European Data Protection Supervisor recognizes Nextcloud as an example of privacy-respecting Personal Information Management Systems

Nextcloud is mentioned as a key example in the latest TechDispatch report about Personal Information Management Systems (PIMS) produced by the Technology and Privacy Unit of the European Data Protection Supervisor (EDPS). The report aims to provide a factual description of emerging technology and discuss its possible impacts on privacy and the protection of personal data.

As described by the EDPS, the PIMS concept offers a new approach in which individuals are the “holders” of their own personal information. PIMS allows individuals to manage their personal data in secure, local or online storage systems and share them when and with whom they choose. Individuals would be able to decide what services can use their data, and what third parties can share them. This allows for a human-centric approach to personal data and to new business models, protecting against unlawful tracking and profiling techniques that aim at circumventing key data protection principles.

Figure 1: A simple schema for a Personal Information Management System with a local personal data storage.

A basic feature of a common concept of PIMS (see Figure 1) is providing access control and an access trail. Individuals, service providers and applications would need to authenticate to access a personal storage centre. This enables individuals to track back who has had access to their digital behaviour. Individuals are able to customize what categories of data they want to share and with whom. Other usually common elements of PIMS are secure data storage, secure data transfers (transporting data safely between systems and applications) and data-level interoperability and data portability.

There are several examples of initiatives and projects claiming PIMS features. They include: Nextcloud enables individuals and organisations to use their own cloud services for file sharing and collaboration services, as well as sharing files across different Nextcloud servers. People can install the free and open source software themselves or receive the software as a service (SaaS) from professional providers. Many universities, governments and companies already employ Nextcloud.

— Technology and Privacy Unit of the European Data Protection Supervisor, TechDispatch

In the European Union, Article 8 of the EU Charter enshrines the protection of personal data as a fundamental right for every person and the EU General Data Protection Regulation (GDPR) aims to empower individuals to be in control of their data. For this purpose, practical and effective tools and services are needed.

Read more about data protection issues in the TechDispatch report here.

This publication is a brief report produced by the Technology and Privacy Unit of the European Data Protection Supervisor (EDPS). It aims to provide a factual description of emerging technology and discuss its possible impacts on privacy and the protection of personal data. The contents of this publication do not imply a policy position of the EDPS.

© European Union, 2020