With increasing take up of externally hosted services (from government, finance, entertainment), often hosted over Cloud computing infrastructure, there is a realisation that on-line electronic services can involve an interlinked set of providers. Increasingly, such providers can be mobile services at the network edge, often referred to a “micro data centres”. Users of these services only interact with a Web interface rather than the larger, distributed service ecosystem. They often entrust their data and identity without realising that the service provider may share their data with several back-end services (Cloud hosted analytics, advertisers). While this has been a problem in the past, it will be greatly exacerbated by the expansion of internet connected devices. In order to address this, the General Data Protection Regulation (GDPR) will be implemented to ensure that non-expert users can make informed decisions about their privacy and thereby give ‘informed consent’ to the use, sharing and repurposing of their personal data. There are a number of challenges to facilitate this, both for individuals who need to provide consent and for data controllers who need to obtain it. As a means of addressing this, we propose a technological solution in the form of a mobile software “container” that will ensure that all access instances are securely logged. This will improve transparency, enable an audit trail of providers and facilitate greater trust between users and service providers. A user-specified policy with the container can also intercept access attempts to user data, preventing policy violations. This multi-disciplinary project (involving computer science, business, law and policy) will employ socio-economic modelling as well as legal and policy analysis to investigate the trade-offs between data privacy and usability. Ultimately, the outcome of the project will be a privacy-aware service provisioning mechanism that enables: (i) greater trust between users and cloud providers; (ii) emergence of new actors that can offer services; (iii) a data market place that enables greater control of personal data by users