Part 2 – What is happening now…
The Business Case is warming up
When it came to KnowNow’s innovative new consent tool what we needed was a view of the market. We needed to move from a hunch to a viable innovation backed up with evidence.
A consequence of being on a business accelerator is that you take a more methodical based approach to your innovation validation. This means fail fast and do the bare minimum and push only what has a positive response. Do more of that and less of the things that are not so positive. This is an iterative experience.
KnowNow is based at the University of Portsmouth which gives us access at certain times to students looking for companies to offer them a project. KnowNow used a team to confirm the size of the market for consent management services, the price point we could charge and potential threats and collaborators. The resulting report was a massive boost of confidence. The team identified a conservative
€90Bn market size by 2020 – so even a small percentage is a huge opportunity. The innovation is designed for B2B so app developers and app providers pay KnowNow for the service on a micropayments basis. However, a significant number of citizens would pay between €1.49 and €5 for a consent and personal identity management service.
Two further trends lend themselves to this innovation. The first is that developers are wanting to use modules. Code elements and API’s that are already ready-made. This saves time & money. Plus removes hassle and solves regulatory compliance and the need to be an expert. Let someone else manage this on my behalf.
The second is GDPR itself. Now that the text is settled a clear requirement for business compliance is that they need an audit trail and proof of consent from users. Luckily an out of the box capability.
Why use a Framework and the PDTN?
A framework is a means to a rapid end. It keeps you honest, opens you to peer review and also ensures interoperability and an element of future proofing in terms of backwards compatibility. The aim is to re-use the consent framework wording, turn this into an open API standard and SDK, then launch the KnowNow service. Additionally, the Privacy & Data Trust Network (PDTN) is a testing space. Rapid feedback from a range of stakeholders, in real life scenarios. Tested in the field.
KnowNow’s innovation meets a number of criteria for inclusion in the PDTN
- Enabling consent for the user – compliant to GDPR
- Audit trail of consent that both parties can see.
- Citizen regains control of how their data is used.
- Independent, standards-based API (aim is to make open)
- Consentua does not hold any user data.
- Open Dashboard app (which could be surfaced via 3rd parties).
PDTN provides a safe environment to test Consentua
- Consistent use of terms within an agreed framework
- Opportunity to integrate with others
- Rapid feedback from all actors
- Real life scenarios
- Business led – measured impact.
An important consideration for any new service is to answer the ‘so what’ question. So what if I give consent. What does that really mean? This is about giving empowerment to the citizen.
- Fundamentally, consent is not “message and click” but “understand and choose”
- ‘Consent’, broadly, is about informed citizens making choices
- This is about giving citizens control over their data and helping them make informed choices.
- Using the service also makes business GDPR compliant. Handy as this is key for the business case and adoption.
From an application providers perspective improving the relationship and trust you have with your customer will lead to higher customer satisfaction, loyalty and revenues. Not forgetting the need to have that audit trail and proof of consent.
New Name for Trust: Consentua
A short brainstorming session led to a new name for the Trust Slider which is now called ‘Consentua’. Here is a mockup of the new Consentua slider with improved wording and a look at the new dashboard capturing all your consents granted/active.
The challenges are:
- 1) Relevance: How do we know what part of processing or collection users will care about?
- 2) Intelligibility: How do we make a proposition understandable, so that relevance is clear?
- 3) Attention: Getting a user’s attention is bothersome for the user. Leads to habituation.
What is happening is that your consent settings create a token that the requesting application then interacts with the API. This is a gateway to the original source of the data. If allowed the data is exchanged. If disallowed, the data is not. Consent is now a key. Consent is now under the citizen’s control.
What’s Next for Consentua
Consentua is being tested as part of the PDTN’s mobility use case tests. This is with the Centro in Birmingham and EnableID. This will commence in the second half of the year (2016). What is exciting is that we will be integrating with a new Hub-of-all-Things instance (HatDex). This will mean that consent is arranged via the HATDex interfacing with Consentua, which means the data exchange is consistent and user regulated. With Centro providing a personal service without having knowledge of the personal data.
Watch this space…..
Thanks for reading Chris.
This blog was adapted from a webinar Chris gave as part of the EIP-SCC Citizen Focus: Citizen Centric Data Approach. To view and listen to a recording of this webinar then click here: https://vimeo.com/164693066
Chris Cooper is the chief convenor of Ideas and Innovation at KnowNow. Focusing on Smart Cities, his passion is taking client requirements and turning these into sustainable, resilient and usable solutions. A Chartered Engineer and Enterprise Architect, Chris is one of the founders of KnowNow Information.
You can follow KnowNow on Twitter @knownowinfo