The Future of Personally Identifying Information Ownership

  • R. Ewijk van

Student thesis: Master's Thesis


The General Data Protection Regulation was adopted in Europe in 2016 and instituted in 2018. With the adoption of the General Data Protection Regulation, European citizens have gained more control over their personally identifiable information in an attempt to interrupt the monopoly of the “big tech” companies. Currently, European citizens do not share in the value obtained from the use of their data. Accordingly, this study focuses on the possibility of introducing a single digital identity to aggregate all digital personally identifiable information by inviting content experts to participate in a Delphi study regarding the future development of the ownership of that information. This thesis examines the potential future of managing personally identifiable information by following current trends in four key areas: compliance, security, trust, and privacy.

Compliance: Moving from the current administrative framework to a technically centralized managed technology will simplify compliance and decrease the administrative burden companies currently experience.
Security: There are security concerns in the introduction of single-points-of-failure when introducing middleware. Fortunately, mitigating technologies have already been developed to negate this risk, which are a mix of encryption hashing and peer-to-peer transactional technologies such as the IMRA, Chainlink 2.0, or Sovrin networks.
Trust: Trust can be established by combining decentralized blockchain-based technologies and centralized service providers such as governmental services. The technology around ensuring privacy and trust is already mature enough for adoption.
Privacy: Any future for centrally managing personally identifiable information must include a privacy by design approach. Technologies such as zero knowledge proof appear promising with regard to protecting the data subject’s privacy while interacting with service providers.

The trend in Personal identifiable information ownership is moving more towards the data subject’s ownership. This concept is gaining momentum since European legislation is pushing for data ownership to make the data available to European companies in order to create more competitive European companies. Combining decentralized technologies together with centralized trusted identity authorities introduces new business models in managing Personal identifiable information similar to developments that can be currently seen in the banking sector.
Date of Award29 Oct 2021
Original languageEnglish
SupervisorLaury Bollen (Examiner) & Rachelle Bosua (Co-assessor)


  • Future of personally identifiable information (PII)
  • General Data Protection Regulation (GDPR)
  • identity management
  • hybrid identity model
  • blockchain
  • Chainlink 2.0
  • Oracle network
  • Delphi study
  • data ownership
  • big tech monopoly
  • decentralized technologies
  • centralized technologies
  • trust
  • privacy/security
  • GDPR compliance

Master's Degree

  • Master Business Process management & IT (BPMIT)

Cite this