Make Users Own Their Data: A Decentralized Personal Data Store Prototype Based on Ethereum and IPFS

In the times we are living, data protection infringements, at local, national or international level, are a daily occurrence, highlighting how important is the problem of users' awareness and “consent” about what data should or not be shared. A vast number of service providers strives to have access to users' personal data. While users may be aware of sharing their data with services they receive, they may be still unaware if their data is passing in others' hands and unknown third parties. But the sharing of personal data remains unavoidable, in this always connected digital era, contextualized services are not only fancy desires, they could save money, time, and even lives. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided regulations about personal data protection, but there are still significant differences in the ways each EU member state would implement the protection of privacy and personal data in national laws, policies, and practices. The tool that should empower users with the personal data protection has to face two problems: data privacy and control. Due to the lack of central authorities, blockchain based technologies would seem fit for the challenge, but such solutions are not fully exploited. One possible reason could be that distributed architectures alone do not achieve privacy of data. In this paper we tackle the challenge of a novel Personal Data Store, by making use of a distributed architecture, based on the Ethereum framework, together with an ontology to model user profile and data/device sharing towards services. Such solution, The Decentralized Identity Manager, solves personal data protection by offering a unique endpoint, without any central authority, where users can manage their data/device access, their privacy levels, and grant or deny sharing consent, every time services ask for personal data.