Creating products and services to ensure individual privacy and control


Challenge identifier: SC6-2018


Privacy and control of personal data is increasingly becoming a business concern in the light of recent high profile cases and the implementation of the European General Data Protection Regulation (GDPR). For the first time, the principle of data protection by design and by default has become a data protection requirement of its own. Additionally, the GDPR introduces a principle of accountability: data controllers from all sectors, who are responsible for the processing of personal data, need to be able to demonstrate compliance.

For many organisations, from corporations to governments, this is both a technical obstacle but  also a legal problem and potentially a disruption to their ongoing operations, from focused marketing to providing smart city solutions. This means there are opportunities to build products and services which enable greater control over personal data for individuals whilst at the same time enabling new business models and markets.


We are particularly interested in solutions that leverage closed and shared data in the following areas:

  • Enabling new rights and consent management – GDPR will empower data subjects to exercise their rights of access, portability, information, explanation and deletion. These rights have the opportunity to create business value for those businesses providing consultancy support and products and services which help organisations fulfil these rights. In addition, GDPR has created a market for consent management technology –  which may be designed to integrate with existing systems or act as a consent management layer.
  • GDPR compliant business data analytics – Businesses will need to demonstrate that they are able to handle personal data efficiently whilst also analysing it for business value. This will mean opportunities to provide products and services to support businesses to undertake activities such as: effective anonymisation, pseudonymisation; control and monitoring of data sharing practices; discrimination between or restriction to different types of data usage or use of provenance trails for data flows.
  • Privacy and smart cities – As more and more industries start to use technologies such as IoT and wearables, they will inevitably also begin to collect data which is personally identifiable. There is an opportunity to explore products and services which support tech providers and the users of their products and services to assist individuals in exercising their rights.


Examples of data include but are not limited to:

  • Personal data provided by individuals, including consent
  • Data from wearables
  • IoT / Sensor data – including wifi tracking and bluetooth sniffing
  • Website tracking data

Expected outcomes

Examples of outcomes include but are not limited to:

  • New apps and services
  • New prediction algorithms
  • New intermediary technologies to integrate data sources
  • New tools and business processes to help decision making, including those making algorithms more transparent and accountable, registries and distributed ledger applications
  • New forms of hardware
  • Applications must include details on how these outcomes will be tested and evaluated during the six-months acceleration programme.

Expected impacts

Participants will need to demonstrate how their solution:

  • Provides greater privacy for individuals
  • Reduces the compliance burden for cities and other organisations
  • Enables cities to enact smart solutions without surveillance