A PIMS for all cases – Why privacy centers are the future of consent management
On the other hand, the big platforms that collect the most data only have to ask for permission once when signing up for their services. This created an imbalance in perception. In the open web, the next consent banner is lurking around every corner, drawing attention to data collection, while the platforms are allowed to analyze the behavior of their users without bothersome inquiries – as long as the authorizations are regulated in a privacy center that can be reached at any time.
To put an end to this imbalance, there will soon be a privacy center for the entire open web. With the so-called Personal Information Management Systems (PIMS), which describe the Telecommunications Telemedia Data Protection Act (TTDSG), which came into force last December, the legal possibility for this was created. Thus, the basic requirements for a better consent system on the open web have recently been met, even if the exact provisions are still pending.
The idea is extremely simple and user-friendly: the users log in with their email address and can then control the sharing of their own data centrally. PIMS are systems that allow people to control their personal information and manage their online identities by allowing them to store, update, and share sensitive data with others. Most importantly, PIMS also makes it possible to allow, deny, or revoke third-party access to personal data. In this way, you can always keep track of who has shared which data and revoke these decisions if necessary. For users, this would be a quantum leap in data control and usability.
PIMS can also make it easier for providers to comply with existing data protection laws by making it easier to obtain consent. This means that cookie banners would no longer be necessary, since essential services do not require consent and everything else would be regulated by the PIMS. Once the authorizations and stored information have been defined, the PIMS could automatically pass them on to the websites and thus save the users work.
The functions already make it clear that such a PIMS must be characterized by responsibility and care in handling data in order to act in the interests of the users. The legislator stipulates, for example, that they must be certified by an independent body and may not have their own economic interest in the data.
PIMS enable direct data protection-compliant assignment and thus greater data accuracy. This also benefits those with an interest in targeting data, enabling synergies between advertisers, publishers and users who want to see relevant content.
Furthermore, PIMS can offer personal data and other metadata in machine-readable formats as well as application programming interfaces (APIs) for data access and processing. This assumes that technical standards and guidelines exist. This is an essential element, but uniform standards are a gap that still needs to be filled.
PIM systems must also ensure the security of personal data from unauthorized access. In order to be fully implemented, PIMS should be able to guarantee privacy protection as a central interface, for example through the use of cryptography. In addition, it should be ensured that third parties can only access the necessary information without revealing the identity of the person.
PIMS thus have the potential to become the new gatekeepers of the online world at the service of user privacy: website providers and advertisers have to interact with the PIMS if they want to process people’s data. They, in turn, always have control over who they want to grant access to and who they want to remove from this circle.