24 Nov 2017
Lets face it we have grown used to organisations sending us unsolicited material and even though we as consumers are sometimes frustrated by old adverts chasing your business just because you once went to look at booking.com, the fact is the internet is not on your side as a consumer. Until now that is, with GDPR now coming into force consumers finally have an opportunity for a more level playing field.
What has been interesting to observe is that those in the technology industry seem to be taking a very conservative stance on managing this new regulatory regime.
The realisation that GDPR is coming is dawning on more and more business’. GDPR will be a challenge as well as an opportunity. The challenge is that data protection in the business is now serious due to the penalties involved (4% of global turnover) it therefore demands attention. The second challenge is time. GDPR comes into force on May 25th 2018. This means the panic button should not be hit just yet, but time will fly. Start planning now.
The opportunity is huge though. Firstly adherence to GDPR will improve your knowledge and understanding of your customers. Which can only be a good thing. This improved knowledge will increase trust. Which should lead to happier, sticker customers and more business for you.
The market today is seeing potential customers declining signing up for services due to the often binary terms and conditions requested. This is leading to lost business. Therefore, the opportunity for different levels of service quality related to the amount of personal data obtained from a customer will encourage more users to sign up; help retain these customers and also allow organisations to offer that bespoke very personal service that trusted brands can then exploit.
Overall GDPR will help reduce risk and exposure to your business. This is critical as more and more activity in the marketplace is digitally driven. In short GDPR if implemented right will improve operational efficiency and increase profit.
But What do I do Now?
Do not panic. This is because Consentua can help. Consentua does one thing very well, it captures consent from the data subject/user.
Consentua is a lightweight low impact API. This will enable quick and easy install into any business operation. This new service is available today and all it requires to start working is firstly a conversation about your consent requirements. Secondly, taking the output from the privacy impact assessment (PIA) that will be conducted as part of the GDPR preparations to build your unique consent management service.
Consentua encourages organisations to have different levels of service quality related to the amount personal data being consumed and processed by your organisation. Consentua captures the consent and stores it as a consent receipt. This then allows any organisation granted access to this consent receipt to have the record of consent that GDPR is now demanding.
This means it will facilitate an improvement in trust between the data subject and your organisation too. As well as improving operational efficiency and reducing risk to your organisation too.
How do I get Consentua?
Go to consentua.com to learn more.
Contact the team at firstname.lastname@example.org
Start preparing your consent template
Install the API so it works with your enterprise/business systems. Consentua requires a common user id so it will work with your systems. Consentua does not hold any user data other than this ID.
Start using Consentua!
21 Nov 2017
This blog provides the background as to why Consentua has embraced the Kantara Initiatives Consent Receipt Specification.
One of the drivers in adopting the specification for Consentua is the heritage and experience of the team that created it. Having almost 100 years worth of combined IT experience, we had a numerous stories and experiences of projects and products that had gone wrong. One of ingredients of projects that had been a success was their basis on standards.
Standards are very important. They drive a minimum level of quality. Standards when applied ensure that when a product says it will do X. It does X. Standards are a foundation from which to build upon. But, standards evolve and change. Consent Receipt standards are no different.
In terms of the new market of consent management, having standards means a number of things. Firstly, it means customers can start to easily compare different consent service offerings on a more like for like basis. This mean these different offerings can compete more on value add, price or service quality.
Secondly, standards provide a guarantee of interoperability. This is important as GDPR demands portability of data. Plus, if service A can work with service B, this means the whole market has a better chance of success. A reason why any CD works in any CD player is down to standards.
Finally, because the consent management market is still immature, the availability of a standard such as the Kantara Consent Receipt Specification gives consumers and producers more confidence the market opportunity is stable. This attracts investment and innovation.
Link to Identity
Kantara are the organisation behind OAuth2.0 too. This is a great piece of standards work in its own right. As it now means your identity can be seamlessly shared across the web in a secure fashion. From a user perspective this is ease of use heaven.
The use of a single digital identity is becoming more common too. This is seen in the rise of the Personal Information Managers. Some of the PIMs Consentua is working with are digi.me and meeco.me. PIMs will also facilitate a citizens ability to earn money from their personal data too.
So bringing ease of managing your identity, alongside the consolidation of your identity under one platform, will have an impact on consent. It means that any consent to use personal data from a 3rd party is now hitting a common identity. A single place. This will give citizens more control. But at the moment the consent receipts are all over the place. A way needs to be found that will consolidate into a single view all the consent receipts held by citizen.
The consent receipt therefore will have an important role in the future. It will act as the bridge to bring all the receipts together into one place (a virtual place). But then what? What if these receipts are the active gate keepers of a digital identities consent to share personal data?
The variability of consent (I can change my mind) means a different answer is likely depending on the party requesting and the location/time/day that the request was made. This means that consent interactions are only going to increase as more and more things become connected to the internet. All wanting a slice of your personal data.
In the future, consent interactions are slowly going to be automated and the citizen will likely group and order consent based on a scenario and an outcome. More a set of ethical rules and thresholds. The rule set will be set verbally by the citizen and will arbitrarily change based on mood and location.
The role of the consent receipt is to be this dynamic store of consent. Based on the purposes previously agreed to by the citizen, the consent request is processed and acted upon in realtime. Consent management services will need to handle this variability and flexibility. The Kantara Consent Receipt specification has already thought ahead in terms of these types of requirement.
From a Consentua perspective we are investing in this next generation of consent interaction. We foresee a time when consent bots based on your collection of consent receipts will automatically handle consent in a consistent and trusted fashion. But this requires a…
Citizens have a single view of Consent
Consentua believes that in the not to distant future, when consent management is mainstream. This is when millions of citizens have interacted with a consent service and consent receipts are plenty. The next consumer demand will be for a single view of consent.
Currently, our focus is on business customers. As these organisations are the data processors/controllers requiring the consent. However, once consent receipts are common, Consentua plan to be creating a consumer app.
This new app is waiting for a new extension from the consent receipt standards team which is an Interoperability Exchange Protocol. This new protocol will mean that included in the message payload is the location of the consent receipt host.
This means that if a consent receipt has followed the standard and is made open by the receipt owner, that a consent repository such as Consentua will be able to read a consent receipt stored in another consent repository.
Now the achilles heel of any single view of consent is your digital identity. But, as we know this is being fixed by such things as the OAuth2.0 evolution and the rise of the PIMs.
The good news is that Kantara are already exploring through a joint working group the link between consent and identity. The other piece of good news is that an interoperability work stream is also working on an active trial of a PIM interacting with a consent repository. With Consentua playing an active role in shaping and using the standard we are supporters of this activity.
Consentua, digi.me, Consentric, (with others welcome) will be testing the interoperability of consent receipts. Then by the middle of next year I would hope the early versions of an Interoperability Exchange Protocol will materialise. Again, along with others Consentua is stepping up and taking on the challenge of helping to move the standard along.
Then by 2019/20 we should be ready for the combined citizen centric view of consent. Then we can start getting serious with the automation and management of consent entirely on a citizens behalf.
However, the one thing that underpins all the above is the Kantara Consent Receipt Specification.
To that end, the team at Consentua want to say a big thank you to all parties who have been complicit in the creation of the consent receipt. We are pleased to be adherents to the specification and proud to be shaping the next stage.
For with out the Kantara Consent Receipt specification, Consentua would not be able to say it is a technology built on the shoulders of giants. Thank you.