Self Data Protection in Online Commerce
The aim of the project Self Privacy in Online Commerce (SIOC) is to increase self-determined data protection by anonymizing everyday use in online commerce. For this purpose, a vendor-independent architecture for anonymous shopping will be developed, allowing the buyers to manage and understand autonomously their user profiles by the means of virtual identities. To achieve a broad distribution, not only acceptance by the users is needed, but also by the other involved stakeholders, e.g. online-shop providers. Therefore, care will be taken to preserve existing business models (e.g. direct marketing) as far as possible.
E-Commerce is playing an increasingly important role for both, operators of shopping platforms and their customers. The forecasted revenue for the German E-Commerce market amounts to € 46.7 million, which is around the 9% of the total retail sector. 30% of the online purchases in Germany are done via a mobile device. Despite an increasing public awareness of the issue of data protection, nowadays only in the rarest cases customers are enabled to decide how and whether their personal information and buying behavior is stored and processed.
Based on this situation, the SIOC project’s vision is the improvement of the self-data protection in E-Commerce. SIOC will enable customers to perform the online-shopping process transparent, as anonymous as possible and following the principle of data thrift/minimization (collection limitation principle). At the same time online platform providers will still have the possibility to submit personalized offers and recommendations based on pseudonymized, voluntary aggregated customer profiles. Moreover , in case of fraudulent behavior, the customers’ pseudonyms can be resolved to clearly identify customers. SIOC’s objective is the design of an anonymous approach to online shopping in accordance to stakeholders’ requirements and business models to achieve the best compromise between these conflicting interests while implementing data protection by design and data protection by default as essential principles of EU data protection rules.