A metadata-based architecture for user-centered data accountability


Data is rapidly changing how companies operate, offering them new business opportunities as they generate increasingly sophisticated insights from the analysis of an ever-increasing pool of information. Businesses have clearly moved beyond a focus on data collection to data use, but users have an inadequate model of notice and consent at the point of data collection to limit inappropriate use. An interoperable context-aware metadata-based architecture that allows permissions and policies to be bound to data, and is flexible enough to allow for changing trust norms, help balance the tension between users and business, satisfy regulators’ desire for increased transparency and greater accountability, and still enable data to flow in ways that provide value to all participants in the ecosystem.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2


  1. 1.

    When multiple parties have rights to the same data, these rights may conflict or result in restrictions that that could potentially render new and innovative uses of such data difficult or impossible. We later discuss how policies may be reconciled in cases of conflict.

  2. 2.

    “Interoperable identity service” denotes identity-management services that agree, at a minimum, to compatible assurance levels, exchange protocols, and data formats to enable cross-platform authentication and authorization of digital identities.

  3. 3.

    The US Federal Trade Commission National Do Not Call Registry is an example of a global user policy that allows users to choose whether to receive telemarketing calls at home.


  1. Ashley, P., Powers, C., & Schunter, M. (2002). From privacy promises to privacy management: A new approach for enforcing privacy throughout an enterprise (pp. 43–50). Virginia Beach: New Security Paradigms Workshop.

    Google Scholar 

  2. Bohrer, K., Liu, X., Kesdogan, D., Schonberg, E., Singh, M., & Spraragen, S. L. (2001). Personal information management and distribution. The Fourth International Conference on Electronic Commerce Research (ICECR-4), (pp. 1–14). Dallas, TX.

  3. Bohrer, K., Levy, S., Liu, X., & Schonberg, E. (2003). Individualized privacy policy based access control. Proceedings 6th International Conference on Electronic Commerce Research (ICECR-6). Dallas, Texas.

  4. Bus, J., & Nguyen, M.-H. (2013). Personal data management—a structured discussion. In M. Hildebrandt, K. O’Hara, & M. Waidner (Eds.), Digital enlightenment yearbook 2013: The value of personal data (pp. 270–287). Amsterdam: Ios Press.

    Google Scholar 

  5. Casassa Mont, M., Pearson, S., & Bramhall, P. (2003). Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. Bristol: HP Laboratories.

    Google Scholar 

  6. Cisco. (2014). Cisco visual networking index: Global mobile data traffic forecast update, 2013–2018. Cisco.

  7. Cranor, L. (2003). P3P: making privacy policies more useful. IEEE Security and Privacy, 1(6), 50–55.

    Article  Google Scholar 

  8. European Commission. (2012). General data protection regulation. Brussels: European Commission.

    Google Scholar 

  9. IDC (2011). IDC Predictions 2012: Competing for 2020. IDC.

  10. Nguyen, M.-H., Haynes, P., Maguire, S., & Friedberg, J. (2013). A user-centred approach to the data dilemma: Context, architecture, and policy. In M. Hildebrandt, K. O’Hara, & M. Waidner (Eds.), Digital enlightenment yearbook 2013: The value of personal data (pp. 227–242). Amsterdam: Ios Press.

    Google Scholar 

  11. Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79(1). Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=534622.

  12. Nissenbaum, H. (2011). A contextual approach to privacy online. Daedalus, The Journal of the American Academy of Arts & Sciences, 140(4), 32–48.

    Google Scholar 

  13. President’s Council of Advisors on Science and Technology. (2010). Report to the president: Realizing the full potential of health information technology to improve healthcare for Americans: The path forward. Washington: Executive Office of the President.

    Google Scholar 

  14. PrimeLife. (2011). Project fact Sheet. Retrieved from http://primelife.ercim.eu/about/factsheet.

  15. Searls, D. (2012). The intention economy: When customers take charge. Boston: Harvard Business Review Press.

    Google Scholar 

  16. TNS Opinion & Social. (2011). Special Eurobarometer 359: Attitudes on data protection and electronic identity in the European union. Brussels: European Commission. Retrieved from http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf.

  17. Whitley, E. (2013). Towards effective consent-based control of personal data. In Digital enlightenment yearbook 2013: The value of personal data (pp. 165–176). Amsterdam: Ios Press.

    Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Sean Maguire.

Additional information

Responsible Editor: Sarah Spiekermann

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Maguire, S., Friedberg, J., Nguyen, MH.C. et al. A metadata-based architecture for user-centered data accountability. Electron Markets 25, 155–160 (2015). https://doi.org/10.1007/s12525-015-0184-z

Download citation


  • Metadata
  • Big data
  • Interoperability
  • Architecture

JEL classification

  • O33