While many techniques for protecting online privacy have been proposed, a variety of issues call into question their effectiveness for individuals and for the commercial entities that want to provide services to them.

For example, privacy policy agreements are largely ignored, typically coerced and poorly understood. Other approaches place restrictions on organizations using personal data that could help people obtain free services and find products and services that interest them. This is not just a commercial issue. Personal data is increasingly an essential ingredient for online services with societal benefits like energy conservation and public and personal health maintenance. The arrival of an increasing number of always-on, Internet-connected, sensor-laden devices used on our persons and throughout our homes has accentuated the conflict between helpful services and personal privacy.

One potential promising and practical approach uses the trusted intermediary (TI) model. TIs are trusted third parties that manage interactions between an individual’s devices and external entities. They protect personal data while making that data even more useful in the process, and they allow users to control the use of their own data with little effort. An intelligent TI can match public and private service providers and advertisers' audience-reach goals against the interests, intents and environmental circumstances of individuals, without having to reveal that information to anyone. Using TIs, both individuals and organizations benefit by avoiding distribution of personal information.

 Limits of Current Approaches

It is a reality that many Internet companies' business models are dependent on the collection and analysis of personal data. Yet they need not have access to that data. Individuals expect to receive enjoyable and useful services for free. While the true price of this Faustian bargain is increasingly better known, this “free” business model has benefited the hundreds of millions of people who use these services daily. This puts privacy advocates in an unenviable position. Not only must they take on companies who have grown wealthy under this arrangement but also possibly inconvenience the many individuals happily using these services. Too many have just given up with the “privacy is dead” attitude. But abandoning privacy means letting others define who you are and allowing them to control you strongly, yet imperceptibly.

Current approaches to personal data protection do not address the potential social benefits of big data analytic techniques. There are plenty. Analysis of a family’s appliance usage can be used for recommendations on how to reduce energy usage, for example. Or, sensors can track the elderly at home and notify the proper people if there is a marked change in their living patterns, indicating need for alert. That kind of benefit allows the elderly to stay in their homes longer in life, increasing their happiness and reducing the budgets of those who pay for their care. Overly strict restrictions on the use of individual data can throttle these sorts of services.

Current privacy protection approaches fall into two general areas: legal and technical. The most common legal-based method is the “notice-and-consent” model. This model is rightly criticized as placing an undue burden on the individual. Technical methods often focus on anonymization of data that is indiscriminately redistributed. But this is increasingly ineffective, as re-identification techniques are becoming relentless and sophisticated.

Benefits of the TI Model

At its core, the TI model places agents between individuals and organizations. Agents act as honest brokers on behalf of all stakeholders, and they can employ sophisticated methods for matching interests and intents among those stakeholders.

Conceptually, a limited number of trusted intermediaries can handle much of an individual’s private data. This is helpful, since In today’s world it is nearly impossible for an individual to keep track of the privacy notices they have agreed to, let alone all the organizations holding their data. By using a limited number of trusted intermediaries, this burden is greatly simplified.

Organizations also benefit by using TIs. First, they can reduce the amount of personally identifiable information they need to handle, reducing the burden, both legal and technical, of protecting that data. They can also work with an organization that can be audited for industry-standard security and data-handling practices.

Putting the Model into Practice

A TI service can be realized by using modern computing technologies. Today’s cloud computing technology has matured to where a service can create secure, cloud-based service components. For example, personal agent software collects data from individuals without having to reveal it to anyone, acting as a broker on behalf of the individual, and negotiates with organizations wishing to use the data. Organizations could then use this data to target advertising, personalize media and energy saving recommendations, etc.

Secure client software running on individuals’ smartphones and other devices functions as an extension of the personal agent, collecting raw data from which cloud-based components make inferences about the individual’s characteristics, interests and intents. This data can include sensor, app usage and social media data collected on a device. The client software includes a user interface for the individual to control profile information, in effect giving the personal agent instructions on allowed uses of the data. For example, an individual may not wish an interest or characteristic to be part of her profile that the agent uses to match against advertiser audience specifications but may allow it to be used in other circumstances, such as social recommendations.

Another essential ingredient for the TI service is an automated auditing service. This service assures the personal agent performs as intended, providing a tangible point for individuals to place their trust in the ability to control their data through the personal agent.

This technical approach benefits the organizations and individuals in many ways. Organizations get the benefit of personalization and targeting without the burden of having to collect, maintain and shoulder the liability associated with the data.

For individuals, the personal agent software acts transparently on their behalf, collecting information and making sense out of it, automatically finding highly relevant content and services and providing notifications of events of interest. The agent can enable healthcare information to be provided based on highly specific personal and family histories. This concept can be extended into more general public benefits, whereby the agent can search for public health bulletins that are relevant to a person’s travel history, providing alerts and instructions without having to report that information in ways that risk abuse.

Among the variety of mechanisms available to protect private information, the TI model demonstrates a number of advantages. Using modern computing technologies, implementations can ensure personal information remains private and secure while making it available and useful for services without having to disperse it. It provides a useful and auditable single point of contact for individuals to manage their private information. Implementations also work with commercial services to ensure profitable businesses. Beneficial public services can still use the personal data they need without risk of abuse.

The next step is for TI implementations to gain market acceptance.