not approved
Profila privacy ledger - 3dP access
Current Project Status
Unfunded
Amount
Received
$0
Amount
Requested
$97,000
Percentage
Received
0.00%
Solution

People use Profila’s App to learn about + exercise their data rights (e.g. right to be forgotten); the privacy metadata ledger then provides legal proof of this event = “unsubscribe on steroids”

Problem

People can control the (use of) their data (online and offline) via a set of (legal) data rights. However, people don’t know how to use/exercise them to their advantage

Impact / Alignment
Feasibility
Auditability

Profila

2 members

Profila privacy ledger - 3dP access

Please describe your proposed solution.

Existing Catalyst funded projects - Profila has already received funding by the Cardano community for 4 project workstreams (privacy - data sharing via NFTs - digital ID - tokenization/gamification) - during fund 5, 6, 7 and 8 of Project Catalyst. We thank the Cardano community for their trust and support.

All our projects are aimed at giving people back control over their personal data, control over brand content they see, and provide people with compensation for their data and attention. The project workstreams we are developing are the following:

1. Privacy - titled: Control your data - privacy ledger (funds 5 and 8); and Company privacy ledger (GDPR & CCPA)(fund 8)

2. Data sharing via NFT: NFT for customer feedback/content (fund 6); and (d)app to control your data (fund 6)

3. DID - Control your data (vault) via PRISM (funds 6 and 8)

4. Tokenization/Gamification - anonymity and data control with ZKT (funds 7 and 8).

****

Privacy workstream projects

This current proposal under fund 9 called "Profila privacy ledger - 3dP access", is a continuation of the earlier privacy metadata ledger we build and delivered under fund 5, and are further extending under fund 8.

  • Fund 5 - privacy metadata ledger - first POC to add metadata about a data right exercised by an individual to the blockchain (testnet) - project closeout video available above
  • Fund 8 - privacy ledger part 2 - improvements to the testnet POC
  • Fund 8 - company privacy ledger - allowing brands/companies also to access the ledger and log their responses to your legal request, providing them with immutable proof they responded adequately and in time

Now under fund 9, we will allow both parties who are part of the legal request (people - brands) to allow third parties to access to the metadata ledger entry (and the off-chain stored personal data linked to the metadata entry), by giving them a temporary private/public key pair. A third party can be a lawyer or even a judge (in case of a dispute about how personal data was misused), but also a governmental agency or data privacy authority (e.g. in case you want to complain to a privacy authority that a company didn't adequately or timely respond to your legal request). It is important for the purpose of legal proof, that third parties can access this information to validate whether or not a data subject right was exercised, what its content was, whether the brand responded in time and with adequate information.

****

Detailed solution

<u>"From data abuse to personal data control" – implementing and developing on top of Cardano a metadata store to that give people control over their personal information and demonstrate when an individual exercised a data subject right.</u>

Short summary of the Profila app (as testing ground for the metadata ledger POC) - Profila is a platform (consisting of both a mobile IOS and Android application for individuals and a web-based dashboard for companies, organizations, governments and other legal entities, we call "Brands") that enables individuals to communicate with various organizations in their lives, privately, one-to-one, and without supervision or surveillance. Organizations can be either private or public entities.

Consumers can manage their digital life in one location. They can sort all their personal information, product preferences and communication preferences and communicate with all the organizations they want to interact with in the same easy way (instead of on each individual organization's platform each time). The entire tool is design for people to (1) gain control over their personal data; (2) choose to ethically share (or not) they personal data with organisations, and (3) get compensated if they do.

We invite you to read our pitch deck and check out our product demo (both in PDF attached to this proposal), which will show you more details about our product, market, go to market, team, business model, traction, partnership, funds and grants received. Our product demo shows you the app that exists today and explains the most important features.

Before going into the proposal, the concept of "data subject rights" needs some explanation.

1. The concept of data subject rights as a legal tool for individuals to start controlling their data

A first step to data control is knowing your rights in relation to your data and taking action against those who misuse your data. This can be done via "data subject rights", as explained briefly below.

Numerous national and regional privacy or consumer protection laws, regulations and jurisprudence provide private individuals – often called "data subjects" – with certain rights in relation to their personal data. Under certain conditions, these rights can be enforced against businesses that process personal data.

These rights are often called "data subject rights" or "data rights" and may include e.g.

- right to information - the right to be informed about how a business uses your personal data

- right to opt out - people can ask businesses to stop selling their personal information or using it for business benefit;

- right to access – ask access to personal data that is being processed by a business (e.g. ; hen you want to know just how much data a company has about you);

- right to be forgotten – ask a business to delete your personal data (e.g. when you don't want to receive any products anymore, and definitely no more marketing messages);

- right to rectification – ask a business to rectify personal information about you that is inaccurate or incomplete (e.g. they have your old address or there is a typo in your name);

We can find these rights in the European General Data Protection Regulation (GDPR); the California Consumer Privacy Act (CCPA); the Brazilian General Data Protection Regulation (LGDP) and many more.

The main goal of these rights it to GIVE CONSUMERS CONTROL OVER THEIR PERSONAL DATA. These laws (GDRP, CCPA; LGDP) include many obligations for companies; namely to (i) inform consumers of these rights; (ii) to help them exercise these rights; (iii) to timely respond to these rights, mostly within a reasonable period of 15 to 30 days; and (iv) to do this all in a transparent way, and no cost to the individual.

2. Privacy rights today – problems – lack of education and management

Today, you have no control over the use of your personal data. In order to control your data, you need to know what happens to it, and you need to be able to take action against those who misuse it. This is where DSRs come in very handy, as they can be used by each individual to (1) become aware of what personal data is collected; how it is used (=information) and – once you have this information – to (2) tell businesses what to do (different) (e.g. rectify; delete; opt out).

However, do you know what your rights are and how you need to exercise them? Today, there is no tool available that lets you learn about your rights and provide you with an easy way to exercise them. Some local websites of data protection authorities provide you with information and templates, but require you to download lengthy word documents, fill out 10-15 elements in these documents, upload them, send them by email or post to the Brand in question. This process is only available for those people who actually know what a data protection authority is (=what?), and who are willing to spend some hours to get the template filled out and send.

That is where Profila comes in.

3. Profila today - the existing consumer App – first step towards data control via privacy education and data rights management

The current Profila App has a consumer-friendly privacy education and data rights management dashboard (see "illustration 2 – Profila Privacy App").

  1. <u>Education</u> – the App has 9 basic modules about your privacy rights, explaining to you in understandable terms and with examples "what is personal data", "what is a controller/processor", "what are your rights", what is e.g. "your right to be forgotten" (including GDPR in Europe, CCPA in California, LGDP in Brazil). They are tools that can be used by consumers to control their data.

  2. <u>Rights Management</u> – the App then has a dashboard which allows you to manage your rights, e.g. use your "right to object" to tell Wholefoods to stop sending daily emails, or your "right to be forgotten" to ask Wholefoods to erase all personal data they hold about you. Profila has reduced this legally difficult process of exercising data subject rights to an easy 3-click step process, where you can (1) choose a company logo (recipient of the right); (2) click on one of the 8 data subject rights, and (3) include an identifier (email; phone). Profila then forwards an official legal template to the business. According to the law that applies to your relationship with this company (which is determined based on your country of residence/nationality), the company will be legally required to respond to you within 15-30 days.

4. Profila tomorrow – the Catalyst project - implementing DSR transaction metadata on Cardano, to demonstrate/prove that a DSR was exercised

What do we seek to improve via this privacy workstream (under funds 5 - 8)?

Issue - "centralized DSR management" - Each data subject right (DSR) that is exercised by an individual using Profila (including the specific terms like which DSR, data, company recipient, specific content and request), is only saved by Profila in our IT environment, and can only be enforced by Profila or its existence proven by Profila. Profila is therefore guaranteeing that the legal request/transaction happened, what terms it contains, whether terms are abided by (e.g. did the business actually respond to the request in time, as they are legally obligated to do).

This is a liability for both contracting parties, who would need to trust Profila. Profila, as a commercial company, would have to actively step in as arbitrator/mediator, and guarantee this level of trust that a transaction took place + terms thereof. However, we only want to provide consumers with the tools to control their data. The trust and consensus that a transaction took place or contract was made needs to come from the community of users.

Under earlier Catalyst projects (fund 5/8), we tackled this issue by making available on Cardano a ledger for all privacy interactions that you as an individual exercised via the Profila privacy rights management platform: each user that exercises a data subject right with a brand will be able to easily access each such request, including the brands' response. We also are making a similar ledger for companies so they can access all metadata about their responses to these requests by customers.

E.g. You exercises your right to object to the processing of direct marketing messages to Wholefoods, after receiving 15 mails per week with advertising. If several months after this request, Wholefoods doesn't abide by this request and again starts using your personal data to send you direct marketing messages, you can use the ledger entry as immutable proof of the right you exercised. This way, you can show Wholefoods they breached your right and hold them accountable (unlike the "unsubscribe" buttons you click 10x times, with no proof thereof, and with no effect because mails keep on coming). You can even use the information in the ledger to file a complaint at a national data protection authority, showing them what you agreed to, and how the company actually (mis)used your data. You will be able to check forever, every legal right you send to a business concerning the use of your (personal) data. Nobody would be able to tamper with this information. This is control.

This current proposal under fund 9 called "Profila privacy ledger - 3dP access", is a continuation of the earlier privacy metadata ledger we build and delivered under fund 5, and are further extending under fund 8.

  • Fund 5 - privacy metadata ledger - first POC to add metadata about a data right exercised by an individual to the blockchain (testnet) - project closeout video available above
  • Fund 8 - privacy ledger part 2 - improvements to the testnet POC
  • Fund 8 - company privacy ledger - allowing brands/companies also to access the ledger and log their responses to your legal request, providing them with immutable proof they responded adequately and in time

Now under fund 9, we will allow both parties who are part of the legal request (people - brands) to allow third parties access to the metadata ledger entry (and the off-chain stored personal data linked to the metadata entry), by giving them a temporary private/public key pair. A third party can be a lawyer or even a judge (in case of a dispute about how personal data was misused), but also a governmental agency or data privacy authority (e.g. in case you want to complain to a privacy authority that a company didn't adequately or timely respond to your legal request).

Please describe how your proposed solution will address the Challenge that you have submitted it in.

"What dapps, products and integrations can be implemented to bring impactful use cases to Cardano ecosystem that help drive more adoption?"

The solution is a distributed product and integrates with the Cardano blockchain by adding metadata each time an individual exercises a right.

Each individual in the world has the right to exercise them and currently there is no form of proof that this happened. The impact of this proposal on Cardano could be very large if we can make our solution public. This is also why under this proposal we will now start talking to regulators to explain them the advantages. Privacy regulators might be able to help us reach a lot of people.

What are the main risks that could prevent you from delivering the project successfully and please explain how you will mitigate each risk?

As we already delivered the first part of this POC under fund 5 (see video above), we know how to further develop this privacy ledger.

The only risk of not delivering this project would be the bankruptcy of our company (Profila GmbH) during this bear market. However, we have raised sufficient funds before May 2022 to survive for the next 12 months.

Our “grants and partnerships” slide shows some of the research, institutional and governmental relationships we have build up over the last years. We have the necessary funding and technical partners to successfully manage multiple projects on Cardano, together with our team of almost 20 people. Our development partnership with Mlabs (blockchain developers) and Steppechange (Adtech/Data developers) as well as our relationship with IOHK’s professional development team complement our own CTO/dev team in the technical deliverables. Our long term research partnerships with the University of Luzern (privacy - NLP/ML) and University of Madrid (adtech, digital identity, zero knowledge advertising) give us access to 2 teams of +5 experienced professors/researchers who are working on a monthly basis on our projects. Our funding slide in the deck also shows we have obtained sufficient funding – apart from the +1 million USD grants – to survive as a company during these uncertain times in the market. We will definitely be able to make good on our promise to the Cardano community to deliver.

Please provide a detailed plan, including timeline and key milestones for delivering your proposal.

The milestones & deliverables for this specific proposal are as follows: (post funding):

  • Week 1: project kickoff with COO, internal dev team and external blockchain developer, further discussing technical requirements to be included in the PRD (product requirement document)

  • Week 2: submission of the PRD (product requirement document) by business team (start week), with comments of the development team (end week).

  • Week 3: final PRD submitted, with project divided in 14 days sprints, with scrum calls and update calls in the calendar of all team members.

  • Week 4: first development work starts.

  • month 2: designer produces new screens for in the app in parallel of dev work

  • month 3-6: continued development work

  • month 7-8: testing

  • month 9: finalize project, video and paper reporting

As the voting ends in August and funds are distributed in September, we consider the first week to be somewhere late September, early October 2022 (kick-off meeting).

Please provide a detailed budget breakdown.

This proposal requires at least a budget of 97.000 USD for a 6-month development project, to be allocated as follows:

  1. Research and PRD development - USD 8.000
  2. Business analysis and UX/UI design work - USD 7.000

10 days of senior designer work @ 700 USD per day (design of extra gamified screens in the app)

3. Project management and reporting overall - USD 10.000

30 days of project management and reporting @ 500 USD per day

4. Development and testing to delivery - USD 72.000

  • 32 days of senior blockchain developer @ 1000 USD per day

  • 24 days by our game developer @ 1000 CHF (=equal to USD) per day

  • 20 days of web/backend developer @ 400 USD per day

  • 20 days of app developer @ 400 USD per day

Please provide details of the people who will work on the project.

Main contact person:

Profila GmbH

Michiel Van Roey, Co-Founder of Profila and Project Head

See LinkedIn https://www.linkedin.com/in/michielvanroey/

Extended Team:

Team – We have a versatile team with experience in blockchain projects that is able and committed to tackle this challenge. Please find below more information on the Profila leadership team:

  • Mikko Kotila (technology advisor) - IT project manager and data analyst with 20+ years’ experience multi-disciplinary technology and software development projects (throughout all phases of implementation with global scope and resource team). See LinkedIn, https://www.linkedin.com/in/mikkokotila/.

  • MICHIEL VAN ROEY, (Co-founder, Crypto-legal expert and Chief Legal Officer); Belgian, 10 years XP as EU-qualified business lawyer in international law firms, an international organization (CERN), and a multinational company (Cisco). Specialized in tech & and privacy law; author crypto-asset regulations (see https://thelawreviews.co.uk/title/the-virtual-currency-regulation-review/belgium). See LinkedIn profile of Michiel, https://www.linkedin.com/in/michielvanroey/.

  • SHAWN BOONE JENSEN, (Founder & CEO); South African; 20+ years XP in senior management role in ISP's, SI and global Telco organizations, most recently as Head of Product &Head of Customer Presales and Service MEA in Vodafone Global Enterprise (VGE). See LinkedIn, https://www.linkedin.com/in/shawnj/.

  • LUKE BRAGG, (Chief Product Officer); US citizen & Swiss resident; 20 years XP designing creative digital solutions for complex organizations (G7 organization in Russia; digital strategy lead for Akzo Nobel in the Netherlands; Director of Enterprise Architecture for Merck/MSD). See LinkedIn, https://www.linkedin.com/in/lucasbragg/.

  • IPEK SAHINER, (Chief Operating Officer); Swiss and Turkish citizen, Computer Engineer with 20 years XP as computer engineer and project manager in the telecom sector at Nokia, supporting local Swiss and global network operators. See LinkedIn, https://www.linkedin.com/in/ipeksahinerschlecht/.

  • REMY MERCKX (Chief Growth Officer); French; 23 years XP in the Travel & Hospitality Industry,

  • CLARA-ANN GORDON, Swiss; partner at Niederer Kraft Frey (NKF; Zürich), legal advisor to Profila. See LinkedIn, https://www.linkedin.com/in/clara-ann-gordon/.

  • ELIE AUVRAY, French; co-Founder of logion (public blockchain network), blockchain advisor to Profila; See LinkedIn, https://www.linkedin.com/in/elieauvray/.

  • PHILIP LAMS, Belgian, serial entrepreneur & Profila board member, sales & business advisor to Profila; See LinkedIn, https://www.linkedin.com/in/philip-lams-a9a64215/.

  • BULLISH DUMPLING, Cardano Community ambassador and interviewer, with 5000+ highly relevant cardano followers, known for interviewing Cardano Foundation CEO (Frederik Gregaard). See Twitter

  • HOSKY

  • Mitchell Goodie (product analyst) https://www.linkedin.com/in/mitchellgoudie/

  • Elena Meier (legal intern) https://www.linkedin.com/in/elena-meier3/

University of Madrid + IOHK + Mlabs

Our own team will work together with 4 researchers at the University of Luzern and our own hired development resources at MLabs

If you are funded, will you return to Catalyst in a later round for further funding? Please explain why / why not.

This fourth proposal for now seems to be the final step of our privacy ledger project, unless during the development of our earlier proposals we see another opportunity to further build out this project.

----------------------------------------------------------------------------------------------------

Existing Catalyst funded projects - Profila has already received funding by the Cardano community for 4 project workstreams (privacy - data sharing via NFTs - digital ID - tokenization/gamification) - during fund 5, 6, 7 and 8 of Project Catalyst. We thank the Cardano community for their trust and support.

All our projects are aimed at giving people back control over their personal data, control over brand content they see, and provide people with compensation for their data and attention. The project workstreams we are developing are the following:

1. Privacy - titled: Control your data - privacy ledger (funds 5 and 8); and Company privacy ledger (GDPR & CCPA)

2. Data sharing via NFT: NFT for customer feedback/content (fund 6); and (d)app to control your data (fund 6)

3. DID - Control your data (vault) via PRISM (funds 6 and 8)

4. Tokenization/Gamification - anonymity and data control with ZKT (funds 7 and 8).

----------------------------------------------------------------------------------------------------

Please describe what you will measure to track your project's progress, and how will you measure these?

Profila will provide the community with detailed periodical progress for this proposal (once funded) in the following ways:

  1. Github repository updated (1x per month, after the initial scrum sessions for creation of the PRD, product requirement document)
  2. 2-weekly updates to other Cardano proposers via the Catalyst coordinator call
  3. 2-weekly updates in our "Cardano projects" newsletter (register via our website https://profila.com/token)
  4. Monthly project process and KPI reports submitted to Catalyst teams and available to the public for verification.
  5. Monthly Swarm session office hour (at end of townhall) for a Question and Answer session about our funded projects.
  6. Periodical AMAs by the Profila founders to talk about our progress.

What does success for this project look like?

Success is the timely development of this additional fourth aspect of our privacy metadata ledger, its integration into the Profila platform and testing with our customers. We will include a demonstration of its during the townhall presentation and closeout report.

Success would also be traction with certain governments and data privacy authorities in Europe, so that they help spread the news that this consumer-focused application of privacy rights on the Cardano blockchain exists. We hope to have at least 1 data privacy authority working with us on this project by the end of month 9.

Please provide information on whether this proposal is a continuation of a previously funded project in Catalyst or an entirely new one.

This current proposal under fund 9 called "Profila privacy ledger - 3dP access", is a continuation of the earlier privacy metadata ledger we build and delivered under fund 5, and are further extending under fund 8.

Now under fund 9, we will allows both parties who are part of the legal request (people - brands) to allow third parties access to the metadata ledger entry (and the off-chain stored personal data linked to the metadata entry), by giving them a temporary private/public key pair. A third party can be a lawyer or even a judge (in case of a dispute about how personal data was misused), but also a governmental agency or data privacy authority (e.g. in case you want to complain to a privacy authority that a company didn't adequately or timely respond to your legal request).

close

Playlist

  • EP2: epoch_length

    Authored by: Darlington Kofa

    3m 24s
    Darlington Kofa
  • EP1: 'd' parameter

    Authored by: Darlington Kofa

    4m 3s
    Darlington Kofa
  • EP3: key_deposit

    Authored by: Darlington Kofa

    3m 48s
    Darlington Kofa
  • EP4: epoch_no

    Authored by: Darlington Kofa

    2m 16s
    Darlington Kofa
  • EP5: max_block_size

    Authored by: Darlington Kofa

    3m 14s
    Darlington Kofa
  • EP6: pool_deposit

    Authored by: Darlington Kofa

    3m 19s
    Darlington Kofa
  • EP7: max_tx_size

    Authored by: Darlington Kofa

    4m 59s
    Darlington Kofa
0:00
/
~0:00