completed
Company privacy ledger (GDPR, CCPA)
Current Project Status
Complete
Amount
Received
$81,300
Amount
Requested
$81,300
Percentage
Received
100.00%
Solution

Brands invite customers to use Profila’s App to learn + exercise data rights; privacy metadata ledger provides immutable legal proof 2 both

Problem

Privacy laws (e.g. GDPR) introduce data subject rights to help you control your data. Brands are (legally) required to respond + keep logs.

Addresses Challenge
Feasibility
Auditability

Profila

3 members

Company privacy ledger (GDPR, CCPA)

Short summary of the Profila app (as testing ground for the proposal POC) - Profila is a platform (consisting of both a mobile IOS and Android application for individuals and a web-based dashboard for companies, organizations, governments and other legal entities, we call "Brands") that enables individuals to communicate with various organizations in their lives, privately, one-to-one, and without supervision or surveillance. Organizations can be either private or public entities.

Consumers can manage their digital life in one location. They can sort all their personal information, product preferences and communication preferences and communicate with all the organizations they want to interact with in the same easy way (instead of on each individual organization's platform each time). The entire tool is design for people to (1) gain control over their personal data; (2) choose to ethically share (or not) they personal data with organisations, and (3) get compensated if they do.

Before going into the proposal, the concept of "data subject rights" needs some explanation.

1. The concept of data subject rights as a legal tool for individuals to start controlling their data

A first step to data control is knowing your rights in relation to your data and taking action against those who misuse your data. This can be done via "data subject rights", as explained briefly below.

Numerous national and regional privacy or consumer protection laws, regulations and jurisprudence provide private individuals – often called "data subjects" – with certain rights in relation to their personal data. Under certain conditions, these rights can be enforced against businesses that process personal data.

These rights are often called "data subject rights" or "data rights" and may include e.g.

  • right to information

  • right to opt out

  • right to access – ask access to personal data that is being processed by a business (e.g. ; hen you want to know just how much data a company has about you);

  • right to be forgotten – ask a business to delete your personal data (e.g. when you don't want to receive any products anymore, and definitely no more marketing messages);

  • right to rectification – ask a business to rectify personal information about you that is inaccurate or incomplete (e.g. they have your old address or there is a typo in your name);

We can find these rights in the European General Data Protection Regulation (GDPR); the California Consumer Privacy Act (CCPA); the Brazilian General Data Protection Regulation (LGDP) and many more.

The main goal of these rights it to GIVE CONSUMERS CONTROL OVER THEIR PERSONAL DATA. These laws (GDRP, CCPA; LGDP) include many obligations for companies; namely to (i) inform consumers of these rights; (ii) to help them exercise these rights; (iii) to timely respond to these rights, mostly within a reasonable period of 15 to 30 days; and (iv) to do this all in a transparent way, and no cost to the individual.

2. Privacy rights today – problems – lack of education and management

Today, you have no control over the use of your personal data. In order to control your data, you need to know what happens to it, and you need to be able to take action against those who misuse it. This is where DSRs come in very handy, as they can be used by each individual to (1) become aware of what personal data is collected; how it is used (=information) and – once you have this information – to (2) tell businesses what to do (different) (e.g. rectify; delete; opt out).

However, do you know what your rights are and how you need to exercise them? Today, there is no tool available that lets you learn about your rights and provide you with an easy way to exercise them. Some local websites of data protection authorities provide you with information and templates, but require you to download lengthy word documents, fill out 10-15 elements in these documents, upload them, send them by email or post to the Brand in question. This process is only available for those people who actually know what a data protection authority is (=what?), and who are willing to spend some hours to get the template filled out and send.

That is where Profila comes in.

3. Profila today - the existing consumer App – first step towards data control via privacy education and data rights management

The current Profila App has a consumer-friendly privacy education and data rights management dashboard (see "illustration 2 – Profila Privacy App").

Education – the App has 9 basic modules about your privacy rights, explaining to you in understandable terms and with examples "what is personal data", "what is a controller/processor", "what are your rights", what is e.g. "your right to be forgotten" (including GDPR in Europe, CCPA in California, LGDP in Brazil). They are tools that can be used by consumers to control their data.

Rights Management – the App then has a dashboard which allows you to manage your rights, e.g. use your "right to object" to tell Wholefoods to stop sending daily emails, or your "right to be forgotten" to ask Wholefoods to erase all personal data they hold about you. Profila has reduced this legally difficult process of exercising data subject rights to an easy 3-click step process, where you can (1) choose a company logo (recipient of the right); (2) click on one of the 8 data subject rights, and (3) include an identifier (email; phone). Profila then forwards an official legal template to the business. According to the law that applies to your relationship with this company (which is determined based on your country of residence/nationality), the company will be legally required to respond to you within 15-30 days.

4. Profila tomorrow – the "Catalyst privacy ledgers"- started with a POC under fund 5 –> second phase fund 8

What did we create as POC under the fund 5 Challenge?

Issue - "centralized DSR management" - Each data subject right (DSR) that is exercised by an individual using Profila (including the specific terms like which DSR, data, company recipient, specific content and request), is only saved by Profila in our IT environment, and can only be enforced by Profila or its existence proven by Profila. Profila is therefore guaranteeing that the legal request/transaction happened, what terms it contains, whether terms are abided by (e.g. did the business actually respond to the request in time, as they are legally obligated to do).

This is a liability for both contracting parties, who would need to trust Profila. Profila, as a commercial company, would have to actively step in as arbitrator/mediator, and guarantee this level of trust that a transaction took place + terms thereof. However, we only want to provide consumers with the tools to control their data. The trust and consensus that a transaction took place or contract was made needs to come from the community of users.

Under the Catalyst project (fund 5), we want to tackle this issue by making available on Cardano a ledger for all privacy interactions that you as an individual exercised via the Profila privacy rights management platform: each user that exercises a data subject right with a brand will be able to easily access each such request, including the brands' response.

E.g. You exercises your right to object to the processing of direct marketing messages to Wholefoods, after receiving 15 mails per week with advertising. If several months after this request, Wholefoods doesn't abide by this request and again starts using your personal data to send you direct marketing messages, you can use the ledger entry as immutable proof of the right you exercised. This way, you can show Wholefoods they breached your right and hold them accountable (unlike the "unsubscribe" buttons you click 10x times, with no proof thereof, and with no effect because mails keep on coming). You can even use the information in the ledger to file a complaint at a national data protection authority, showing them what you agreed to, and how the company actually (mis)used your data. You will be able to check forever, every legal right you send to a business concerning the use of your (personal) data. Nobody would be able to tamper with this information. This is control.

We presented our finished project during the Catalyst townhall of 3 March 2022.

<https://www.youtube.com/embed/GqT9TYwsPW0>What are we improving under this fund 8 challenge?

After successful metadata project (fund 5) "control your data - privacy ledger" where we implemented metadata from a DSR into the Cardano blockchain (from a central Profila node/wallet), we are now proposing to implement a response panel in the dashboard of companies, where they can have an easy overview from all data subject rights that have been exercised by their consumers. All requests, timelines, responses etc will be included on the blockchain, so companies have immutable proof that they responded timely (as they are required by law).

The new version of the DSR process (privacy ledger) we are developing (and hope to get funded for) under this second Catalyst (fund 8) submission will add important functionalities to our brand dashboard (not consumer app unlike the other proposal "control your data - privacy ledger".

This follow up proposal will also advance our mission and vision to provide people with control of their data and learn about their privacy rights, but it will also help brands fulfill their GDPR obligations of transparancy, information requirements, and aiding data subjects (people) in exercising their privacy rights.

In addition to the new ledger entries, we will add the use of the zero knowledge token (ZKT) to offset blockchain entry fees.

The challenge is as follows: "what applications will provide the most value for end users in 2022"?

We are confident that our proposal addresses this challenge because we are expecting several companies onto our platform in the next months, who will benefit from the functionality we develop under this proposal

  • We are onboarding 100.000+ users onto the App in the next months, as part of a pilot with a large multinational.
  • All of these people will be able to use these privacy functionalities to better understand how to take control of their data with brands. This is something that doesn't exist today on the internet, and will revolutionize the way we think about data ownership.
  • brand will be able to use our tool as part of their effort to become privacy-compliant (GDPR, CCPA), look after people's data, be transparent about how they use it.

Challenges

  1. Scalability and speed of Cardano blockchain for high volume transaction if millions of people would use the privacy ledger to exercise their rights with multiple brands.
  2. Cost of high volume transaction ledger/record of all blockchain entries (we'll have to work with batching rights together instead of 1 right-1entry).

Risks

  1. Cardano blockchain speed and cost might be prohibitive to project success/adoption
  2. Privacy on the blockchain (even if hashed) forms a risk. Workaround to be researched under this proposal

For a detailed version of the Profila roadmap, see attached the "Profila pitch deck".

The milestones & deliverables for this specific proposal are as follows: (post funding):

  • Week 1: project kickoff with COO, internal dev team and external game developer, further discussing technical requirements to be included in the PRD (product requirement document)

  • Week 2: submission of the PRD (product requirement document) by business team (start week), with comments of the development team (end week).

  • Week 3: final PRD submitted, with project divided in 14 days sprints, with scrum calls and update calls in the calendar of all team members.

  • Week 4: first development work starts.

  • month 2: designer produces new band dashboard screens for in the app in parallel of dev work.

  • month 3-6: integration of new band dashboard design screen, continued development work.

  • month 6: testing, demo to community (townhall), final video creation and reporting form

Creating this enhanced and improved second version of our smart contract/metadata privacy ledger on Cardano, will require at least a budget of 81.300 USD for a 6-month development project, to be allocated as follows:

  • 25 days of senior blockchain developer @ 900 USD per day

  • 10 days by our gamification developer @ 1000 CHF (=equal to USD) per day to include the token in the app and DSR process

  • 30 days of web/backend developer @ 400 USD per day

  • 30 days of app developer @ 400 USD per day

  • 7 days of senior designer work @ 700 per day (design of extra gamified screens in the app)

  • 22 days of legal, operational work, including project management and reporting @ 900 USD per day

We are aware the the project described in this proposal will require more funds than only the 81.300 USD asked, but we will be paying for additional development ourselves via our token sale proceeds, if the token sale (march/april 2022) provides us with sufficient funds.

Who will be the senior blockchain developer? Our own CTO Raja is becoming well acquainted with the technology via the Plutus pioneer program, also created the token on 22 November 2021. In addition, we are very pleased with the help we are getting from IOHK's professional services team as well. Finally, we are working together with MLabs.

Team – We have a versatile team with experience in blockchain projects that is able and committed to tackle this challenge. Please find below more information on the Profila leadership team:

  • MICHIEL VAN ROEY, (Co-founder, Crypto-legal expert and Chief Legal Officer); Belgian, 10 years XP as EU-qualified business lawyer in international law firms, an international organization (CERN), and a multinational company (Cisco). Specialized in tech & and privacy law; author crypto-asset regulations (see https://thelawreviews.co.uk/title/the-virtual-currency-regulation-review/belgium). See LinkedIn profile of Michiel, https://www.linkedin.com/in/michielvanroey/.

  • RAJASEKARAN YOGARAJAH (Chief Technology Officer), Swiss resident, 15 years XP as software developed and serial entrepreneur, with experience in blockchain-based business models and e-commerce platforms. See LinkedIn, see https://www.linkedin.com/in/life-artist/.

  • SHAWN BOONE JENSEN, (Founder & CEO); South African; 20+ years XP in senior management role in ISP's, SI and global Telco organizations, most recently as Head of Product &Head of Customer Presales and Service MEA in Vodafone Global Enterprise (VGE). See LinkedIn, https://www.linkedin.com/in/shawnj/.

  • LUKE BRAGG, (Chief Product Officer); US citizen & Swiss resident; 20 years XP designing creative digital solutions for complex organizations (G7 organization in Russia; digital strategy lead for Akzo Nobel in the Netherlands; Director of Enterprise Architecture for Merck/MSD). See LinkedIn, https://www.linkedin.com/in/lucasbragg/.

  • IPEK SAHINER, (Chief Operating Officer); Swiss and Turkish citizen, Computer Engineer with 20 years XP as computer engineer and project manager in the telecom sector at Nokia, supporting local Swiss and global network operators. See LinkedIn, https://www.linkedin.com/in/ipeksahinerschlecht/.

  • MICHAEL RAVA, (Chief Marketing Officer); Swiss; high-end networker with over 30 years of business experience as entrepreneur, influencer, consultant, advisor, investor, full-stack marketer, brand and retail expert, social media visionary, keynote speaker, and digital ethic warrior. See Linkedin, https://www.linkedin.com/in/ravamichael/.

  • REMY MERCKX (Chief Growth Officer); French; 23 years XP in the Travel & Hospitality Industry,

Please find below more information on the Profila advisory team:

Profila will provide the community with detailed periodical progress for this proposal (once funded) in the following ways:

  1. Github repository updated (1x per month, after the initial scrum sessions for creation of the PRD, product requirement document

  2. Two-weekly updates to other Cardano proposers via the Catalyst coordinator call

  3. Two-weekly updates in our "Cardano projects" newsletter (register via our website https://ico.profila.com))

  4. Monthly project process and KPI reports submitted to Catalyst teams and available to the public for verification

  5. Monthly Swarm session office hour (at end of townhall) for a Question and Answer session about our funded project

  6. Periodical AMAs by the Profila founders to talk about our progress

The new version of the DSR process (privacy ledger) we are developing (and hope to get funded for) under this second Catalyst (fund 8) submission will add important functionalities to our brand dashboard (not consumer app unlike the other proposal "control your data - privacy ledger".

This follow up proposal will also advance our mission and vision to provide people with control of their data and learn about their privacy rights, but it will also help brands fulfill their GDPR obligations of transparancy, information requirements, and aiding data subjects (people) in exercising their privacy rights.

Success of this improved POC would be that we can integrate it into our existing App with one of the 5 SME brands that are testing, and make sure it works with their consumers.

Success after 3 months - finalizing the development work to be tested in the App

Success after 6 months - running targeted trials with this second POC in the App with real customers

Success after 12 months - full deployment of the metadata POC in the App; covering every interaction that includes privacy rights from every user, and responses from brands.

The proposal is a second step (or second use case) of our privacy ledger. The first POC of this privacy ledger received funding as part of the following proposal under fund 5 - <https://cardano.ideascale.com/c/idea/350680>

Additional proposals that received funding:

NFT business models (F6) — NFT for customer feedback/content - <https://cardano.ideascale.com/a/dtd/NFT-for-customer-feedback-content/368122-48088>

Dapps and Integrations (F6) — Dapp to control/monetize your data - <https://cardano.ideascale.com/a/dtd/Dapp-to-control-monetize-your-data/366908-48088>

Atala Prism Adoption (F6) — Control your data (vault) via PRISM - <https://cardano.ideascale.com/a/dtd/Control-your-data-vault-via-PRISM/367840-48088>

Metadata (F5) — Control your data — privacy ledger - <https://cardano.ideascale.com/c/idea/350680>

Dapps and Integrations (F7) — Anonymity and data control online via ZKT - <https://cardano.ideascale.com/c/idea/382488>

All these challenges are part of our DeMar (decentralized marketing) and ZKA (Zero-knowledge advertising) development roadmap:

This project is not the first step into our broader Cardano technology adoption and integration around zero-knowledge advertising and insights, which all relate to the control of your personal data and your attention by you as an individual. We have additional proposals funded as part of this effort:

- step 1 - personal data license smart contract - fund 6 (funded).

Recording a company's access to your personal data, including the terms of such access (compensation to you, duration, purpose, etc) on the Cardano blockchain, so you have immutable proof for each piece of data you shared, ever.

<https://cardano.ideascale.com/a/dtd/Dapp-to-control-monetize-your-data/366908-48088>

- step 2 - privacy ledger – fund 5 (funded).

A ledger for all privacy interactions via the privacy rights management platform. UPDATE - We have submitted this proposal under the "metadata challenge" of FUND 5 and received the first place! #thankyouADAcommunity.

https://cardano.ideascale.com/a/dtd/Control-your-data-%E2%80%93-privacy-ledger/350680-48088. We will keep you posted on our progress.

- Step 3 - digital ID - fund 6 (funded).

Atala implementation – If you want to control your data online and receive (financial) compensation for your data, it is important you can provide proof of your identity. Atala Prism is the perfect solution. By integrating Atala, we can better guarantee that the correct person is sharing information and is receiving payments. We have submitted this proposal under the FUND 6 challenge "Atala PRISM DID Mass-Scale Adoption" and were funded! #thankyouADAcommunity.

<https://cardano.ideascale.com/a/campaign-home/26116>

- step 4 - zero-knowledge advertising and zero knowledge token - first use case - fund 7 - (funded)

For more information about our research paper "Zero Knowledge Advertising: a new era of privacy-preserving AdTech solutions", and our Zero Knowledge Token whitepaper, see our website <https://profila.com> or the documents attached to this proposal.

- Step 5 - NFT for customer feedback/content - fund 6 (funded).

NFT platform to record constructive consumer feedback/content; shared by people with brands; compensating you for useful & creative content.

<https://cardano.ideascale.com/a/dtd/NFT-for-customer-feedback-content/368122-48088>

close

Playlist

  • EP2: epoch_length

    Authored by: Darlington Kofa

    3m 24s
    Darlington Kofa
  • EP1: 'd' parameter

    Authored by: Darlington Kofa

    4m 3s
    Darlington Kofa
  • EP3: key_deposit

    Authored by: Darlington Kofa

    3m 48s
    Darlington Kofa
  • EP4: epoch_no

    Authored by: Darlington Kofa

    2m 16s
    Darlington Kofa
  • EP5: max_block_size

    Authored by: Darlington Kofa

    3m 14s
    Darlington Kofa
  • EP6: pool_deposit

    Authored by: Darlington Kofa

    3m 19s
    Darlington Kofa
  • EP7: max_tx_size

    Authored by: Darlington Kofa

    4m 59s
    Darlington Kofa
0:00
/
~0:00