Towards a decentralized data privacy protocol for self-sovereignty in the digital world
Rodrigo Falcão, Arghavan Hosseinzadeh
TL;DR
This paper argues that current privacy controls are too service-centric to enable true data sovereignty across the digital ecosystem. It introduces the decentralized data privacy protocol (ddpp) and the concept of a Personal Privacy Preferences Place ($P4$) to let users manage privacy preferences across all services via interoperable, open specifications. It details requirements, handshakes and update flows, and discusses benefits for users and service providers, including potential alignment with self-sovereign identities ($SSI$). The work lays out a pragmatic roadmap for standardization, meta-model design, reference architecture, and a prototype, aiming to empower users and foster privacy-enhancing technologies.
Abstract
A typical user interacts with many digital services nowadays, providing these services with their data. As of now, the management of privacy preferences is service-centric: Users must manage their privacy preferences according to the rules of each service provider, meaning that every provider offers its unique mechanisms for users to control their privacy settings. However, managing privacy preferences holistically (i.e., across multiple digital services) is just impractical. In this vision paper, we propose a paradigm shift towards an enriched user-centric approach for cross-service privacy preferences management: the realization of a decentralized data privacy protocol.