Creating tangible value while complying with privacy regulations can get complicated. In order for providers to deliver the most personalized (and monetizable) experience, consumers need to share some personal data. Meanwhile, data privacy regulations are upping the ante for gathering consent before using personal data, forcing enterprises to re-architect their customer experience. So how can organizations continue to enhance personalized experiences and customer loyalty without getting into regulatory hot water?
Imagine a world where…
Alice enters a retail store, Acme. She’s on record as agreeing to share her data with Acme, and the store is able to detect her presence through her mobile device. When Alice buys items using her phone, Acme rewards her by depositing AcmeCoin in her associated cryptocurrency wallet. Because Acme’s systems are integrated with a respectful data brokerage ecosystem, all of Alice’s interactions, identity data, and consents generate auditable proof of the company’s rights to collect, use, and share her data — and she can change her mind anytime about those rights. The ecosystem preserves and enhances the relationship between Acme and Alice and their mutual value exchange.
Consulting company Dojo Partners recently debuted just such a scenario to key stakeholders at GSMA’s Mobile World Congress in Barcelona under the headline Operator Tokenomics. ForgeRock’s innovation labs team is working with Dojo, consent service Privacy Co-Op, blockchain provider Hedera Hashgraph, and privacy solution provider Pryv in a pilot program as part of the GSMA Foundry. We aim to explore and build a repeatable model for such an ecosystem, applicable to individual companies as well as to entire sectors.
The following simple demonstration [video here] of ForgeRock Intelligent Access Trees shows a no-code integration of the Privacy Co-op consent engine into a user journey design. It enables organizations like Acme — a member of the respectful data brokerage ecosystem — to leverage an independent and trusted source of Alice’s express consent into any part of her journey, including registration, authentication, or profile self-service.
When Acme wants to use Alice’s personal data for an email marketing campaign, a consent engine acts as an authoritative source for whether or not her data is suitable for inclusion, ensuring compliance and auditability of decisions. And, on the basis of Alice’s express affirmative consent available through the consent engine, her data can be made available in a data marketplace or exchange. Specific conditions for data sharing can also be established, adhered to, and proven. Examples include data anonymization and restricting certain data to specific audiences.
*** This is a Security Bloggers Network syndicated blog from Forgerock Blog authored by Eve Maler. Read the original post at: https://www.forgerock.com/blog/operator-tokenomics-and-respectful-personal-data-brokering