Open in app

Sign in

Write

Sign in

Tokenomics

How Ethics as a Service Will Accelerate Your Business

Privacy Co-op Media Staff
32 min readFeb 28, 2022

For the brief one-pager, click here: Tokenomics — One Pager

Houston, We Have a Problem

Decentralized finance is having a seismic global impact on businesses. Recent attempts at harnessing the rapidly increasing revenue from traditional architectural components such as federated identity or consent management have been problematic and typically have been abandoned. Most critics agree that this new DE-FI phenomenon is rife with the potential for corruption, and lack of trust has slowed or even thwarted adoption at scale. Even though it has a weakness, it still brings a greater threat as it upends traditional markets and previous corporate leaders.

The Rise and Stall of the Data Economy

We have been filling in the blank for decades, “_________ is the new oil.” Over the years, we have stuffed one noun after another into its void.

  • The Internet
  • Client/Server
  • Apps
  • API
  • Data
  • Big Data
  • Blockchain

At every turn, we have been met with disappointments and failed expectations. Why? Because we all missed the deeper shift that occurred at the root of it all. You are the new oil, and every business out there is in the refinery business. You are putting out gigabytes of data every day, and it’s being collected by every platform, app, device, transport, and sensor with which you come in contact.

And while you own the information rights for any information contained within that data, a clear and repeatable framework of tools and rules for ethical co-management of those rights equivalent to ownership remains elusive.

You can’t get in your car without your seats weighing you, primarily to determine whether or not to deploy the airbags in a crash, but secondarily, so that the car manufacturer can sell your weight trend analysis to your health insurance company.

The root we all missed here is that we have shifted from a global consumer-driven economy where customers buy cars to a producer-driven economy where they sit in seats and produce data for the car company to sell. Most importantly, we haven’t updated our ethics (tools and rules) accordingly. We are careening through a new economy, driving faster than is safe, and without consistent guardrails. Any existing tools and rules were created with a consumer-driven market in mind and are largely no longer dependable.

When we speak to executives, 60% tell us that they are already mining, refining, and selling data (more cleverly stated, “granting access to insights via external marketing and analytics”). When asked if that’s OK with their customers, 86% tell us that, “It’s alright…our customers trust us.” A tad naïve…we feel. But, when they are off the record, 66% of them confide that they are not being very effective with their transparency.

Given that we may have missed this seismic root-shift to a producer-economy and focused rather on vertical technology breakthroughs over the past two decades that turned out to be organic outshoots from that root, we have suffered stall after stall in realizing promised business potential. These stalls are further fueled by what we now call “disruption” — once coveted, now dubious. With every new set of clumsy messaging cobbled together to convince our customers and investors that we have tamed the technical fad du jour, only to drop it by the wayside for the next shiny fad, our customers…our producers, rather…grow increasingly distrustful and grieved.

This landscape of business is now devolving into a dystopian world of disillusioned producers that move like transient migrants from business to business — making our churn charts look like studies in geometric growth. Stickiness is all but gone.

Not too long ago, a telco created an innovative service, offering it for $100 per month, but if you opted-in, they would discount it to $70 per month. In early stats, 100% of the customers opted-in, a huge success story–that is…until the Wall Street Journal ran a headline that they were, “…charging $30 per month for privacy”. The company suffered a severe PR black eye and pulled the plug on the product after losing a sizable investment.

Add to this bonfire of inflamed producer-cynicism, social media sites driven by AI to maximize profits and addictiveness, taking steps like segregating and even censoring cohorts of platform users (their producers) while hiding behind Section 230 of the Communications Decency Act and other regulations like it around the world that remove all concerns of liability for them, and we have a producer work force that has lost its patience, thus making consent, especially affirmative express consent, a growingly elusive unicorn.

Can your business take such actions against cohorts of producers and not risk liability? Is your business so protected by government regulations or does this give these other businesses an unfair advantage over you? Have some of these tech giants already crept into your industry to unfairly compete with you?

“Grievance for Harms” is a Legal Cause Bar Too High

While revenue-starved governments around the world rush to replenish what a global pandemic robbed from their coffers and expand data taxes in the pious name of “privacy regulations”, the risk to businesses attempting to monetize data in an ethical way are increasing in complexity and punishment. Add to this a rise in statutory actions from AG’s wanting to make a political name for themselves, as well as civil actions in the form of class action, and the costs of competing in this new producers’ economy may be outpacing the profits.

Research has shown that businesses are routinely spending as much as $6.5M on legal and technical analysis of any serious data product to ensure avoidance or acceptable mitigation of risks before writing a single line of code. Imagine that…$6.5M for words on paper.

For the producers that feel that they can’t afford a lawyer to individually represent them, they are increasingly taking what actions they can to opt-out and then spend increasing amounts of time complaining with friends and family about the abuses from these businesses. Researchers from Cisco and the Harvard Business Review call these people “Privacy Actives” and according to their numbers, they make up 32% of the market and are growing. This creates an eroding effect on adoption rates for new tech outshoots. Each new technical fad du jour is costing more and more capital outlay to safely tame with ever-decreasing ROI as a result.

The Vice Clamp of Data Greed

Lastly, while infrastructure service providers’ B2B customers (the refiners of data oil from the world of producers) feel a bidirectional squeeze from A) pressure to compete with the 60% of their industry already selling data, and B) complicated and conflicting government regulations (taxes) if they should stumble, infrastructure service providers are feeling pressure from upstart competition that drafts off their decades-long, massive infrastructure capital outlay only to re-use that infrastructure to offer products just as good at half the cost.

There can be no differentiators in any of this without consistent and easily adoptable ethical tools and rules — and currently those don’t exist for the producers’ economy.

Executive Overview (TL;DR)

Five W’s and an H

Who and What:

Tokenomics is emerging with the most gravitational cohesion, drawing world-class vendors from different disciplines because it offers at its core an approach to managed service architecture called Ethics as a Service (EaaS). Through the magic of the gears working together, it provides adopters with features, benefits, use cases and revenue opportunities that they did not have before.

Privacy Co-op, an authorized agency representing information rights of members, joined by ForgeRock, Hedera, and Pryv, have all joined Dojo Partners, who is acting as System Integrators leading a number of service providers to define and build out the 1.0 version of the Ethics as a Service (EaaS) platform.

Participating businesses may supply functionality in one or more of the following architectural disciplines. Each discipline is designed to ultimately be non-exclusive. Initially, at least one company has been identified to build out all functionality within each discipline so that all applicable interfaces and agreements can be identified, normalized, and standardized.

When, Where and Why:

The goal of 1.0 is to create a Minimal Viable Product version of the EaaS platform to support throughout 2022 a handful of early adopting affiliates/sponsors to deploy for real-world test cases, Proofs of Concept, and to generate enough revenue and value to support a 2.0 version in 2023.

To undergird this work and drive funding, an initial 0.1 version of this, a “hello world” version for demonstration purposes was created and deployed February 2022 in Azure cloud so that it could support breakout sessions at Mobile World Congress and other trade shows in Q1 and Q2.

The Emergence of Tokenomics:

Tokenomics is emerging with gravitational cohesion pulling together the best solutioning for Ethics as a Service (EaaS), drawing world-class vendors from different disciplines because it offers at its core an approach to managed service architecture. Through the magic of the gears working together, it provides adopters with features, benefits, use cases and revenue opportunities that they did not have before.

How does this help approach the whole world of Data Brokerage? There are many different ways to play a role:

  • Companies can have their own service (coin), or not
  • They can participate in loyalty programs by brokering data
  • Sponsoring a cash app such as a wallet
  • You can have an ethics policy

All of these, and more, become immediately viable with Tokenomics and EaaS, as they tie them all together with a transparent trust framework with all forms of coin at the heart. Coins of various types operate independent of identity and how they represent merchants and people and how those two come together.

Tokenomics brings higher customer engagement and enables an ecosystem to ethically trade data for “points” for either the business, the customer, or both.

EaaS Consent takes a righteous stand on data ethics and positioning ethical data monetization, which has not previously existed at scale. This is all managed by Authorized Agents certified by the platform to provide greater trust as consumer advocates, and driven by a central architectural component known as the Consent Name Service (or CNS).

Coins can also be adopted by affiliates of the platform and enroll through that coin digital relationships and transactions. This now provides something they can provide back to subscribers, or members of the platform, who can then enroll in distribution of the points, or exchange of currency with different resale partners or other types of partners that the affiliate already has.

This then naturally brings the ability to broker these values with the advent of consent as well as Federated Identity that can supercharge the member’s identity to provide a nicely packaged transaction and automatic enrollment into partners.

How:

The large architectural disciplines involved are:

  1. Authorized Agency (AA): a nonprofit information rights advocacy managing two agreements
  2. Identity and Access Management (IAM)
  3. Affiliate: any company that wants to adopt EaaS and optionally deploy into a cloud infrastructure.
  4. EaaS Enhanced Containerization: provides standardized API to a business’s existing application.
  5. Distributed Ledger: 1) specific to an Affiliate’s needs, 2) shared service for exchange
  6. Consent Name System (CNS)
  7. Altruistic Proofs of Concept (initially opt-ins for Covid Tracing, Missing Persons Human Trafficking (Amber Alert 2.0), Emergency Health Record Service)
  8. Communications for Consent Backhaul

The role of large consulting firms

As we go through this process, we will be capturing

  1. an exhaustive Open API
  2. best standards and practices for management, technical, and audit tracks
  3. knowledge and wisdom and why and how things are done

With this compendium, any consulting firm can invest in broadly learning all the material and developing the best ways for corporations in every industry to adopt EaaS as affiliates, services providers, or both.

The role of insurance companies

As companies come on board as affiliates, they will greatly mitigate their risk of costs like regulatory fines and the like. But no approach can completely remove risk. As we believe that affirmative express consent is the silver bullet that brings immediate global privacy regulation compliance, any sovereign government may decide to take action against any business. This opens the door for shared risk with a likely expectation for a win in court.

As this system provides consent suitable for both Big Data (operational) or Transactional data use, and as we have shown consent can be even session-based, it’s conceivable that new insurance products can emerge to align with these. For example,

  1. If a company pays $1 for 10 opt-ins, and would like to purchase additional insurance, perhaps the AA could offer a rider and the total becomes $2 for 10 opt-ins. The insurance provider could include:
  2. Covering attorney fees up to $1M if hit with a regulatory fine (like fire insurance)
  3. Purchase the value of the commodity in the relevant information rights and then through a separate contract with the country, settle and gain the value for themselves (like political risk insurance)

Participating Organizations

Sponsors and/or contributors include Dojo Partners (SI), ForgeRock (IAM), Pryv (EaaS Enhanced Containerization, Hedera and Mobillion (Distributed Ledger), Privacy Co-op (AA, and CNS), Verizon (Communications for Consent Backhaul).

Still to be filled: Affiliate Testers

Implementation

All of this culminates in an extreme member-focus and provides them with unparalleled experiences with cash incentives, NPS-generating benefits, high engagement, extensible membership, tiered reward services, points gamification, 1:1 marketing/dialog, and more.

The EaaS platform, already in development with some components already in production and onboarding affiliates now, is a cloud-based managed service platform that uses DE-FI technology to monetize subscriptions and participate in the new token economy, or Tokenomics.

This platform consists of seven areas of discipline, and while they each already exist to some degree in many different forms, EaaS requires an API normalization and adoption so that ethics can be seamlessly integrated throughout. The underlying goal is that many existing vendors can quickly onboard their own tech for a growing list of adopters, making for a thriving ecosystem.

The seven areas of discipline and their early providers are:

  • Data Brokerage and Transaction Managed Service (SaaS): Dojo Partners, GSMA
  • Operator Cloud: Azure, GCP, and AWS
  • Secure Authentication: ForgeRock, Private Identity
  • Consent: Privacy Co-op
  • Distributed Ledger (Hashgraph/Blockchain): Hedera
  • Digital Wallet: Mastercard, Greenfence Consumer
  • Container Ethics API: Pryv

Existing functionality

Configurable Identity and Access Management that supports session-based consent and supporting tokenization of DAO NFT (more on this below) as well as the ability to transactionally store nonrepudiation data in the cloud as well as on the distributed ledger.

Effortless registration flow for new members logging into affiliates for the first time.

Automated scoring of privacy policies, and automated ability to support opt-out notifications, as well as interfaces to access and leverage affirmative express consent (opt-in).

The CNS that resolves requests for combinations of data uses for any list of subjects in any combination of jurisdictions, and that can be used either transactionally or operationally even by Big Data requests.

Functionality to support establishing affiliate treasuries and subsequent minting of various forms of coin, supported by smart contracts for managing exchange rates with partners.

Wallet technology and standards to convert existing apps used for collecting payments into apps that can receive and manage loyalty bucks.

The Tao of DAO

What Is a DAO? (And What It’s Not):

As mentioned previously, affiliates that adopt EaaS can provide back to subscribers, or members of the platform, enrollment and distribution of points, or exchange of currency with different resale partners or other types of partners that the affiliates already have. The points or value of consent is represented in another form of crypto coin made possible through the platform known as DAO NFT.

DAO NFT are a special kind of coins minted by the platform when A) customers declare their consent elections, or B) when companies license their affirmative express consent.

It has been said that a DAO (Decentralized Autonomous Organization) is “a group chat with a shared bank account.” There’s a lot of truth to that, but we need to sharpen the guardrails a little.

Distributed Autonomous Organization (DAO): a self-formed group of individuals with a common interest in a commoditized representation of some value with leverage, and that representation taking the form of an immutable tokenization of some sort in some distributed ledger technology and their proof of being a party thereof.

In recent months, DAOs have been popping up all over the place, and already some estimate that as much as 2% of the world economy has been absorbed and is now so represented. Naturally, refinery businesses and service providers are scrambling to find a way to tame this new technical fad du jour.

But…they can’t.

You see, if your business establishes a group of individuals to share a common interest in a commoditized representation of some value with leverage and you intend to manage them…you would be creating Centralized Managed Customers, or better stated, anti-DAO.

DAO must be “self-forming” at its core.

So, how can businesses faced with all the above stated problems attempt to solve them by releasing control of value and leverage? This seems very counterintuitive, and thus likely why we missed the root-shift to a producer-economy in the first place.

Enter Ethics as a Service (stage right):

Allow Myself to Introduce…uh…Myself (What is Ethics as a Service)

Ethics as a Service is a new, standardized platform architecture that facilitates two different classes of self-forming DAO tokens known as Class A and B. Any business that adopts EaaS becomes an affiliate of the platform by virtue of signing the affiliate agreement and any human that joins the platform becomes a member by virtue of signing the member agreement through an authorized agent. Nonprofits certified to represent the licensing of the members’ consent become authorized agents (AA). Businesses that provide technical solutioning for one or more architectural disciplines will become service providers.

Don’t worry — your stuff is going to work in the architecture with very little cost/time.

In addition to the DAO tokens, the platform standards support the ability for affiliates to create their own value tokenization (e.g., loyalty bucks for their own customers, which can be members of the EaaS platform) using whatever EaaS compliant distributed ledger technology they choose. Also, these platform standards will support the instantiation of an exchange service for these affiliate tokens through a common distributed ledger service as defined by EaaS API and utilized by smart contracts.

The EaaS platform is not owned by anyone. It is governed by standards, largely established by the cunning use of the aforementioned two pieces of paper: 1) the Affiliate agreement, and 2) the Member agreement. This leverages existing law and conforms to 100% of the privacy regulations presented so far by 238+ jurisdictions worldwide. It is then further defined by time-boxed and evolving licenses in the form of smart contracts represented by the two classes of DAO tokens. The platform is built out by solution providers from various required disciplines who bring functionality defined in the architectural disciplines normalized by using the established interfaces and agreements. And it’s stewarded by AAs in compliance with their certifying authority.

Using existing EaaS tools and rules, one token from Class A self-forms when one or more members opt-out of an affiliate using their data for “secondary purposes” as defined by the affiliate’s legal privacy policy. No new law or technology needs to be created. These members become party to that token by virtue of their opt-out. Class A tokens with the appropriate attribute settings can be licensed exclusively by producer advocate organizations wishing to seek remedy for any harms (e.g., a class action law firm) per any torts that may apply such as Peeping Tom, Misappropriation, Publication of Private Facts, Defamation of Character, and the like.

Another token from Class B self-forms when an affiliate joins the EaaS and agrees to license the affirmative express consent for the secondary use of information that is present in the data they have already collected, spelled out in their legal privacy policy by virtue of the affirmative express consent present in the member agreement and represented by the specific Class B token issued.

The EaaS will present an approachable disciplined architecture, a stained-glass mosaic if you will, where your business will easily find itself represented in one or more of the disciplines as either an affiliate, a service provider, or both. The minimal standardized interfaces and agreements between each are built to be extremely easy to adopt — in most cases through mere configuration of existing software.

Through your business’s adoption as an affiliate of EaaS tools and rules to shift into the emerging ethics of the producers’ economy, our goal is that you will immediately be able to

  1. ethically monetize the mining, refining, and sharing in the value of the members’ information already contained within the data you already possess
  2. to do so without spending large sums of money to study legal risks as you will instantly garner affirmative express consent that conforms with all studied regulations around the world
  3. leverage any compliant distributed ledger tech with which you wish to generate your own crypto value, which can then be ethically exchanged through the EaaS interfaces and agreements for the same from any other business adopting EaaS This will bring back stickiness as a measurable and growing component of your business plan.

How EaaS will Save the World

You’re a producer also, and as a human being working for all these companies without a salary, benefits, or insurance, you want transparent representation with quick ability to cast your consent elections, and gain some value and protection from an ethical framework that has your best interests in mind.

As a business, customers (your producers) own the information rights and are becoming increasingly aware of perceived exploitation across all industries and have actionable grievances.

Governments around the world are seeing the shift within your industry to monetize secondary uses of data and they want to increase their share of it through increasingly challenging privacy regulations.

Your in-industry competition is leaping out in front of you monetizing data, the profits of which may be eclipsing your primary revenue.

Businesses from other industries are threatening to invade your space, leveraging your existing infrastructure capital outlay to compete with lower overhead, and you have no ability to differentiate yourself.

Crypto is all the rage, and you’d love the ability to generate, and even exchange loyalty or other value with other businesses, but developing those relationships are time-consuming, expensive, and prove rarely successful.

Your firm is looking for a new reason to revisit your existing clients to offer new products and services and to have a reason to reach out to new customers as well.

By adopting the following EaaS standards, you will be joining an emerging worldwide community of businesses and people that are working together to grow a global community of consent and together, we can effortlessly solve all of these problems and more.

Your Business Cares…. Why?

Think of everything said up to this point as an ocean of risks and opportunity for your business, and you are just leaving the harbor.

There are perils on the left — governments around the world have discovered a new tax revenue they call, “privacy regulation fines.” Some of your customers want to opt-out and you must honor those consent elections. One screw-up could cost you billions in fines. On the right — your competition is ahead of you and you are playing catch-up. You need velocity to escape their wake and your customers’ opt-ins with affirmative express consent would certainly bring you confident speed.

The EaaS platform supports issuances and minting of various types of crypto currency. Your business may be interested in your own “Loyalty Bucks”, which certainly comes with EaaS. But we are going to leverage another type of crypto to help you safely and swiftly move into the data monetization horizon and the ocean of opportunity that awaits you.

The EaaS has Authorized Agents that help standardize and bring sanity to the otherwise wild turbulent waters of consent management. The platform has already established a treasury and issuance of two very special classes of NFT tokens. Each one is fractionally owned by a very specific, self-formed DAO.

The first self-formed group revolves around your business and those of your customers that may opt-out. Our experience thus far suggests this number to be less than 2% of your customer base.

With Eaas, your customers’ opt-outs are actually an ethics buoy that helps you avoid government fines. When the first customer opts-out for your business through an EaaS certified Authorized Agency, the platform mints a new DAO NFT Class A Token which is fractionally owned by them and any other customers that opt-out of your business using their data for secondary purposes listed in your own privacy policy. The moment a new opt-out is cast, the overall token takes on one of 4 states.

If you simply honor those elections, it puts the token in the state of “Honored”. This zero-rates the DAO NFT Class A token for your business and no corrective actions are warranted. You sail safely past the government reefs that could sink your boat.

But if your token is in any of the other three states, an outside advocacy, such as a class action firm, could exclusively license the use of that token and represent that self-formed DAO class in harm and remedy actions against your company. This is actually a good thing because it brings guardrails to an otherwise unquantifiable risk — there will be only one advocate that you will need to work with or defend against representing all of your customers in this state.

This is also good for the customers because it automates a process that would otherwise be too cumbersome and costly for the average customer to shoulder alone.

Meanwhile, on the right, you need speed. When you sign the agreement to onboard with the EaaS platform, a new DAO NFT Class B Token gets minted for your business which is fractionally owned by all of the members of the platform (your customers and potential customers) and represents their existing individual affirmative express consent. This forms an ethics buoy on the right that can gain velocity for your business which is now sailing in the right channel.

Your business can exclusively license this DAO NFT Class B token and gain bullet-proof (nonrepudiation metadata) affirmative express consent for the term of the license. Assuming your privacy policy is up to snuff and legal in all the jurisdictions applicable for your business, you can move swiftly and confidently into the data monetization horizon by leveraging EaaS API.

Together, these two DAO NFT Tokens for your business, Classes A and B, form the safety buoys for your smooth sailing into an ocean of opportunity. Revenue from both get distributed to the fractionaly owners of each, which are EaaS platform members (your customers and potential customers) as dividends paid through EaaS platform certified Authorized Agencies. As your business signs up and onboards to the EaaS platform, the acts of honoring your opt-outs and licensing your opt-ins for pennies on the dollar are made easily possible.

Top-Down Architecture

What We Are Building

Many attempts have been made for identity + digital wallet + privacy +etc. They have all failed largely due to what we call the Field of Dreams trap: “If you build it, they will come.”

But no one comes because no matter how compliant, secure, and shiny you build the stadium, there’s no game going on inside. Our stadium, the EaaS platform has a great game going on inside…and it’s the World Series!

We accomplish this by introducing something new…two pieces of paper.

I Got Two Pieces of Paper and a Microphone

The first piece of paper will be the Member’s agreement. This will require a human to go through a minimal registration flow, which can be engaged a number of very natural ways — because people are different and approach new things differently:

  1. They learn about an authorized agency (AA) and sign up with them through a registration flow to represent their information rights and cast their consent elections.
  2. They sign up for an account through an existing Affiliate and as part of the initial session (IAM), it’s determined that they are not a member, and they are diverted to an AA registration flow.
  3. They attempt to use a service compliant with PLOA, and the Policy Information Point communicates to the Policy Enforcement Point that a required membership is missing, and the user is redirected by a standard protocol (such as XCML) to the AA registration flow.
  4. The person logs-in using IAM and it’s determined that those credentials are not related to a member, and they are redirected through the registration flow.

The PLOA aspect of this alone is revolutionary as any adopting affiliate can federate their existing Policy Enforcement Point with our Policy Information Point, either through their Policy Decision Point or through ours. This means that any user action can include signing up new members, and that’s while they are doing something they want to do.

According to the law governing the AA, such as in the case of a co-op, membership may require a par value in order for the AA to legally pay them dividends or provide them with other benefits of value. That means that in some cases, this membership may need to be purchased. This purchase can be subsidized through a number of mechanisms:

  1. An affiliate may pre-pay for the membership
  2. An affiliate may sell the membership to a new member for profit
  3. A grant may cover the cost of the membership
  4. A service provider, such as one of the Distributed Ledgers or other competitive architectural disciplines may include subsidization as a bonus feature to adopting affiliates
  5. It may be paid by the member

The second piece of paper is the Affiliates agreement. At this time, this step will be manual, with plans to automate in 1.0. Here are the identified steps:

  1. Businesses agree to the Affiliates agreement through a chosen AA and pay any necessary fees.
  2. This chosen AA would be memorialized as the current “Controlling AA” for managing this business.
  3. Other AAs can represent their members’ data subjects to this affiliate as a “Participating AA”.
  4. If not already present, the affiliate would be added to IAM
  5. If not already present, the affiliate would be added to an Controlling AA’s database to support consent elections. This would include a review and scoring of their privacy policy as well as an initial evaluation of applicable jurisdictions and a report.
  6. If not already present, the Controlling AA would add the affiliate to the CNS.
  7. All existing members that have not opted-out of this affiliate, will be set to opted-in for all secondary purposes covered by this affiliate’s privacy policy.
  8. Members will have a dashboard to review all businesses (affiliate or not) that are requesting the legal status for using their data, for what purposes, and can opt-out at any time.
  9. A Class B Token would be generated for the affiliate representing their ability to license the use of all secondary data they collect through their own primary functionality in accordance with their own legal privacy policy and applicable regulations.
  10. The licensing fees are paid to the Controlling AA, with a 20% processing fee, and the remainder of the license dividends being made pro rata to all AAs with member parties of that Class B token, funds to be distributed to their own members per their own bylaws, laws, and regulations — encouraging competitive AA features and benefits.
  11. Participating AAs can represent members that are also parties of the class B token for this affiliate, thereby providing this affiliate with the broadest possible, non-exclusive licensing pool.

These two pieces of paper, which in turn leverage existing contract law that brings immediate global privacy regulation compliance to 238+ regulations through the ability to provide affirmative express consent with nonrepudiation, accomplish something quite remarkable and compelling: they turn a zero-sum game for each affiliate into a non-zero-sum game. Here’s how.

Today, if your business wants to curate affirmative express consent, and you have a goal to sign up 100 people on Monday — if you sign up 5 people, you still have 95 left to go…it’s a zero-sum game for you. Meanwhile, a totally different company in a totally different industry faces the same challenge.

But if both of your companies are affiliates of the EaaS platform, then some of your customers may also be their customers, and vice versa. That means that if you sign up 5 and they sign up 5, you may both end up with 8!

In this way, all affiliates of the EaaS platform will be working together to grow a global community of transparent consent.

Consenting Adults — De-risking the Morning After

Role of Authorized Agency (AA)

When a new affiliate joins EaaS, they immediately benefit from all non-opted out members that are immediate parties of the Class B token for that affiliate. However, at any time, any member can elect to opt-out. To date, these opt-outs represent less than 1% of the total customer base.

This opt-out is considered a non-granular opt-out of all secondary uses of data covered by the affiliates privacy policy. It’s required that every affiliate fully divulge all secondary uses in their privacy policy, as pursuant to a number of applicable privacy regulations — and this goes beyond the less limiting and overcomplicated legal wrangling on what some say “data sales” means. This approach makes things far less ambiguous for customers and increases trust.

When a member opts-out of any business (affiliate or not), the AA shall:

  1. Update the AA’s own metadata to memorialize the opt-out.
  2. Update the CNS to document the opt-out for that data subject for that affiliate and for all possible secondary purposes.
  3. Update the common service Distributed Ledger (DL) in the following ways (this requires guaranteed delivery with rollback):
  4. If one exists, delete the affiliate’s Class B token from the member’s account
  5. If a class A token for that affiliate does not exist, create one in the DL.
  6. Add the affiliate’s Class A token to the member’s account.
  7. Process the opt-out by notifying the business through standard practices governed by applicable regulations.

AAs shall also support the ability to process complaints to the appropriate oversight organization. These complaints can be associated with the Class A token for this affiliate so that potential producer advocate licensees pursuing remedy for harms may be aware of them for consideration. Examples include:

  1. Process consumer complaints to the affiliate’s customer care department
  2. Process civil complaints to the appropriate authorities
  3. Facilitate a member joining existing complaints and/or class actions

We’re Certifiable! AA — Certification/Licensing

AAs serve a vital role in EaaS A governing body for initial certification and then ongoing licensing is essential to the overall health of the platform. Currently, a number of AAs are already meeting in a regular cadence focused on the formation of such a body — initially called the GCA3 (Global Consent Authorized Agency Association). Although it’s early in its development at the time of writing this paper, the large areas identified to be addressed in standards include:

  1. Standards to process consent elections to business
  2. Process various forms of complaints
  3. Make available existing complaints (settled or developing) that a member may join
  4. Minimum standards for an AA
  5. Nonprofit
  6. Legally sanctioned by a Secretary of State to do business
  7. Ability to support standardized Memberships and Limited Powers of Attorney representing members’ information rights
  8. Sanctioned structure and oversight
  9. Facilitates members ability to shape licensing agreements
  10. An ability to support portability of data subjects to and from other AAs
  11. Contribute to legislation and regulations to support the role of AAs
  12. Producing data for consumer advocacy outlets in a standardized way

Although there are many AAs participating in the ratification of the GCA3, today there is one AA that already has met these standards and has been doing this work since 2018 — Privacy Co-op. They are pleased to fill the role of the anchor AA for this 0.1 version of EaaS and are dedicated to contributing their part for the 1.0 release.

Identity Crisis Management

Identity and Access Management is another critical element of EaaS Along with the typical expectations, IAMs participating in the EaaS need to provide:

  1. Common API where an affiliate can bring their own IAM or adopt one that’s provided by the platform.
  2. Check the provided credentials against the AA and if the data subject is not a member, redirect to a registration flow.
  3. An ability to leverage DL in an asynchronous way to memorialize events requiring nonrepudiation.
  4. Federate authentication based upon EaaS approved standards with other IAM approaches chosen by other affiliates.
  5. An ability to check the CNS for a yes/no decision, provide that result to the affiliate, and memorialize that request and decision for nonrepudiation based upon the affiliate’s configuration of
  6. Legal uses of data
  7. Listed Jurisdictions
  8. A configurable ability for an affiliate to award loyalty value through the DL for supported events such as…
  9. Each session
  10. Duration of session
  11. Session specific activity

Honest Engine — Distributed Ledger

There will be two broadly defined scopes of Distributed Ledger (DL) functionality: A) Affiliate-specific, and B) Common (shared) across all of EaaS

For the Affiliate-specific, along with the typical expectations, DLs participating in EaaS need to provide:

  1. Common API where an affiliate can bring their own DL or adopt one that’s provided by the platform.
  2. Generate and manage affiliate-specific ledger entries such as tokens and activity for loyalty programs.
  3. For common (shared) functionality across all of EaaS
  4. Generate and manage Class A tokens when a member opts-out of a business (affiliate or not), with an ability for all members so opting-out to associate their account with that token.
  5. Generate and manage Class B tokens when an affiliate joins the EaaS platform, with the ability for all members not opting-out to associate their account with that token.
  6. The ability for AA to delete one token of either Class A or B and then associate the other with the same account as appropriate based on consent elections.

One-Size-Fits-All Asbestos Underwear — EaaS Enhanced Containerization

Most businesses are used to containerization. There are accepted approaches in most clouds, such as Kubernetes and Docker. For EaaS, this containerization will bring along the typical expectations:

  1. API for sharing member data with other parties. Metadata will be captured:
  2. date/time/geoloc,
  3. who is accessing the data
  4. why they are accessing
  5. the CNS call that was made to support the use of the data along with the specified jurisdiction
  6. This history data will be memorialized for nonrepudiation
  7. This history data will be available to the user
  8. Through the affiliate by functionality provided in the containerization
  9. Through the AA by standardized API to memorialize data

Uncommonly good Public Commons — the Consent Name System (CNS)

Big Data demands the resolution of multiple regulatorily required consents for sometimes competing rights across massive amounts of data. Transactional uses of data such as interactive advertising online require the same consent protection for fast exchanges in content.

To solve this, many technologists from different areas have collaborated over the past two and a half years on a proposed public commons called the CNS. Rather than recover that ground here in this paper, we point to their work: https://tinyurl.com/FalconCNS including a “lunch and learn” video found on the first page.

This specifications document is the starting point for pursuing W3C considerations to make the CNS a new public commons as a sibling to the DNS. The Community Group can be supported here: https://tinyurl.com/CNSW3C

The goal for the EaaS is to adopt the current stable version of this resource and host it until such time as the CNS is available on the general network in the same way that the DNS is today.

In short, the CNS provides extremely small bitmaps that represent current consent ability for all legal uses of data across all current jurisdictions as specified by a specific business for a certain data subject, and it does it at the speed of bitwise “and” functionality, which is the most efficient computation for all hardware, software and programming languages — and is usable for both Big Data and transactional data uses.

The CNS will serve as the unbiased trigger for creating DAO tokens organically in response to new businesses being added as affiliates and new opt-outs being cast by members of the platform.

Net Work of the Stars

It’s envisioned that the 1.0 version of the EaaS will either be located in a GSMA data center or have access to it. Through cell phone service providers (carriers), it’s believed a myriad of desirable functionality can be made available to affiliates that adopt EaaS For example, ethical data exchanges governed by the CNS and transmitted through a carrier network, but bring along with them other telephone functionality, such as abilities for aggregating insights through purchased Big Data insights, or even providing desired services to the affiliates such as text notifications using short codes, and this functionality might also extend to other service providers on the platform such as assistance for validations/or verifications for IAM providers in a federated way. There’s no doubt the possibilities are deep — and this will help draw more and more affiliates to adopt EaaS as they will gain new functionality they may have not previously dreamt possible.

But what’s in it for the GSMA?

The primary benefit will be adding consent as a critical 8th layer to the existing architecture — forming the Consent Backhaul to complement the existing Network Backhaul. In the 1.0 release, no other network technology will have this distinction until developed, and it’s yet to be determined if any other network approach could even adopt these principles.

How We are Building It

In each architectural discipline, we are bringing one or more world class vendors to provide necessary functionality and agreeing to normalize API for interfaces and agreements with all other disciplines. This way, any adopting affiliate can BYOA (Bring Your Own Anything) or bring nothing and have all functionality supplied.

Dojo Partners are the show runner providing System Integration and use cases

Privacy Co-op is providing existing tools and rules:

  1. Membership and Affiliate contracts
  2. Membership registration flow
  3. Database for managing members to affiliate relationships
  4. Opt-out and Cancel Opt-out functionality
  5. Privacy Policy Scoring
  6. Complaint facilitation
  7. Jurisdiction nexus development AI
  8. Consent Name System
  9. Dashboard for member history and records
  10. Dashboard for CNS demonstration and training
  11. Open API for interface and agreement definitions
  12. Agent application to update Distributed Ledger (DL) for consent elections

ForgeRock is providing existing IAM functionality

  1. Various forms of login
  2. Federation
  3. Configurable alternative registration flows
  4. Session-based consent
  5. Activity communication to DL

Pryv is providing best practices EaaS Enhanced Containerization

  1. Initial release already in open source
  2. API for data access/movement with required metadata records
  3. Professional services as needed

Hedera is providing hashgraph DL technology

  1. Smart contracts
  2. Class A and B Tokenization
  3. Affiliate-specific DL support including affiliate-specific tokenization
  4. Memorialized relationships between accounts and tokens
  5. Nonrepudiation support

Interfaces and Agreements

Here is a list of developing interfaces and agreements. Where helpful, various other artifacts such as trace diagrams, schemas, and the like will be provided.

FR = ForgeRock, PC = Privacy Co-op

  1. The platform -> supports minting ACME Loyalty Coins, made available through one of the platform DLT, adding them to a digital wallet for the user, supporting exchange rate flows between other businesses.
  2. FR: Login -> 1A) are already members of platform, 1B) are not already members.
  3. FR: For 1B -> transfer customer to a registration flow
  4. FR: For 1A -> optionally creates signal for ACME to create or at least initiate ACME coin for session
  5. FR: For 1A -> PING CNS for ACME defined consent query
  6. ACME -> allows themselves and/or FR to finish the session and finish creating an initiated session coin. This is whoever owns 1 above (MCP or could be a specific subcomponent to be named?).
  7. PC: Opt-out -> A) Creates DAO Class A NFT token for ACME if one does not exist, B) link this user to that token based on their opt-out, C) unlink this user from the Class B NFT token for ACME if one exists and that user is already linked with it.
  8. PC: Provision ACME as an affiliate -> A) Create a DAO Class B token for ACME, B) link all non-ACME-opted-out members with this new DAO Class B token
  9. FR: For 8, we need a IAM provisioning flow for ACME
  10. FR + PR: Dashboard for ACME to set up applicable configurations for 2–5

What We Need

Your Business in the Stained-Glass Mosaic

We need test affiliates, service providers, and sponsors. If your business sees yourself in one of the following disciplines, and you want to join us, please contact us.

  1. Authorized Agency (AA): a nonprofit information rights GCA3 certified advocacy managing two agreements
  2. Identity and Access Management (IAM)
  3. Affiliate: any company that wants to adopt EaaS and optionally deploy into a cloud infrastructure.
  4. EaaS Enhanced Containerization: provides standardized API to a business’s existing application.
  5. Distributed Ledger: 1) specific to an Affiliate’s needs, 2) common (shared) service for exchange
  6. Consent Name System (CNS)
  7. Altruistic Proofs of Concept (initially opt-ins for Covid Tracing, Missing Persons Human Trafficking (Amber Alert 2.0), Emergency Health Record Service)
  8. Communications for Consent Backhaul

Members, Affiliates, Patrons, and Reformed Thieves

Dojo Partners is actively looking for volunteer individuals and businesses that want to be granted early access to the platform. Initially, this will be by invitation only.

We are actively seeking patrons/sponsors. See below for opportunities.

If your business has once been like the 66% mentioned above that aren’t exactly transparent with how they use customer data, but you’d like to do better, or if you’re a disgruntled former employee that witnessed questionable behavior, have we got an opportunity for you! Please reach out to us — we need your insights, and the information we glean will remain completely anonymous.

Everybody Loves a Happy Ending

The Cash Stash Dash

“Too many people spend money to buy things they don’t want to impress people they don’t like.” — Will Rogers

All good innovation requires funding. We’d like to thank Dojo Partners, Privacy Co-op, ForgeRock, Hedera, and Priv for already putting up the most priceless commodities — really smart people working tirelessly to bring this vision into fruition.

Whose Line Is It Anyway?

We have immediate need for in the following areas:

  1. Appearances at a number of events in Q1/2 of 2022 including Mobile World Congress
  2. Exhibit hall presence — branded representation, ability to send representation and be in the space
  3. Travel expenses — early access to results and planning, with input after events
  4. Break-out session space — branded representation
  5. Buildout for February
  6. Azure sponsorship — fund virtual machines/services
  7. Privacy Co-op Affiliation — branded recognition on website, privacy health checkup, ability to license existing opt-ins, ability to sell memberships
  8. Buildout in 2022
  9. Sponsored affiliate presence in GSMA foundry
  10. Early access to production functionality
  11. Complete set of deliverables at conclusion, including:
  12. an exhaustive Open API
  13. best standards and practices for management, technical, and audit tracks
  14. knowledge and wisdom and why and how things are done

Perks for Works (Benefits for Participating)

It’s no secret that EaaS will change the world because it has identified the root-shift to a producer-economy and is embracing it with the first broadly defined emerging ethics of digital everything. It’s also no stretch that the companies and people involved in and sponsoring its definition will not only have a hand in developing the future of business but will gain vital early access to the functionality.

Beyond these obvious points for any new emerging industry super-charged with immediately realizable potential, there will be a number of governances, education, certification, and consulting opportunities that will be made available to those with early practical knowledge and experience — which can only happen if your business is involved now rather than later.

Please contact Dojo Partners or Privacy Co-op to get plugged in early.

--

--

Privacy Co-op Media Staff

Written by Privacy Co-op Media Staff

11 Followers

htts://Privacy.coop You own the rights to your information and businesses desire your direction. Learn about your choices, direct them in less than 3 minutes.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams