Title: TWO REASONS FOR END USER CONTROL

In FIDIS deliverable 7.2, profiling is described as a tool used by service providers (group profiling at the level of the AmI environment), whereas the data subject or end user seems to have little control over the construction and the use of those (group) profiles. In this section we will discuss attempts to develop technologies to redirect the control over profiles to the end users. There are two reasons to emphasise end user control in relation to ambient intelligence:  

1. To begin with - like in the case of any other type of profiling - some of the privacy and security risks discussed in chapter could be mitigated by means of end user control (use of partial profiles (pseudonyms) and/or local storage of personal information).

2. A second reason for end user control by means of local storage of the personal profile is that it would allow a person to move from one AmI environment into another, without the need to build up a personal profile all over again. Below we will work out two scenarios that could facilitate such local storage. Of course the more commonly envisioned option to achieve the same goal is the construction of a networked environment that makes different environments interoperable without access to data stored on the personal digital assistant of the end user. According to the ISTAG report of 2003 ‘AmI cannot be achieved piecemeal: it requires coherent application of resources European wide’. The scenarios worked out below seem to indicate otherwise.