Dapp to control/monetize your data

Consent-based customer data (D)app, using smart contracts to record personal data licenses; compensating people for their data & attention

Privacy/Tech lawyer with 10Y XP in (project relevant) legal issues - consumer privacy; digital marketing; data rights & virtual currencies.

This proposal is an updated proposal from fund 5 - several responses to questions raised by the community advisors are included at the bottom of this submission. #thankyouADAcommunity for your feedback and for voting our privacy rights ledger first place in fund 5 metadata challenge! (https://cardano.ideascale.com/a/dtd/Control-your-data-%E2%80%93-privacy-ledger/350680-48088)

***********************************************************************************************************************

"From data abuse to personal data control and direct compensation" – implementing and developing on top of the Cardano blockchain a smart contract system that (i) gives people back control over their personal information and (2) compensates them for the use of their data and for their attention.

Before going into our detailed proposal, we included a short summary on the (i) team, (ii) the cardano adoption in the next 3/6 months; (iii) a summary of our existing product in which we will insert the POC under this fund, (iv) a short explanation of this proposal, and (v) what 3-6-12 months success looks like.

Team – We have a versatile team with experience in blockchain projects that is able and committed to tackle this challenge within the budget proposed.

Michiel Van Roey – tech and privacy lawyer https://www.linkedin.com/in/michielvanroey/

Rajasekaran Yogarajah – senior developer (in plutus pioneer program) https://www.linkedin.com/in/life-artist/

Luke Bragg – product architect - https://www.linkedin.com/in/lucasbragg/

Ipek Sahiner – senior engineer in tech industry https://www.linkedin.com/in/ipeksahinerschlecht/

Shawn Jensen https://www.linkedin.com/in/shawnj/ 

Cardano adoption and impact in the next 6 months - We already have a finished mobile application (2Y in development) to integrate this fund 6 proof of concept in, and are currently launching the existing Profila mobile application (iOS/Android) with 5 SME consumer brands in 3 regions (Benelux - Switzerland - Orlando/California), and are expecting +/- 1000-2000 users per month to join (via B2B2C model, as invited by brands). 25.000 expected by Q2 2022 (approx.. 6 months after the voting ends for this fund 6). 

Short summary of the Profila app (as testing ground for the smart contract POC) - Profila is a platform (mobile IOS/Android application for individuals and a web-based dashboard for companies, organizations, governments and other legal entities, we call "Brands") that enables individuals to communicate with various organizations in their lives, privately, one-to-one, and without supervision or surveillance.

People can manage their digital life in one location via an app that shows which organisations have access to (certain parts of) their personal data. People can sort all their personal information, product preferences and communication preferences and communicate with all the organizations they want to interact with in the same easy way (instead of on each individual organization's platform each time). The entire (centralized) tool is design for people to (1) gain control over their personal data; (2) choose to ethically share (or not) they personal data with organisations, and (3) get compensated if they do (in fiat). (see "Illustration 1). However, its a centralized tool where Profila as commercial company needs to guarantee what data was shared, and where payouts in fiat take time, have large transaction fees, and are only done 1x/month in bulk. 

Big picture explanation of the current proposal. Building further on the existing data sharing functionalities in the Profila App (step 2 above), we will develop a proof-of-concept smart contract system that saves all relevant information you as an individual shared with a company onto the Cardano blockchain (in encrypted form), in exchange for instant payment in ADA. If a company (mis)uses your info in breach of this (smart) contract, you will be able to use your private key to access this info yourself (without Profila's involvement), and hold a brand accountable for breaching the agreement. This way you control the narrative, you control the relationship with a brand, and their use of your data. 

Success after 3 – 6 – 12 months. Counting from the end of the voting results (October/November 2021), success after 3 months would be the developed POC for this smart contract. Success after 6 months would be the integration of this smart contract POC into our existing app and first test with our existing customer. Success after 12 months would be a full fledged deployment of the POC, used for each data subscription. 

***********************************************************************************************************************

Now let's move on to our actual (detailed) proposal (!):

1. The market explained - the current privacy problem

People interact with digital services and purchase products from Brands globally. With each interaction you directly share personal data which is used for a certain purpose (e.g. offering you a product and servicing you as a customer). You agree to share your personal data – in most cases – without knowing how a Brand will use it.

In principle, each time your personal data is collected or used by a brand, you are shown a privacy policy or cookie policy you are forced to accept. Thereby, you agree to share your personal data, without knowing how recipients will use it. These legal documents are impossible to understand.

But what can you do if Brands uses your data against your expectations, and how do you keep track of all these legal terms that governs Brands' use of your personal data?

For example: you made an online Wholefoods-account to order groceries but you now get 15 newsletters/week, and your social media feed is full of adds from companies like Trader Joe's, to who you never shared your personal data. You have no idea what you agreed to in a privacy policy with Wholefoods, and you do not know why similar companies are contacting you for products you bought from Wholefoods.

Today, you have no control over the use of your personal data. It is entirely the Brand that decides (i) when to contact you (+frequency), (ii) via which channel, and (iii) the content you receive. However, people demand more control over their personal data and are willing to take action to gain back ownership of their digital lives, but the resources to put that in motion are lacking.

That is where Profila steps in!

2. Profila today - the existing consumer App – first step towards data control and compensation

"We must work together with web companies to strike a balance that puts a fair level of data control back in the hands of people, including the development of new technology … and exploring alternative revenue models like subscriptions and micropayments" (Tim Berners-Lee, developer of the worldwide web @ CERN).

If you know how to control your data and take action against those who (mis)use it, you can demand the value that is derived from it by asking compensation.

An important step in order to get to data control, is keeping track of your personal data and who has access to it. This is taken care of by Profila's data subscriptions. Profila's data subscription contract functionality allows for people to keep track of all the Brands that access and collect your personal data; and ultimately receive a compensation from Brands that subscribe to your data.

Via Profila's web-based Brand dashboard, a Brand can send a "subscription offer" to their existing customers or potential new customers, in which the Brand can detail which of your personal information in your Profila App (one source of truth with your contact details, communication-, product preferences) they ask access to, and in which they propose to you some key contractual terms in relation to your interaction; a.o. (1) the specific data they require, (2) the duration you grant access; (3) the purpose for which the Brand wants to use it; and (4) the compensation you receive in exchange.

Our process makes sure the Brand explains the contract terms in understandable language, so the consumer knows what he/she agrees to. Our revenue model is 50/50, meaning that every USD that a Brand pays for accessing your personal data (and showing you its products/services), we share 50/50 with consumers.(Please see the illustrations 2 "Smart contract visual" and 3 "Subscription payment visual").

If you do not agree to these terms, you remain anonymous and the Brand will never see your personal data. If you do agree to these terms, you essentially click "accept" and both parties conclude a data subscription contract. Payment is made by the brand at intervals throughout the contract terms (usually monthly), on the conditions that the consumers' personal data is kept up to data, and the brand can also access additional data about the consumer's preferences for certain products and services relevant for the brand.

E.g. Wholefoods pays Alice 12 USD/year (1 USD each month) to access her (i) personal data (email, phone) (ii) preferences about food (vegetarian, bio-products, lactose intolerant) and (iii) communication preferences (Alice would like to receive discounts/product info via WhatsApp). This helps to serve her better. If Wholefoods listens to Alice, she will be a happy consumer. Alice gets good products and services and receives a compensation for the use of her personal data by Wholefoods. Each advertisement she watches from the Brand in Profila, Alice gets paid. If Alice wants to know in the future what she agreed to, she can easily verify the terms of her relationship with Wholefoods in her Profila App (under the Wholefoods data subscription). If Alice want's the relationship to stop, she can end the contract and exercise her "right to be forgotten" (via the privacy rights functionality in the Profila App, see our metadata challenge submission in the first sentence of this proposal), so that Wholefoods is legally required to delete her personal data.

Conclusion: these subscriptions help brands with their privacy compliance + get to know you better; and these subscriptions help you control your data, get compensation, and receive only those messages from brands you care about, via the channel of your choice.

3. Profila tomorrow – the Catalyst project - implementing data subscription contracts on the Cardano blockchain in the form of a smart contract, and using ADA for micropayments

What do we seek to improve via this Challenge?

Issue 1 - "centralized contract management" – each data subscription contract (including the specific terms) that is concluded between an individual Profila user and a Brand today, is only saved/stored by Profila in our IT environment and can only be enforced by Profila or its existence proven by Profila. Profila as a commercial entity is therefore guaranteeing that a data subscription exists, what terms it contains, whether terms are abided by (e.g. payments made or request received).

Profila needs to monitor if money is paid by the Brand, and if personal data and other commercial data by the individuals is filled in/updated. This is a liability for both contracting parties, who would need to trust Profila.

Profila, as a commercial company, would have to actively step in as arbitrator/mediator, and guarantee this level of trust that a transaction took place/contract was concluded + terms thereof. However, we only want to provide consumers with the tools to control their data. The trust and consensus that a transaction took place or contract was made needs to come from the community of users.

Issue 2 - "low-value; high volume payments" - The data license fee and any other fees for attention to be paid to users are currently setup using Stripe, which is not ideal for sending very low-amount, high-volume instant payments worldwide. 

What is Mitsubishi, as a Japanese brand, needs to pay a US consumer on Profila for a data subscription (let's assume 2.4 EUR per company per year, paid on a monthly basis)? We would have to bill Mitsubishi 0.20 USD for the monthly subscription and transfer our US customer 0,10 USD (50% of the revenue). This takes time, administration, and will include large payment processing fees (compared to the amount transferred). Considering the number of customers of the Profila App (25.000 expected in 2021; 78.200 expected in 2022), payout models like Stripe are too expensive and do not scale. We have setup monthly payouts to consumers (in bulk, for several activities with several brands combined) to reduce costs of transferring money, but we would want to be able to instantly pay a consumer without many transaction fees.

What do we seek to create in the POC under this Challenge?

Under the Catalyst project fund 6, we want to tackle these 2 issues by including smart contracts (which executes themselves and don't require Profila as intermediary monitoring entity) and paying the compensation out via ADA.

First, we will include the relevant elements of a data subscription in an immutable (Cardano) blockchain ledger. The POC will show on the ledger all contracts you concluded with different Brands, showing every authorization or consent you gave to each company for the use of your (personal) data.

Nobody would be able to tamper with this information. If a company misuses your data, you can make them accountable by referring to the ledger entry. You can even use the information in the blockchain to file a complaint at a national data protection authority, showing them what you agreed to, and how the company actually (mis)used your data. This is control.

IMPORTANT - We do not put the actual personal data on a public ledger, but only an identifier of each participant (hashed/deidentified) and the actual terms of the contract (e.g. Parties= YT132 and ZW345; Shared information= email; Period= 3 months; Payment= 1EUR etc). This entry provides proof the "EVENT OCCURED" but doesn't show the actual people involved nor personal data shared. When either of these 2 parties wants to proof this in the future, they have the underlying information (private keys / certificates) to show the actual data that was exchanged. If third parties need access (e.g. privacy authority or courts), then the ledger provides proof of the event, and the parties can then share the actual documents that were exchanged. The public blockchain however will never hold the personal data.

Second, we want to integrate cryptocurrency payments using ADA, so that people can receive instant micropayments for their personal data and attention if the terms of the smart contract remain fulfilled.

What other challenges are ahead in our "Zero-knowledge advertising & insights" development roadmap?

This smart-contract project is only the first step into our broader Cardano technology adoption and integration around zero-knowledge advertising and insights, which all relate to the control of your personal data and your attention by you as an individual. Under the next funds, we want to submit additional project proposals for important features we want to develop as part of this effort:

- step 1 - personal data license smart contract - this is part of the present submission.

- step 2 - privacy ledger – This will include a ledger for all privacy interactions via the privacy rights management platform. UPDATE - We have submitted this proposal under the "metadata challenge" of FUND 5 and received the first place! #thankyouADAcommunity. See here for our proposal: https://cardano.ideascale.com/a/dtd/Control-your-data-%E2%80%93-privacy-ledger/350680-48088. We will keep you posted on our progress.

- Step 3 - digital ID (for FUND 6) - Atala implementation – If you want to control your data online and receive (financial) compensation for your data, it is important you can provide proof of your identity. Atala Prism is the perfect solution. By integrating Atala, we can better guarantee that the correct person is sharing information and is receiving payments. We are sending in a submission in FUND 6 challenge "Atala PRISM DID Mass-Scale Adoption", https://cardano.ideascale.com/a/campaign-home/26116

- step 4 (for FUND 7 or later) - zero-knowledge proofs - personalized ads with respect of privacy - using zero-knowledge proofs in order to allow a brand to advertise to the "perfect" consumer (meaning to the exact target audience consumer, which exactly matches the specific offering/message a brand wants to share), without sharing ANY personal data with the brand. Stay tuned for more information!

4. Practical aspects – "show us the money" – costs

Via this submission, we are requesting funding to develop our data subscription POC. Creating a first proof of concept (POC) of a data subscription on the Cardano blockchain, will require at least a budget of 46.850 USD for a 3-month development project, to be allocated as follows:

- 20 days of senior blockchain developer @ 900 USD per day – totaling 18.000 USD

- 25 days of web/backend developer @ 400 USD per day – totaling +/- 10.000 USD

- 25 days of app developer @ 400 USD per hour – totaling +/- 10.000 USD

- 9 days of legal work (draft contracting language + verify privacy concerns with data on blockchain) @ 950 USD per day – totaling +/- 8.850 USD

We are currently already preparing for the development of this solution – which we are trying to pre-finance – because we believe this is a very important functionality in the control of your data. We expect the solution to be ready by the end of Q4 2021, so that we can test it with the companies that are now using the Profila app with their consumers.

Who will be the senior blockchain developer? We are currently in communication with IOHK's professional services department (option 1) and are "seeking" in parallel a blockchain developer in the Catalyst community (=those who are interested, please contact myself or Shawn).

5. Practical aspects – "getting on the road" – GTM; geographical focus; target customer

At the time of the submission of our application to Catalyst Fund 6, the development of our Profila App is finalized and we are onboarding/setting up 5 small and medium enterprises (SME) to trial with their existing consumers. This section explains more about our GTM, ideal location, target customers etc.

(1) Go-to-Market – our Go-to-Market is B2B2C, namely working with brands to invite their existing consumers onto the Profila App, as a new communication channel that is privacy compliant and consumer centric. As part of the onboarding process of these brands, we work together with them to design a promotional campaign via email/social media, via which they invite their best customers to engage with them via Profila.

We have signed up 5x SMEs in 3 regions (see below), who in total have around 500.000 existing customers all combined. Considering that we expect 5% of this customer base to accept the invitation and join Profila, we foresee 25.000 active Profila users in 2021 (Q1 2022). According to our active brand onboarding efforts, this should grow to 78.000 by the end of 2022 (by adding more brands).

(2) Geographical focus market? We are launching the Profila App with 5 SME Brands in 3 regions in Q3 2021 (Benelux - Switzerland - Orlando/California).

(3) Ideal consumer segment? – privacy-aware and digitally savvy "Millennials" (adults between the ages of 22 and 39 years old) that are ware that they have rights to their personal data, but do not yet have an easy tool to control it; and "brand-loyalists" (consumers that have an affinity with the brand and would like to have a closer 1-1 relationship).

(4) Ideal SME segment? – SME companies in these 3 regions that respect consumer privacy and want a better relationship with their consumers, with a prime focus on SMEs in the following industries: (1) fashion, (2) travel, (3) leisure/recreation.

(5) Marketing, Website & social media presence – We have focused our 3-year research and development phase (as well as our funding) on the development and testing of our consumer app and brand dashboard and have – on purpose – not made much noise about our project until now. Now that the first product is ready and being tested, we are starting a first marketing campaign on LinkedIn https://www.linkedin.com/company/profilaprivacy (B2B, attracting new companies that want to have a different relationship as described above), we are rebuilding our Website www.profila.com (new version expected end of 2021), and will start a consumer campaign on social media focusing on our ideal customer target (see above).

(6) Brand adoption of our solution. Why would brands change their current data use model? The strategy many companies adopted for a while now is big data collection and full use of their data as they please. However, there are many reasons why the tides are changing and a model such as ours will (have to be) be adopted by brands. Just to highlight a few:

- inaccurate data - research shows that many brands hold inaccurate and outdated data, which doesn't help brands serve their customers well but on the contrary poses a bigger risk for data leaks / privacy breaches. CRM systems need accurate personal data, which can only be kept up to data by (and with the consent of) the individual.

- pressure of regulation - recent privacy laws adopted over the entire world (GDPR in Europe, CCPA in USA, LGDP in Brazil, POPPI in SA etc) are making it impossible for brands to continue their existing data collecting practices. Data subjects rights, transparency requirements, data minimization obligations all push brands into our direction.

- promising feedback and testing - The MOST important reason why we believe in our model is our conversations with big brands over the last 4 years. The third slide in our PPT deck attached to this proposal shows a few of these brands that we spoke to. in short: Brands seem to get it. They get it that their data is inaccurate, that they don't really know what their consumers want and how to approach them most effectively; they get it that the new model requires an interaction with their customers. We are now setting up trials with several brands and are confident the (test) data will show that by listening to consumers, they will get a better understanding of how to treat their loyal customers better.

6. Intellectual Property information (freedom to operate; IP registrations; contracts)

As an intellectual property lawyer, I made sure that all Profila's intellectual property (IP)-assets are documented/protected:

First, we have conducted a thorough freedom to operate study and patent landscape analysis with the Swiss Innovation Agency, to make sure we are free to develop and commercialize our current technology without infringing on third-party rights.

Second, we have filed for the necessary trademarks that protect our logos and trade names in commerce.

In addition, we have a solid contractual framework in place with all of our suppliers, employees, contractors and customers. All parties involved in our day-to-day activities are doing so under a contract, which include the necessary IP transfer-, confidentiality- and non-compete obligations that protect (and collect) our company's intellectual assets. As part of that, every contracted developer has assigned all IP rights to the Profila App to us, which we will also require from developers working on this project.

Finally, we are looking into open sourcing the majority of the technology (code) developed under this project and will assess (and take feedback) on an ongoing basis which components would be of interest to the community.

7. Defining success

The POC we will develop under this Catalyst fund 6 submission will add important functionalities to our consumer App – which is being tested on the market during the next 6 months. The POC will also advance our mission and vision to provide people with control of their data and compensation for their attention. Success of the POC would be that we can integrate it into our existing App with one of the 5 SME brands that are testing, and make sure it works with their consumers, and their consumers can get paid via an integrated or linked ADA wallet.

8. Responses to some concerns by the CA's under FUND 5

We want to end our proposal by thanking the community (advisors) for their numerous great feedbacks during the review phase of our proposal under Fund 4, where we submitted this first step in our "zero knowledge advertising and insights" project called "Dapp to control and monetize your data". https://cardano.ideascale.com/a/dtd/Dapp-to-control-monetize-your-data/341501-48088.

We are very grateful and humbled by score and feedback we received from the reviewers, who showed they read our proposal in detail and who provided valuable feedback. #thankyouADAcommunity

We wanted to briefly respond to some open questions of those who made some reservations, and have included the advisor's questions as well as our responses in the PDF attached called "CA concerns and Profila remarks".