The development of services for the Mobile Internet has grown explosively during the last years and lead to an abundance of services and applications, such as games, calendars, chat groups, news, and e-commerce. In particular, there is a high need for personalized services, i.e. services dependent on personal data, for example providing a requesting person with the weather at his current location, time tables for commuting to/from his work, e-commerce deliveries to his home, charges to his credit cards, etc.
In order to be able to offer personalized services, information about the individual (position, demographics, biometrics, etc.) must be provided somehow and this makes privacy measures crucial. Privacy polices are increasingly important to make personalization work and thereby take full advantage of Mobile Internet promises.
Previous communication systems in general require that a policy is reviewed and accepted for every new service that is of interest to the user. Each policy is different and associated with different implications on the need for or release of personal data. However, services and applications will come and go at a very high pace on the Internet as well as the Mobile Internet, especially for the consumer segment. This high application turnover affects personal privacy issues, since it is not practically feasible that users shall review and accept companies' policies for every new service that could be of interest. For common policy types, it takes a user at least 10 minutes to fully read and understand one single policy and the obstacle to end users is evident.
Therefore, a system that in user-friendly ways safeguards personal information without making it unnecessarily complicated to obtain personalized services is highly desirable. A network enabling these features is outlined in our International Patent Application [1], hereafter referred to as “the classic Lock Box”, which suggests to make the release of personal data disconnected from its use. A general architecture is provided, designed to be able to block (and release) personal information, such as demographical information or physical location, without having to be re-configured every time there is a new service making use of a particular piece of data. The conditions for releasing and blocking personal data are under control of the end user. A web service implementation of the above general network is disclosed in our International Patent Application [2].
Although the classic Lock Box provides a general mechanism and network for handling personal data on e.g. the Internet, there are still issues to be solved in connection therewith. Very large quantities of personal data will be involved and many actors will want to perform different actions with the data, which complicates the system and the problem of how to appropriately store and structure the access rights to such data remains. There is also a need for a solution by means of which the personal data can be set as well as handed out in a user-friendly manner.