Databox: Privacy-Aware Infrastructure for Managing Personal Data

Lead Research Organisation: Imperial College London
Department Name: Design Engineering


Building privacy, trust and security into the evolving digital ecosystem is broadly recognized as a key societal challenge. Regulatory activities in the US, Europe and Japan are complemented by industry initiatives that seek to rebalance "the crisis in trust" occasioned by widespread personal data harvesting. All parties agree that key to this challenge are increased accountability and control. Accountability not only seeks to strengthen compliance but also make the emerging ecosystem more transparent to consumers, while control seeks to empower consumers and provide them with the means of actively exercising choice. This proposal will develop the underlying technology infrastructure required to deliver both accountability and control.

Although personal data management is generally considered an intensely personal matter, it is also inherently social: it is impractical to withdraw from all online activity simply to protect one's privacy. The success of the modern Internet and the "free" services it supports largely rests on the ability for advertisers and analytics providers to make money with the result that approaches that remove or diminish advertising revenues have been doomed to failure. The many motivations and uses for systems enabling personal management of personal data point to a need for tools enabling individuals to take more explicit control over the collection and usage of their data and the information inferred from their online activities, while addressing the challenges of HDI.

Working with partner organisations we have refined our vision of just such a tool, a Databox, an on-demand personal data aggregation and query point, control over which rests directly with the user. The Databox vision is of an open-source personal networked device augmented by cloud-hosted services that collates, curates, and mediates access to our personal data. The Databox will enable and, in some cases, may even host third party applications and services that process personal data. The Databox will form the heart of an individual's personal data processing ecosystem, providing a platform for managing secure access to these data and enabling authorised third parties to provide the owner with authenticated services while roaming outside the home environment.

Planned Impact

The proposed research will benefit society through numerous pathways: industry, academia, and through several user communities including open-source developers, Internet advocacy groups, and engagement in the many live policy and other debates currently active in the personal data space. Fundamentally however, realisation of the Databox as an open-source platform for the broader community will be of most significant benefit to all citizens. The combination of infrastructure that enables open source development and drives critical mass, with commercial and policy impact opportunities via our industrial and advocacy partners will add significant momentum to the growing community of HDI practitioners.

Perhaps the most critical pathway to impact is the Databox itself. Databox is a practical open-source platform whose methodology entails deployment of working artefacts with users. These artefacts will create a comprehensive software platform that enables trusted service-to-user solutions across multiple market segments. These software tools will realise various advantages to individuals for better control over their personal data, digital identity and privacy. This provides more possibilities of access to personal data for third party applications, generating new businesses and differentiating their products with innovative services.

There are a number of other impact channels:
- The Emerging HDI Community http://
- The Open Source Development Community
- Industry
- Advocacy Groups
- Broader Society
- Academics

Full details of the engagement plans are presented in the attached Pathways to Impact document.


10 25 50
publication icon
Chamberlain A (2017) Special theme on privacy and the Internet of things in Personal and Ubiquitous Computing

publication icon
Malekzadeh M (2019) Mobile sensor data anonymization

publication icon
Osia S (2018) Deep Private-Feature Extraction in IEEE Transactions on Knowledge and Data Engineering

publication icon
Urquhart L (2019) Demonstrably doing accountability in the Internet of Things in International Journal of Law and Information Technology

Related Projects

Project Reference Relationship Related To Start End Award Value
EP/N028260/1 31/10/2016 31/10/2017 £1,238,585
EP/N028260/2 Transfer EP/N028260/1 01/11/2017 31/05/2020 £998,335