Individuals want to protect their privacy and regain control of their personal data. Privacy regulations have relied heavily on consent, leading to a pop-up nightmare. Presented with disclaimers every time they visit a website, consumers cannot be expected to make an informed decisions. At the same time, a blanket ban on sharing any data results in no personalisation and an inferior experience.
This shouldn’t be binary. Consumers have an incentive to take back control. The solution should make exercising that control easy and rewarding.
We believe programmatic advertising is a good thing and we think people benefit from personalisation. The discussion should be less about whether platforms serve relevant ads and more about the means used to determine relevancy. OwnYou is building a regenerative system where advertisers develop and connect with a genuine audience, where people receive relevant and useful products, and where publishers are paid fairly for curating high quality audiences.
Providing consumers with easy-to-use, and non-intrusive, tools that make it clear when and how they are sharing their data, and with whom, will help resolve the Privacy Paradox.
Individuals deserve fair compensation for sharing their data
Consumers are disenfranchised. By consuming Web2 social media services in exchange for their personal data, they have become inert to the value exchange. The advertising technology stack has feasted on their data, to the detriment of all other stakeholders. Consumers should be compensated for sharing their personal data. Any solution should compensate users fairly, transparently, and in proportion to the quality of the data they share.
Location specific offers without feeling like prey
Consumers want to benefit from location driven opportunities including location and time specific discounts and unique items in particular locations, but they don’t like the idea of being tracked. OwnYou offers brands and advertiser the opportunity to leave location specific “easter-eggs”; coupons, discounts and location specific offers than only unlock, or become available, to the individual when that individual geolocation data matches the offer’s parameters. The advertiser only registers the offer uptake if the user redeems the offer.
No more personal data requests
Consumers want to be informed without sacrificing their identity, in perpetuity. Why is it that every business wants to send you emails, or marking information, in perpetuity? The consumer may want to remain in contact with opportunities, or developments, but they deserve a more nuanced, richer, experience that does not rely on email, that does not require surrendering their identity and does not require a forever commitment.
Verified Credential made easy
Users/holders want to leverage Verified Credentials in a safe and secure manner. Verified Credential (VC) infrastructure allows credential issuers (for instance the DVLA, the home office, or a university) to issue digital credentials to holders. Holders can present those verified credentials to verifiers who, using the issuer’s public keys, are able to confirm authenticity. VCs are like digital credentials that can be authenticated without having to check back with the issuer. Also, VCs are portable; they are not tied into any particular app or app developer. And they don’t always have to reveal everything about the holder. For instance, zero-knowledge enabled VCs allow the holder to prove a specific aspect of their identity, without revealing anything else about themselves; for instance, that they are older than 18 without having to reveal their name or any other personal information. While we expect verified credentials will be issued in tandem with physical credentials, that is not currently the case.
The European Digital Identity initiative is making progress and following recent amendments to the proposed regulations, we are very likely to see several trials across member states, some of which will adopt the W3C VC standards. The Australian government has new legislation under way that allows their digital identity system to be used outside of just Medicare and the Tax Office, with a proposal that it be made available to the private sector . In June 2022, the UK government announced the beta version of their identity and attributes trust framework which outlines distinct roles, responsibilities, and rules around the issuance and verification of digital identities. Initially, the government will operate the trust framework with a trial involving digital identity document verification (IDVT) . Once the trial is complete, a trust certification process will be implemented allowing organizations to play certain roles (identity service provider, attribute service provider etc). Eventually, organization will be able to certify, issue, and orchestrate services around digital identities.
While the technology and government policies around digital identity are still nascent and evolving, an emphasis on interoperability is encouraging. OwnYou will leverage one or more open standards across multiple geographies, facilitating verified credential storage and presentation. Allowing users to prove their demographic profile, without having to reveal who they are, is powerful proposition for individuals and advertisers.
Personal data storage made easy
Users should be able to store all their private credentials and personal data, including verified credentials, in a private decentralised database:
- Credential holders should be able to store their credentials in a private database, controlled and owned by the holder.
- Credentials and personal data should be portable from one storage provider to another.
- Data should be portable; between centrally managed services and from centrally managed to decentralised storage providers.
- Data can be stored in more than one place. Users should be able to back up data across multiple storage locations. Locations could be hosted by different providers. Locations should include local (phone, PC), decentralised or with a cloud service provider.
- Personally-identifying information, demographics, target audience data, Decentralised Identifier (DID) lists and any information required for single-sign-on, should be stored on the client, for rapid retrieval.
- Private keys should be stored locally, and more securely, preferably in a secure enclave.
- Users should be able to grant access to an entity, allowing them to create secure two-party encrypted data, unavailable to other entities. For instance,
- Storage should be available to the user and an advertiser, with granular access control.
- The user, or user agent, should be able to store semantic data with the ability to retrieve it via a self-describing API (based on its schema, type etc).
- The DIF Decentralised Web Node standard should be adopted.
