Ladies and gentlemen, please welcome midPrivacy, our data protection initiative. Identity management and data protection go hand in hand, one cannot really reach its full potential without the other. However, most identity management systems were a bit short on the data protection side. Therefore we have decided that it is the right time to do something about it.
MidPoint is a second-generation identity management platform. Unlike most IDM systems designed in 2000s, midPoint was designed with data protection in mind. We know quite well that data protection is not just the legal requirement, it is the right thing to do. We have been experimenting with some data protection prototypes in 2017 during the GDPR countdown, hoping that the industry will pick up data protection features. It looks like we were a bit early with that. However, we think that now is the right time to roll it out.
Even tough we have been working on data protection for some time, we have figured that it is the right time to give this initiative a name and visibility. MidPrivacy aims at turning midPoint into privacy-enhancing identity management platform. This is obviously a long-term goal that has to be divided to smaller steps.
The first step of midPrivacy initiative is implementation of data provenance features. Simply speaking, data provenance is about knowing the origin of data. We need to know where the data came from and how they were processed. This can give us indication whether the data were processed in accord with the policies or whether we have no right to process the data and they should be erased. Data provenance is essential for accountability and transparency of data processing.
But data provenance is much deeper that that. It is also just a first step, one of the foundation stones of other data protection features. We plan to extend midPoint functionality in many ways. Data protection is quite complex topic, but data protection concepts need to be presented to ordinary users. Therefore good user experience is quite a challenge. We would like to tackle data portability issues. Data protection system needs to be secure and we have already made a lot of effort to make midPoint secure. But when it comes to security there is always need for improvements. We would also like to improve the documentation, make recommendations, document best practice, provide examples. And of course, there are really attractive pieces such as “holistic” consent management.
There is much to do to make this dream a reality. And of course, it all depends on funding. We will invest part of our profits to fund this initiative. However, these are strange and difficult times. We have to look for other opportunities for funding. We are extremely happy that we were able to secure funding for the data provenance phase of midPrivacy from the NGI_TRUST program. I would like to express my dearest thanks for everyone involved in the NGI programs, this made a huge difference for us. We hope to secure more funding for at least a couple additional phases of midPrivacy initiative. But any kind of funding is more than appreciated. We will be grateful for subscription money, sponsoring or donations. We strongly believe that data protection and privacy are worthy goals and we will do our best to achieve them.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under the NGI_TRUST grant agreement no 825618.