Post on 20-Aug-2020
transcript
‘TRUST API’
Trust from KnowNow - A new service enabling users to stay in control of their data in realtime all the time.
Cognicity Challenge
• Cognicity Challenge at Canary Wharf - Jan - Apr ‘15
• KnowNow Cohort 1 Finalists
• we created ‘Eat Sleep Play Go’
• Resulted in TRUST API -a Privacy Data Throttle
kn-i app
- TRUST gives the user direct control over how their data is used.
- TRUST dashboard will show other apps transaction history through TRUST.
- TRUST also shows how an app provider will use your personal data.
Why “Consent”?
Empowerment
Fundamentally, consent is not “message and click” but “understand and choose”
'Consent', broadly, is about informed citizens making choices
Regulation
New EU regulations, GDPR, increase the role of consent in data protection
Consent as Interaction
Consent is an interaction problem
Goal: Propose something to user, so that they understand it and its implications, then give them a choice
Today: “Notice and Consent” (privacy policies, cookie notices)
Future: Negotiation, agents, “just-in-time” decisions, implicit consent
Consent as Interaction (2)
Challenges
– 1) Relevance: How do we know what part of processing or collection users will care about?
– 2) Intelligibility: How do we make a proposition understandable, so that relevance is clear?
– 3) Attention: Getting a user's attention is bothersome for the user. Leads to habituation.
TRUST API ArchitectureElement Source Data Point
User Reference User Db
Privacy rating Trust setting (slider)
Trust Categorisation Score Questionnaire captures and gives each user a nominal score.
Preferences slider rating based on the slider position -1,2,3,4 reflecting the level of access an app has on a user.
Categories From questionnaire - series of 4 digit numbers.
Location Phone and/or Network
Trust DB - Stores Users credentials & preferences
Element Data Source
user ID User email
Access Token OAuth 2.0 token ID (device)
social media profile users social media (API integration)
User DB - generates TRUST Token
TrustToken from User DB
TRUST API Call handler
TRUST API Call
Trust profile on TRUST DB
Users App sets TRUST in App/Device
TRUST API Token for App installed
User Device
KnowNow Cloud
Container
API Architecture Breakdown
Each user sits in their own container
User Catalog of where their data is stored
User logonCredentials(email)
inbound request with
user Trust setting
applied
3rd party app
FB
TwitterGoogle
Depending on the user Trust setting -certain information is returned
Each user has their owndashboard‘MY TRUST’
data & token for that request returned to requesting app
Outbound Token applied for that session
My TRUST app
API
Consent Artefact
Party IDs Date/Time Data Inventory Processing
Description
Expiry Provenance [ History ]
Persistent record of an interaction For both parties For technical and regulatory purposes As part of the trust mechanism
Consent Artefact
Consent Artefact (2)
Party IDs Who asked, who consented?
Date/Time When was this artefact created?
Data Inventory What data (or data sources) does the consent cover?
Processing Description What's the purpose of data processing, and what will
happen?
Consent Artefact (3)
Expiry
Is there a time limit on this consent?
– (Potentially re-consent at that time)
Provenance
What type of interaction was used to generate this consent?
Interactions are potentially modular, some may be found inadequate later on
History
Does this artefact extend, or replace, previous artefacts?
My Trust Dashboard
MY TRUST
Profile & Settings & Preferences
Who has used my data
How much have I gained ?
What benefits has the service provider obtained from my data?
Today This week Month
Citizen Focus Next Steps
TRUST API as a project in the the EU Smart Cities - Citizen Focus -Priority 2 - “Citizen Centric Approach to Data”
• Options on how the cluster can help:
– Interested developers or app’s that mandate use of a privacy data throttle.
– Legislation
– Funding
– IoT Lab exposure - hook up our Test API to the IoT lab.
– PRIPARE introduction if appropriate -http://pripareproject.eu
TRUST API - Next Steps
• Early Market Testing this Winter
– Assistance from Uni of Southampton
– Part of the UK Digital Catapults Trust & Framework Initiative
• Start the quest to secure ISO accreditation & apply PMRM to use cases.
• Secure commercial sponsorship to take TRUST API to market.
• Feedback on Citizen Focus activities
• Target - Beta launch of developer kit and test TRUST API service Winter 2015/16.
Trust Api & Standards
• Strong correlation with a Citizen Focus Objective….
– “ Consciousness of privacy and rights | Build trust for citizens right from the start.”
• Easy to understand user experience. Clear language and clear usability/control
• TRUST API uses open standards and is itself an open architecture
– PRPM - Privacy By Design methodology from Oasis
– Audit-able and open service.
– Exposing TRUST to the Meaningful Consent Project (led by WSI at University of Southampton) - http://blog.meaningfulconsent.org
• TRUST API has been put forward as a test use case within the Citizen Focus work stream
Trust Api & Privacy & Data Network Correlation
• Trust API is an innovation that meets a number of requirements.– Response to future EU legislation on giving user ultimate control
of their data.– Address concerns over tracking of how your data is used by 3rd
parties– Independent, standards based API– TRUST does not hold any user data acts as a directory/catalog
and a gateway. – Dashboard app (which could be surfaced via 3rd parties).
• TRUST API is putting empowerment of personal data and consent back with citizens.
The Team
Richard Gomer
• Richard is a researcher at the University of Southampton, where he works on value-centric technology design, in particular online privacy and consent. He is currently part of the “Meaningful Consent in the Digital Economy” project, which is studying the challenges of opportunities of consent as a means to empower digital citizens, and devising new technological and policy mechanisms to realise its potential.
• r.gomer@soton.ac.uk@richardgomer
www.kn-i.com
@knownowinfo
/knownowinfo
+knownowinfo
chris.cooper@kn-i.com
07967 275 469
@mobilitycooper