POSEIDON's project status - July/August 2019

In its first year, the focus of POSEIDON was on the solution design and specification. POSEIDON is now at a crucial point in its work program: the development of interim implementation of key components, such as the permissioned Blockchain, smart contracts, blockchain API, message bus, Web Dashboard, Risk Management Module, and Personal Data Analyzer. These are due on July 31st. Final implementations of all of the POSEIDON components are due on month 24, that is, April 2020. Integration and testing of all components is already under way, and it will continue throughout the project lifetime. Another very important activity that is now starting is piloting and user evaluation. POSEIDON will be evaluated in four differenrt pilots, namely at MEF, Santander, Softeam, and MITA.

The interface provided to data subjects, for accessing the PoSeID-on platform, is a web-based application - named web dashboard - that provides access to the various types of operations performed by data subjects, such as, for instance, granting, modifying and revoking permissions for a specific data processor, checking the history of exchanges of their PII, and receiving alarms due to high privacy exposure risks. This human-oriented dashboard is the primary interface for data subjects, although in some situations other communication channels may be used according to the data subject preferences (e.g., receiving urgent alarms of privacy exposure via email or SMS). Access to the web-based dashboard is based on logging with the data subject’s national eID (or similar credentials, depending on the specific PoSeID-on instance). The web dashboard also provides an interface for PoSeID-on administrators, although with a different set of functionalities and user interfaces.

PoSeID-on’s dashboard is the data subjects interface for personal data protection, a platform that manages the personal data transactions between data subjects and private or public entities processing or storing their data. PoSeID-on also aims to manage direct transactions of Personal Identifiable Information (PII) between data processors, with the consent of data subjects. All relevant information concerning the data subject and his/her personal information shall be made available through a user friendly and accessible web dashboard. In addition to providing tracking of PII exchanges and consent management, it will also provide the data subjects with a risk score or reputation associated with the data processors making use of their PII. In order to reduce identity fraud and protect the privacy of users, access to the Dashboard is to be made available only through eID accounts in line with the eIDAS regulation.