An old-fashioned typewriter  and a paper with a text "Privacy Policy"

Developing 21st century platform business models: A human-centered approach to personal data management

The project Legitimation of newness and its impact on EU agenda for change (LNETN) , with its over four million euros’ budget belongs to the Innovative Training Networks of EU’s Marie Skłodowska-Curie Actions. The University of Oulu in Finland, the Aalborg University in Denmark, the Halmstad University in Sweden and the University of Glasgow in Scotland form the project consortium. Moreover, several associated industrial stakeholder partners are also involved, including Bittium and Nokia in Finland.

Altogether fifteen early-stage researcher positions are offered by the project, of which the University of Oulu hosts four. One of these positions deals with the dawn of the human-centric approach to personal data management and is being held by Julia Zhang

Julia received her MSc in Business Administration and e-Business from the Copenhagen Business School in Denmark and her BSc in Economics and Business Administration from the University of Southern Denmark. She has experience in starting up and managing creative firms. In her research, Julia explores how human-centered personal data management can enable the emergence and legitimation of novel 21st century platform-based business models. 

Do you feel in control of your data?

Using the Internet on a daily basis exposes us to countless data access consent-seeking cookie pop-ups. What do you usually do when such a pop-up appears? Have you ever wondered what happens when you click ALLOW ALL? Looking at the Google's data privacy policy that evolved from 2 minutes read in 1999 to 30 minutes read in 2018 (New York Times, 2019), can we say that such a format is feasible for the fast-paced online lifestyle, allowing us to know what we agree on? Finally, with hundreds of new websites visited daily, multiple transactions covered with privacy policies, terms and conditions, can we easily manage our data online?

The guideline for EU citizens issued by the European Commission has been titled “It’s your data - data control”.  EU data protection regulation aimed to provide more control over personal data, so that “you can shop, share and surf with confidence”. The General Data Protection Regulation (GDPR) called for returning the control over personal data back to the users. Although the introduction and implementation of the GDPR have been considered a significant step in protecting consumers’ personal data, it has been criticized for the lack of technical guidelines and use cases that could ensure unified and standardized implementation across different platform operators. Considering the format of managing data permissions by the users, it appears interesting to examine whether the aim of the regulators has actually been met.

Privacy paradox

Previously, a vast amount of research identified the privacy paradox, understood as a dichotomy between the attitude towards data sharing and actual privacy disclosing behavior. This means that it has been evident that despite consumers claiming their concerns over sharing personal data online, they paradoxically engage in data disclosing behaviors. 

"It has been evident that despite consumers claiming their concerns over sharing personal data online, they paradoxically engage in data disclosing behaviors."

Considering the aim of the GDPR to return the control over personal data back to the individuals by demanding privacy through design and default from the platform operators, it is relevant to examine whether regulatory intervention has solved the previously identified paradox since its implementation. Such understanding appears essential in assessing the effectiveness of the regulation in solving data privacy-related issues. 

It further points out what gaps there possibly are, and serves as a basis for the discussion on business opportunities arising from the consumers’ requirements for data privacy. 

Data value

From the perspective of platform operators, the introduction of the GDPR required consideration and changes in data collection and handling practices. Multiple business models have relied on the utilization of user data as a means to provide services and create value. 

Limiting data access, storage and processing with an aim to protect individuals’ privacy at the same time constrained business operations.  The changing digital environment pushes actors to adapt to changing requirements and trends.  As various parties display different goals in terms of data sharing, novel solutions that address the changing market needs are expected to emerge. 

With consumers becoming more aware of the value of their data, the existing players focus on legitimizing their services in terms of individuals’ data privacy protection. Moreover, such new services are being offered as non-data collecting browsers or communicators. Data decentralization initiatives like myData or visionary concepts of fully decentralized Internet are also trends worth exploring.

Because data privacy is a complex phenomenon that involves multiple stakeholders with different goals and needs, Julia’s research expects to examine online data-sharing ecosystems from both individuals’ and platform businesses’ perspectives, to provide clarifications on privacy issues in the emerging GDPR era.

The research being carried out by Julia Zhang in connection with the LNETN project is supervised by Timo Koivumäki, Dominic Chalmers and Jari Partanen.

More information:

Julia Zhang
Email: Julia.Zhang[at]

Last updated: 13.12.2021