Developers — move your apps towards GDPR-compliance, easy, fast & free
If your work is even remotely related to the field of data, you’ve heard of the General Data Protection Regulation (GDPR). In a nutshell, GDPR requires businesses, among other things, to get consents if they want to use personal data for cases falling outside of providing core services. For instance, if you want to profile your users and send them targeted offers. Since this is basic stuff, it shouldn’t take too much effort — it should be seamless. But it’s not always.
A free, fast and easy way to get consent for your apps
That’s why at Datafund we’ve developed a Consent Receipt Suite to specifically address this problem. Our open-source library, developed in collaboration with Sitra and based on the specification provided by the Kantara initiative, gives developers an easy and cost-effective way to make their (existing) apps use a fairer system for consents. Giving both parties the option to save a signed copy of a consent receipt raises trust in the exchange and use of the personal data.
If you’re a developer, you can use our open-sourced Consent Generator and Viewer modules to help you generate and display consent receipts to the individual. The modules are built with React and can be integrated into your apps.
Demo app videos show:
1. Consent Receipt Generation
2. Blockchain and Decentralised Storage Related Functionalities
The process is two-part:
- The Generator will help you structure the consent and what the individual will see. As input, it takes JSON project files, that can be prepared in advance by an appropriate department as templates and used for a specific scenario.
- The Viewer will present the proposed or saved consent receipt to the individual. Individual can reject the proposal, or accept and sign the consent.
In the end, both you and the individual will get a “consent receipt” file — it’s a record of what data both sides exchanged and for what purposes. We call it “a consent that you can touch”. For example, an individual gave your application data about his/her weight, gender and age and you agreed that you’ll only use that data to determine what kind of sport shoe proposals he/she will receive in his/her email. This way, both sides get the same record of the “agreement”. Having both sides access to the consent receipt equalizes the control that can be exercised, increases transparency and is, well, the only fair way to do business.
The consent receipts can be stored by each party in its preferred location. But the Consent Receipt Suite includes integrations with Swarm decentralized storage and Fairdrop Dapp, meaning consent receipts exchanged this way are immediately visible in a special folder inside the Dapp. In this way, Fairdrop can already be used as a simple consent management system for individuals.
Don’t let data become your liability
The Consent Receipt Suite is built on top of a consent receipt schema, developed by the Kantara initiative as part of a multi-year project, to build a GDPR-compliant receipt. This is the de-facto standard in the field of consent receipts, meaning you are gaining a certain guarantee of interoperability with other applications. And it gives you, as developers, an easier way to keep on top of the legal requirements.
Efforts are also under way in Kantara, to create a more general form of a “data receipt”. The idea behind the data receipt is, that even data usage that is not based on consent should be recorded in a receipt. This way the individual would gain even greater control over how his/her data is used.
Keep it “clean”, get compensated
We also see this as a prerequisite for the emerging consent-based and fair data economy, since it makes data monetisation a lot easier.
For example: data receipts, that an individual keeps in his storage, will clearly show that your app keeps some geolocation data about him. App B needs this data to get to some insights about why the individual is getting worse hay fever every Friday afternoon. The individual gives app B permission to access the data in your app (via a consent receipt) and you share it with app B, while getting compensated for keeping the data curated and available.
Datafund’s roadmap is aimed at building the pieces needed to enable the fair data economy through Fair Data Society principles. Consent receipts are one of the first building blocks necessary.
One of our next steps will include building upon the Consent Receipt Suite to enable decentralized consent lifecycle management — handling the giving, revoking and updating of consents in a decentralized way, not relying on trusting any one intermediary.
Secure your place in the new data economy
We are not yet there, but by using standardised modules, like the ones in our Consent Receipt Suite, you are also future-proofing your stake in the new data economy. And the whole thing is open-sourced, so upgrades from third parties can be added or developers can make their own. So, try it out, what have you got to lose?
Help us make it even better
To keep improving the Consent Receipt Suite, we need your feedback. (There’s nothing our developers like better than seeing a new bug reported in Github;) If you like the product, please, share your experience with us and let us know what we can do to make it better.
Any helpful ideas, suggestions or issues are most welcome. You can contact us through the channels below:
