Consumer Centric Data Control, Tracking and Transparency -- A Position Paper

Personal data related to a user's activities, preferences and services, is considered to be a valuable commodity not only for a wide range of technology-oriented companies like Google, Amazon and Apple but also for more traditional companies like travel/transport, banking, entertainment and marketing industry. This has resulted in more targeted and to a great extend personalised services for individuals -- in most cases at a minimal financial cost to them. The operational reality upon which a user authorises companies to collect his/her personal data to receive, in return, more personalised/targeted/context-aware services and hassle-free activities (for users) is widely deployed. It becomes evident that the security, integrity and accessibility of the collected data are of paramount importance. These characteristics are becoming more entrenched in the era of Internet-of-Things (IoT), autonomous vehicles and seamless travel. In this position paper, we examine the challenges faced by both users and organisations in dealing with the Personal Identifiable Information (PII). Furthermore, we expand on the implications of the General Data Protection Regulation (GDPR) specifically for the management of the PII. Subsequently, we extend the discussion to future technologies, especially the IoT and integrated transport systems for better customer experience -- and their ramification on the data governance and PII management. Finally, we propose a framework that balances user's privacy and data control with an organisation's objective of delivering quality, targeted and efficient services to their customers using the "collected user data". This framework is referred to as "Consumer Oriented Data Control \& Auditability" (CODCA) and defines the technologies that are adapted to privacy concerns and legal/regulation-frameworks.