摘要 |
At ID retrieval apparatus 14, information revealing the identity of an individual is received, typically submitted S101 by the individual 40. A request, corresponding to the received personal identifying information (PII), is submitted S102 to ID generation apparatus 12 which generates an anonymised user ID. In return, the anonymised user ID is received S103 by the ID retrieval apparatus and output S104 to the individual, preferably without storing any record of the PII. Data engine 20 comprises data store 22 and access controller 24. The data store is inaccessible to the ID retrieval apparatus and is configured to receive S105 and store data representing behaviour of the individual, typically utilising a behavioural data source infrastructure or device, e.g. to measure and record a physical property of the individual or to record user interactions. The behavioural data are anonymously personalised by association with the anonymised user ID and, in order to access S107 the stored personalised behavioural data, the access controller requires that a data access request S106 from a service provider 30 specify the anonymised user ID. |