1. Home
  2. Blogs
  3. Rethinking privacy: at the service of citizens and businesses

Rethinking privacy: at the service of citizens and businesses


Data sharing has become an essential part of our daily lives, whether in our personal or professional activities. In this context, it is essential to combine technological innovation and respect for privacy to meet the expectations of citizens and businesses. At Fujitsu Luxembourg, cybersecurity engineers Sven Rasmusen and Sofiane Lagraa, together with European partners, are working on two innovative solutions to ensure secure, transparent and GDPR-compliant data sharing. These tools, developed as part of European projects, aim to transform the way data is collected and used.

Why has raising awareness of the use of personal data become essential?

SR: It is essential for citizens that their data is used in accordance with their privacy requirements. As for service providers, they must comply with the regulations in force and demonstrate rigorous controls to protect the data they hold. With the rise of AI and its widespread use, it is becoming increasingly important to stay aware of the data we share.

SL: Take the example of personalized recommendations aimed at improving the customer experience of searching, booking or checking in a hotel. This involves some data sharing to get the best results. This data is usually shared with the booking site, the hotel and potentially with third parties offering personalized services throughout the stay. The participation of many players raises issues of compliance with the GDPR, particularly in terms of transparency, user awareness, security of data transfers, storage, as well as traceability and auditing in the context of data sharing agreements between companies.

Giving citizens a clear and easy way to keep an overview of who owns their personal information

At Fujitsu, we are developing two solutions as part of the Horizon Europe projects: the "Privacy Assurance" platform, within TANGO (Digital Technologies Acting as a Gatekeeper to Information and Data Flows), and the "Data Agreement Manager", integrated into TRUSTEE (Trust and Privacy Preserving Computing Platform for Cross-Border Federation of Data). These tools allow you to share, control and monitor the use of personal data.

Which sectors are targeting these solutions, and who benefits?

SR: Companies that collect and process citizens' data directly, as well as those that cooperate by sharing data, can benefit greatly from these systems. For example, the smart hospitality, insurance, retail, and banking industries can use this data to improve the customer experience through personalization.

SL: The Privacy Assurance platform gives citizens a clear and easy way to keep an overview of who owns their personal information. At the same time, it can be integrated with a "Data Agreement Manager", a solution that allows companies to create traceable and GDPR-compliant data sharing agreements.

What benefits can citizens derive from these solutions?

SR: When we use online services (websites or apps), we are often asked to share personal information with multiple third parties. The "Privacy Assurance" platform allows citizens to use a single platform, integrating an additional level of privacy control, in addition to the GDPR. These controls, defined by the citizen, determine their general preferences for data sharing.

SL: Let's take the example of a citizen booking a hotel again. In the classic case, four parties are involved: the citizen, the hotel, third parties associated with the hotel and the local authorities. To enrich the guest experience, the hotel and its third-party services may request additional information, such as preferred activities or dietary restrictions. The "Privacy Assurance" platform guides the citizen throughout this journey, guaranteeing informed and continuous consent. With its built-in AI assistant, the platform automatically applies privacy controls predefined by the citizen and highlights key points to review before giving consent.

Why does the hotel industry need to rethink its management of personal data?

SR: The hospitality industry, like others, cannot avoid the collection and processing of personal data, as certain information is necessary to meet national legal requirements for tourism. While hotels may not have bad intentions when setting their privacy policy, human error can occur, or misconfigured IT systems can lead to flaws in GDPR compliance. These shortcomings can lead to substantial fines and damage the relationship with customers, jeopardizing the brand's reputation.

SL: The Privacy Assurance platform offers tools to provide proactive privacy controls and constant monitoring. The Data Agreement Manager facilitates cross-company collaboration by mandating privacy impact assessments and ensuring GDPR compliance when creating tamper-proof data sharing agreements. Together, these solutions help organizations adopt a GDPR-compliant model, integrating privacy by design and role-based access control, throughout the data management lifecycle.

What about the supervisory authorities? How are they integrated?

SR: In Luxembourg, as in any EU member state, a supervisory authority oversees the application of the GDPR, namely the National Commission for Data Protection (CNPD). The ecosystem formed by "Privacy Assurance" and "Data Agreement Manager" could allow supervisory authorities to register companies that process personal data and audit signed digital agreements. With these innovative technologies, automated checks reduce the need for human intervention, while transparent and tamper-proof business agreements build trust in data sharing and processing.