technology Program – Activities in standardization
14:00
Discussion and draft recommendations for joint project activities Presentation of ideas Group discussions Short plenary conclusion
(in between)
Coffee break
16:30
End of workshop
13
Appendix B: Participants Bonorden, Leif
FZI Research Center for Information Technology
Boujemaa, Nozha
INRIA – French Institute for Research in Computer Science and Automation
Dr. Carstens, Carola
European Commission – DG Connect, Unit G3 Data Value Chain
Dr. Dörr, Jörg
Fraunhofer IESE – Institute for Experimental Software Engineering
Drooff, Stephan
ITSO – IT Service Omikron GmbH
Elmas, Filiz
DIN – German Institute for Standardization
Freudenberg, Markus
University of Leipzig – Agile Knowledge Engineering and Semantic Web
Genetzky, Volker
German Federal Ministry for Economic Affairs and Energy
Dr. Gernert, Regine
Project Management Agency DLR
Huot, Charles
Expert System France S.A.
Prof. Dr. Jähnichen, Stefan
FZI Research Center for Information Technology
Kranich, Luise
FZI Research Center for Information Technology
Le Bars, Laure
SAP / Big Data Value Association
Legendre, Jean-François
AFNOR – French Association for Standardization
Mesheva, Nadja
DFKI – German Research Center for Artificial Intelligence
Mora, Cédric
DGE – French Directorate General for Enterprise
Müller, Kay
University of Leipzig – Agile Knowledge Engineering and Semantic Web
Nestler, Antje
Fraunhofer HHI – Heinrich Hertz Institute
Robert, David
ÆTERNAM Foundation
Prof. Dr. Sasaki, Felix
DFKI – German Research Center for Artificial Intelligence
Schäfer, Ralf
Fraunhofer HHI – Heinrich Hertz Institute
Taillandier, Anne-Sophie
TeraLab, Institut Mines-Télécom
Dr. Zahn, Thomas
AOK GeWINO – Health Research Institute
14
Appendix C: Details on Project ISÆN Setting the Stage: The Challenges of Big Data for Individuals The development of information technology combined with the globalization of information systems has led to public and private actors collecting and using in an unprecedented capacity and velocity massive volume of varied data on individuals. This phenomenon, also known as big data, represents a world of opportunities for society, for connecting people, fostering exchanges between individuals and countries, encouraging digital innovative services, offering tailored opportunities to customers adjusted to their needs, simplifying their choice process, and fostering development in emerging countries. Big data also comes with major challenges that range from massive electronic surveillance, leakage of personal data in the public space, data thefts, and the trade of such data. As a result of these opportunities and challenges, personal data is circulated and commoditized. Once collected, the data can be transferred from one department of a company or national agency to another, and it can be sold to third parties. As a result, both individuals from whom the data comes and entities that have collected the data can lose track of it. They lose track of information that, once collected, reveals, alone or combined with other information, a number of personal preferences about every individual. Revealing such personal preferences without the prior approval and knowledge of individuals can lead to significant infringement of individuals' most fundamental rights and freedoms, in particular, their right to privacy, freedom of thought, freedom of conscience, and freedom of expression.
The Need to Protect and Empower Individuals: From Theory to Practice International and supra-national organizations joined by states have recently been reacting to the challenges of big data, demonstrating a growing awareness to these issues and a willingness to act to protect individuals. This awareness has led to a number of declarations and reports on the topic of big data. For instance, in December 2013, the United Nations, adopted resolution 68/167 explaining that in the digital age, the rights held by individuals’ offline must also be protected online. Further, the High Commissioner for Human Rights prepared a report dated June 2014 addressing data collection and stressing that both states and businesses should ensure that they protect and respect human rights, in particular, the right to privacy in digital communications. At the same time, there has been a growing awareness and demand from individuals to respect their privacy and have the control of their personal data. Looking at the European example, the European Commission has indicated that two-thirds of Europeans are concerned by the inefficient control they have over the information they provide online while 70% of them are worried about the use companies can make of their data. A number of draft regulations have been prepared to offer increased protection to individuals and empower them. The European Union’s current proposal for a General Data Protection Regulation (GDPR) is a topical example. It aims to have European citizens regain control of their personal data, to strengthen their fundamental rights, and empower them. Once adopted, the regulation will put in place a number of new rules, including rules in relation to the right to be forgotten, the ability to easily access one's data, and the right to the portability of data allowing individuals to transport their data from one entity to another. The GDPR proposal also set a requirement to build products and services using the privacy by design and privacy by default rule. But how to actually implement the rights set forth in the GDPR and subsequent legislations and regulations? More generally, how to operationalize the growing international, supranational and national standards aiming at reinforcing individual rights and empowering individuals? To date individuals have very little means of adjusting to the challenges of big data. In the meantime, their 15
concerns over the use and control of their personal data is likely to be growing while their fundamental rights can be at stake.
Measuring Where and How Individuals' Data are Used to Protect and Empower Individuals Measuring where and how individuals' data are used is therefore essential. The algorithm based indicator that is at the core of the project presented in this paper has the potential to implement the requirements set forth in recent legislations, regulations and policies that aim to regulate big data, in particular the GDPR. This indicator would enable companies, agencies, and other entities collecting individuals' data to comply with the requirements from the GDPR, in particular in relation to the right to portability of data or right to be forgotten. In return, this indicator would help consumers track their data, facilitate their portability, know where their data is used, how it is used and control this use while retaining possession of their data and choosing where to transfer it and under which conditions. The algorithm-based indicator we designated offers individuals, also known as end users, the possibility by blockchain and watermarking technologies to mark their stream of data. We call this indicator the ISÆN: Individual Social data Auditable accEss Number. Individuals would each be allocated an ISÆN allowing them to retrieve information about the exact localization and use of their data across the World Wide Web. This smart navigation could be compared with a GPS for the data. A GDPS: Global Data Positioning System. This innovative and technical proposition for the ISÆN as a new algorithm-based indicator will be accompanied by an innovative mode of governance to build up the legitimacy of the ISÆN amongst all stakeholders, both public and private including companies, governments and individuals. Therefore, we argue for the creation of an open forum composed of individuals, companies, lawyers, academics, journalists, health practitioners, international, governmental and non-governmental organizations. They would share their best practices and how these practices can evolve according to the different dimensions of their activities and the contexts. The objective of the forum would thus be to combine the respect of fundamental human rights with the integration of the dynamism of situations and contexts, sharing dynamic go-ahead usages and fostering a positive momentum. The ultimate goal would be for this open forum to participate in the construction of a new standard, building on the algorithm-based indicator ISÆN. Working with national and international certification agencies that have already demonstrated a strong interest in the development of quality standards that better guaranty individuals' fundamental rights and allow them to track the use of their data, a new ISÆN-based standard would be put in place, in the same way as the ISO 9000 standards. This standard would serve to bring to individuals trust in data management and empower them to know where their data is located, how their data is used and managed. It would also serve as a way to responsibalize companies and organizations and provide them with a significant competitive advantage. Ultimately, using this new standard and having data streams governed by the ISÆN would be a rating of how innovative companies and organizations are and how respectful of their customers or users they are.
Fraunhofer Vision and Contributions Fraunhofer IESE is one of 67 institutes and research units of the Fraunhofer-Gesellschaft. Together they have a major impact on shaping applied research in Europe and contribute to Germany’s competitiveness in international markets.
16
Fraunhofer IESE develops innovative methods and solutions for the development of high-quality, complex information systems and embedded systems. In order to offer an immediate added value, we apply our methods directly during your product development and/or transfer our methods and solutions to industry. In research, we perform contract research for our customers and conduct research in public projects. We have focused and tailored our competencies to our customers’ challenges in the information systems and embedded systems domain. We address new upcoming systems of systems that combine information systems and embedded systems through our research focus on smart ecosystems. As basic competencies for all system classes, we provide support in the field of process management. The fields of security and privacy on the one hand side, as well as big data on the other side are two of the essential core competencies of Fraunhofer IESE. We are part of the Fraunhofer Big Data Alliance, and the Fraunhofer Industrial Data Space initiative. Furthermore, Fraunhofer IESE won the project “PRO-OPT – Big Data Production Optimization in Smart Ecosystems”, which makes a core contribution to the technology contest “Smart Data – Innovations from Data” of the German Federal Ministry for Economic Affairs and Energy, using the automotive industry as an example. Fraunhofer IESE’s interest and contribution in this initiative is related to its core competence on the concepts of distributed data usage control and its supporting technology IND²UCE. With the help of data usage control concepts and the IND²UCE framework, sensitive information is protected from future misuse and, on the other hand, new business models are made possible. For this purpose, end-users and data owners in general can specify usage control policies that tell other parties about what is permitted and what is not. The data owners can use these to precisely define, e.g., which data may be read, copied, or forwarded how often, whether they may be read on smartphones or for which data analysis purposes the data can be used and how often. Researchers of Fraunhofer IESE have won the renowned Innovation Prize of the European Association of Research and Technology Organizations EARTO for the IND²UCE framework. We see the ISÆN as outlined in this paper as a promising initiative and as important ingredient to identify data objects the end-users want to specify policies for. This will enable the users to apply concepts of distributed data usage control. Therefore, Fraunhofer IESE is interested in a joint elaboration of a standard that supports the data usage control framework to empower the endusers. We can imagine to evaluate how concepts like the ISÆN and distributed usage control, when jointly applied, can lead to a strong empowerment of end-users to get transparency and keep control over their data, while still allowing industry to perform new data-based business models.
AOK Vision and Contributions For over 125 years the AOK has guaranteed high quality medical care for its insured members in the event of ill health. It is the largest of Germany’s roughly 180 statutory health insurance funds. Around 24 million people are insured under the regional 11 AOKs - close to a third of the German population. More than 53,000 qualified AOK employees based in over 1,200 offices ensure that members receive all the services they require: quickly, competently and without bureaucracy. Since 1976, the AOK system has benefited from scientific analysis and extensive and reliable data, thanks to its own research institute, WIdO. Special research fields of expert knowledge include the pharmaceuticals and hospitals sector. WIdO’s findings are acknowledged as a credible source of information for the entire German health care system. And the AOK’s systems and software house, AOK-Systems, develops SAP-based, individually-customized IT solutions for the AOK and other statutory health insurance funds.
17
The Gesundheitswissenschaftliches Institut Nordost (GeWINO) der AOK Nordost is running several experimentations to interconnect various medical records systems and provide each patients with an integrated Health Data Portfolio. ISÆN might be a way to establish trustful identification, easy usage, in agreement with regulations as well as interoperability. ISÆN could act as a facilitator for the deployment and acceptance of eHealth platforms in the interest of all stakeholders.
ITSO Vision and Contributions ITSO is a software development and consultancy company located in Berlin. ITSO is working for several public sector institutions like German Parliament, Public Transport Authority of Berlin BVG or the Trust for Admission to Higher Education, a Trust under German Federal Public Law. ITSO is a spinoff of Fraunhofer Society and has contributed to Research Projects in the past. Due to continuous improvements in digitalizing workflows within institutions as well as broadening the data exchange with external partners like Public School Administrations, Colleges and Universities nationally and internationally the need to find reliable and trusted identifiers for this data exchange rises. The German Federal Ministry of the Interior is part of the Digital Agenda 2014 - 2017 of the Federal Government. Electronic Identification plays a vital role within this Digital Agenda. On the European level we have also some standards and programs to look at: • • • • •
eIDAS – the European Regulation on electronic identification and trust services, eIDAS enables citizens and organizations to use their electronic identity to get access to digital governmental services in other EU countries, eID – a structure for electronic identification (eID) in Europe, eID structure will provide in the identification for both citizens and organizations and it will support cross-border use, PEPS – Pan European Proxy Server (identification / authentication).
To get rid of paper verifications for instance in the area of facilitating international student mobility and to offer easy and cost efficient digital services for graduates applying there is a need for interoperability of standards and for user centric thinking. Therefor ITSO is very much interested in working on standards and technologies that will help to broaden the usage not only by prescribing technological standards but also by acceptance of light weight solutions. ISÆN might be a way to establish trustful identification, easy usage, in agreement with regulations as well as interoperability to other electronic identification systems.
18
