FairsFair.orgopen standard for GDPR complaint data exchange
More and more of our transactions have got a digital component to it, from buying your dinner to ordering your new shoes online. The thrill of the purchase and the prospect of the experience make us accept all kinds of terms and conditions. The small print regarding the information and the interaction is so complex that we don’t even bother anymore. What we seem to forget is that all that information is being collected to analyse our behaviour. Moreover, to direct us in a direction which is most profitable for the platform. Ultimately, this means that our own interactions work against us: limiting our choices and directing our behaviour. Whether commercially or psychologically we are no longer in control.
Control being one of the main issues, there is also an upside. In real life when someone asks you for more than required we are alert and think: ‘Hey, but what’s in it for me?’. All this information which is gathered actually represents value. In volume it is the value that shareholders are looking for. How about we level out this playing field? What if you could have full control your data and your identity, monetising on it? Or, what if your data could be reused for the needy (societal goals) in stead of ending up in the hands of the greedy (individual goals)? This is exactly what FairsFair.org has been designed for.
Standards help us to align. A football field (m*m) has the same dimensions all across the globe, speedometers (km/h) tell you your current speed in relation to the limits. Wherever there is a claim, standards allows us to validate such a claim. Standards in fact take away a lot of dispute. But in order to do so they require certification. So, that no one would use a faulty equivalent to mislead someone else. Certifiable claims maximise credibility. Open standards are a technical term used for actual (digital) processes delivering the claim in a verifiable and certifiable fashion.
The technological processes in that sense can still be highjacked for commercial ends. To take out any hidden elements, creating more transparency to foster trust in that sense, the FairsFair.org labelled technology requires to be build using open source elements. This means the code organising the processes is accessible and subject to review. An open source community supports the maintenance of the code and the change whether requested by the market or suggested from inside the community. With all that transparency in place the data infrastructure in itself is independent.
The magic of FairsFair is reuse of legal elements that are already in place and those designed to control the exchange, or access to data based upon the part they play. Contracts standardise our interaction, and they claim the existence of an agreement between parties, regarding a service or product. Smart contracts standardise the access to data elements by stakeholders of said agreement. For instance, if you are in an agreement with a shoe store, and I’m not part of that agreement, I have no access to any of the information. The shoe store can always access the relevant information, like the product description, price to use in their administration. But, and here comes the rub… Thanks to FairsFair, your personal data for shipping and for payment are only accessible for a certain time span. With the consent to access the (minimally) required data and the time window at your disposal. This means that the access to your data is limited to its use for said transaction, making it compliant with GDPR.
Identification and authorisation
Other GDPR challenges are’ the right to be forgotten’, as well as the impossibility to ‘reverse-engineer’ information to establish your identity. FairsFair is a combination of tools. One is a distributed ledger that allow stakeholders to collaborate around the same data. And in case of FairsFair, smart contracts not only organise the data over a network of nodes, but also create a single source of truth for all stakeholders. This makes the data immutable within the solution. To comply with GDPR, the personal data in the transaction is replaced by unique temporary identities, which disclose your personal attributes to designated stakeholders only (within the time window of your choosing). The combination ensures that you are forgotten by default, in full compliance with GDPR. The temporary identity also enables to identity you as the contractual party. As being part of the agreement it refers to, you will be authorised to claim the services or the product, anonymously unless attributes are required or desired. Required for instance in an international train ride, or desired when you want an extra check before they hand out your precious article.
The Claim – FairsFair.org
FairsFair.org ensures that the label, leading to its claim and its desired outcomes, is advocated and supported through validation and certification of implementations. Secondly, FairsFair.org organises change management and leads the open source community, Any organisation that wishes to benefit from the FairsFair claim can implement FairsFair.org validated and certified solutions. Only then are digital service providers allowed to repeat the claim under the FairsFair.org seal of approval.
iShare is a legal and technical framework for consented data exchange on legal entity level, e.g. for planning. FairsFair is a satellite for mobility working with the same generic terms and conditions and with the ability to set up mobility specific ones.
IP: The data string leg description is registered IP under 111.044 BBIE; the mobility ID is registered IP under 111.111 BBIE; the combination and its added functionalities in the FairsFair ledger is registered IP under 130.784 BBIE. The name and all trademarks are registered IP. All IP, including the source code, will be made available to the FairsFair Foundation.