Innosuisse Funds Profila’s Privacy Knowledge Base Research Project with HSLU
Innosuisse, the Swiss Innovation Agency, has decided to fund a privacy-based research project created by Profila and the Information System Research Lab of the University of Lucerne of Applied Sciences.
TL,DR:
🔵 Profila and the Information Systems Research Lab of the University of Lucerne of Applied Sciences (Hochschule Luzern, HSLU) have partnered for an applied research project, aimed at developing a smart knowledge base of privacy policies and privacy knowledge
🔵 The main goal of this 24-month project is helping consumers to understand which data usage agreements they agreed upon and how accordingly their data can being used online
🔵 Innosuisse, the Swiss Innovation Agency that promotes science-based innovation, has chosen to fund this research project
Introduction to Innosuisse and the P2S “Profila Privacy Simplified” project
Innosuisse promotes science-based innovation in the interests of industry and society in Switzerland. It funds partnerships between academia and market participants that relate to innovation, thereby laying the groundwork for successful Swiss startups, products and services.
On the 21th of April 2021, Innosuisse approved to fund the Profila and HSLU research collaboration project 50446.1 IP-ICT with the title “P2Sr Profila Privacy Simplified reloaded: Open-smart knowledge base on Swiss privacy policies and Swiss privacy legislation, simplifying consumers’ access to legal knowledge and expertise” (See more on: HSLU and Aramis, Swiss government).
Under this 2-year research project, that was kickstarted recently (September 2021), Profila and HSLU will create a smart & expert sourced knowledge base on Swiss and EU privacy policies and privacy legislation.
What is the problem that Profila and HSLU are solving?
People interact with digital services and purchase products from companies (Brands) globally. Each interaction you have online is regulated by a privacy policy that you are forced to accept. Thereby, you agree to share your personal data, without knowing how they Brands use it.
But what can you do if Brands use your data against your expectations? Do you actually know what terms you agreed to when you accepted to share your personal data?
A real-life example
Meet Maria (46) and Daniel (48), with their kids, Mia (16) and Noah (21). Daniel subscribed online to his local newspaper (let call the company “The Newspaper”) and accepted the privacy policy, which specifies that different The Newspaper-affiliated companies could send offers by E-Mail and SMS (I agree that The Newspaper and companies of the Newspaper Group may inform me in the future about other interesting offers by e-mail and SMS).
Maria registers an account for an online pick-up service from her local supermarket (let call the company “The Supermarket”) and is asked to confirm the privacy policy (I confirm that I have read and understood the privacy policy and the processing of my personal data described therein). According to the 10-page privacy policy, The Supermarket can share Maria’s data with The Supermarket-linked companies.
The family now starts receiving messages more frequently than expected and via different channels (email, SMS, mail), but also from brands they have never shared data with. Maria receives 15 emails/week with newsletters from The Supermarket. The family letter box is full of flyers from “The Spa”, “The Nightshop” and “The Movies” (also part of The Supermarket Group).
The problem here is: Almost all of the info on how companies use personal data is (albeit not in plain language) included in their privacy policies the family “accepted”. However, people generally don’t understand what they agree to, and do not know how to act when they want to alter the terms of their relationship with brands.
How Profila solves this
Profila is a platform (mobile IOS/Android application for individuals and a web-based dashboard for companies, organizations, governments, and other legal entities, we call “Brands”) that enables individuals to communicate with various organizations in their lives, privately, one-to-one, and without supervision or surveillance.
Through it, Brands can subscribe to personal data that consumers keep in their Profila (one source of truth with a consumer’s contact details, communication-, product preferences), after a consumer accepts the (privacy and legal) terms of such contract.
Using our example above:
Migros pays Maria 10 CHF/year to access her (i) personal data (email, phone), (ii) preferences about food (vegetarian, bio-products, lactose intolerant) and (iii) communication preferences (Maria would like to receive discounts/product info via WhatsApp).
If Migros listens to Maria, she will be a happy consumer.
How the solution looks like today, and how it will look like tomorrow
Although currently there isn’t a single solution to solve all unauthorized use or (mis)use of your personal data online, there are many steps that you can take to gain ownership of your personal data and track its use by brands you shared it with.
Step 1 — The existing privacy features in the Profila App
Profila’s privacy solution that exists today has 4 important features that help you better manage your personal data:
- Education
The Profila App has 9 basic education or “awareness” modules about your privacy rights, explaining to you in understandable terms everything you need to know about privacy and your personal data in order to effectively control it. Each privacy module tackles a different topic and explains in lay-man terms (although legally correct) and with examples “what is personal data”, “what is a controller/processor”, “what are your data subject rights”, e.g. “your right to be forgotten”, “when can you exercise these rights”, “why would you exercise these rights”, “is a company obligated to respond”, and many more.
2. Rights Management
The App allows you to manage or effectively exercise your rights via a single dashboard. Profila reduced this difficult process to an easy 3-click step process, where you can (1) choose a company logo (recipient of a right request); (2) click on one of the data subject rights , and (3) include an identifier (email; mobile number).
Why would you use it? e.g., use your ‘right to object’ to tell The Supermarket to stop sending daily emails; or ask The Supermarket which other companies in its group they shared your personal data with.
3. Privacy Alerts
Profila enables you to log all interactions with Brands to know what you agreed to.
4. Subscriptions
Another important step to get data control, is keeping track of your personal data you shared with brands. Where does your personal
data reside and who has access to it? This is taken care of by Profila’s “data subscriptions”, which allows you track all data you shared with brands, including information about what kind of data, the purpose and duration, and ultimately receive a compensation from brands that subscribe to your data (personal data is never sold).
Why would you use it? e.g., this lets you go back to your initial request from The Supermarket to share your data and allows you to check the terms that were agreed.
Step 2 — Understanding privacy policies (what you already agreed to)
Supporting customer’s comprehension of the term of a privacy agreement they are accepting by interacting with a website or concluding a contract for an online service is the core point of this Innovation project. Our privacy solution tomorrow will help you better understand the terms that brand propose to you when they ask you for your personal data.
A typical user perceives this legal document as complicated and therefore the privacy statement will be simply accepted without reading it throughout. Nevertheless, by supporting the average user in understanding it, we expect a better awareness of the impact such an agreement acceptance can have with respect of the personal data usage by the companies.
Under the Innosuisse Project, Profila and HSLU are developing a ”smart knowledge base” (KB) composed of questions and answers (Q&A) that can be matched with the specific doubt or question a user has. This will work as the intelligence behind a conversational agent, proposed as a self-help tool.
This should be able to solve the most common and standard aspects but will fail for more specific needs. In order to provide an advanced service, a match between the specific request and experts will be provided, in order to give a rapid and low-cost option to clarify the subject with a legal expert.
Additionally, by collecting user feedback about the perceived quality of the information and the experts suggested, the system will improve its own performance, taking into account these metrics.
The vision is to provide a one-stop-solution for every user privacy-oriented question of online services. The creation of the KB (on the top left in the illustration) and the matching algorithm will be based on Natural Language Processing (NLP), in order to support the adoption of natural language in the interaction with the user, thus reducing the entry barrier for customers.
How will you be able to interact with the knowledge base and experts?
After the successful end of the research project, Profila will integrate the smart knowledge base in the chatbot that is being built in parallel.
Research project roadmap
The project started in September 2021 and is scheduled to be delivered in 24 months. Regular scientific and general purposes publications will be made available to the public at predefined milestones.
Follow us to track our progress
If you want to know more about this project or track our progress, feel free to join the Profila community, where we will give periodical updates, share drafts papers of our research and much more:
👉 Discord
👉 Telegram
👉 YouTube
💙Learn more about Profila for consumers and brands:
💰 Learn more about our Zero Knowledge Token (ZKT):
