🏆 BIG WIN FOR PROFILA IN PROJECT CATALYST FUND5

Profila Receives Funding from the Cardano Community for Its Privacy Rights Project

2681 Cardano owners — good for a total of 407 million ADA (worth close to 800 million EUR at the time of writing), voted Profila’s project “Control your data — Privacy ledger” in first place.

TL,DR:

🔵 Profila has won first place in the metadata challenge as part of Project Catalyst Fund5

🔵 Profila is a Cardano-focused platform that gives you control over your personal data, lets you learn about your privacy rights and provides an easy way to exercise them

🔵 Other Profila projects that integrate Cardano’s native assets, blockchain, and other technology such as Atala Prism’s digital ID are currently being voted on in the Project Catalyst Fund6

What is Project Catalyst?

Project Catalyst is a community-led experiment organized by IOHK to fund projects and entrepreneurs that build on the Cardano blockchain. It is bringing on-chain governance to Cardano by allowing the community to self-determine priorities for growth. Project Catalyst has become the largest decentralized venture fund in the world.

1st place in Fund5 voting

Under Fund5, no less than 2681 Cardano owners — good for a total of 407 million ADA (worth close to 800 million EUR at the day of writing this article), voted Profila’s project “Control your data — Privacy ledger” in first place.

▶️ See the original project proposal here.

From September to December 2021, Profila is working on integrating its existing privacy ledger with the Cardano blockchain, so that people can ultimately store certain metadata about data subject rights on the Cardano blockchain.

What is a privacy ledger and what are data subject rights?

People — or “data subjects” in the language of privacy laws — have certain rights in relation to their personal data, called “data subject rights” (DSRs).

Under certain conditions, these rights can be enforced against brands that process personal data. Let’s say that you could use them to tell a company what to do (or better, what not to do) with your personal data. These rights may include: 👇

Examples of data subject rights

Ultimately, DSRs aim to give people more autonomy over their personal information and how it is used, in the hope of restoring consumers’ trust in the digital economy.

🚩 However, even though these rights are put in place to empower people, many are not aware these rights exist. Even if they were, how to exercise them to stop the unauthorized (mis)use of your personal data?

What does Profila have to do with data subject rights?

Today, there is no tool that lets you learn about your privacy rights, let alone exercise them. Some local websites of data protection authorities provide information and templates, but require you to download lengthy documents, fill out 10–15 elements in these documents, upload them, send them by email or post to the brand in question.

This process is only available for those people who know what a data protection authority is (=what?), and who are willing to spend some hours to get the template filled out and send (=where?).

💙 Profila was created to make learning about your privacy rights and exercising them easier for you.

Learning about privacy rights through quizzes in Profila’s app

Profila’s mobile application teaches you about your privacy rights in a gamified way, allowing you to exercise them in just 3 clicks:

1. You choose a brand (logo)
2. You choose one of the rights
3. You include an email identifier, and we take care of all the legal processes to notify the brand.

Then, Profila forwards an email to the brand (with you in copy), specifying your request in legal terms.

According to the law that applies to your relationship with this brand (which is determined based on your country of residence/nationality), the brand will be legally required to respond to you within a reasonable time, often between 15–30 days.

What do these data subject rights have to do with Cardano?

Today, Profila is a commercial company and “moderator” in these rights requests. This means only we can provide proof that your request was sent. If you — or the company that received the request — need access to the data included in the request, you trust that the information in our systems is correct and not tampered with.

❗ Each data subject right (DSR) exercised by an individual using Profila (including the specific terms like which DSR, date, company recipient, specific content/context, and request), is only saved by Profila in our IT environment, and can only be enforced by Profila or its existence proven by Profila.

Therefore, Profila guarantees that the legal request/transaction happened, what terms it contains, whether terms are abided by (e.g., did the business actually respond to the request in time, as they are legally obligated to do).

Both parties involved in the legal request need to trust Profila as third-party custodian of the information relating to the legal right. Today, Profila guarantees this level of trust that a transaction took place, including the terms thereof.

However, we only want to provide consumers with the tools to control their data and have no reason to be in the middle of this people-to-brand interaction. The trust and consensus that a transaction took place or contract was made needs to be validated by the community of users, and the exact information of a specific request needs to only be visible for the individual (you) and the brand concerned (definitely not Profila).

🔗Under our funded Catalyst project, we are tackling this issue by using Cardano’s blockchain to log (in encrypted form) certain information about each specific privacy interaction that you as an individual exercised via the Profila privacy rights management platform:

• Each user that exercises a data subject right with a brand will be able to easily access each such request, including the brands’ response.
• Information you want to access is encrypted and only visible by your own private key (don’t worry, we are making this easier than it sounds).
• Because the Cardano blockchain is immutable, you know the information stored there is correct and not tampered with.

Profila enables you to exercise your data subject rights from one place

How does this work?

Let’s say you exercise your right to object to the processing of your personal data for direct marketing to Wholefoods (or your local supermarket), after receiving 15 mails per week with advertising about new products and discounts (in short: “no more emails with promos please!”).

If several months after this request, Wholefoods doesn’t abide by this request and again starts using your personal data to send you direct marketing messages, you can use the ledger entry as immutable proof of the right you exercised. This way, you can show Wholefoods they breached your right and hold them accountable (unlike the “unsubscribe” buttons you click 10x times, with no proof thereof, and with no effect because mails keep on coming).

You can even use the information in the ledger to file a complaint at a national data protection authority, showing them which instructions you gave to a company or what you agreed to, and how the company actually (mis)used your data. By using your private key, you can give a third party (like a data privacy authority) access to the encrypted information from a certain right request.

You will be able to check every legal instruction you send to a business concerning the use of your personal data, forever. Nobody would be able to tamper with this information.

💪 We call this our “unsubscribe on steroids”, because it allows you to make many different requests to a company about (the use of) your data and — unlike an unsubscribe function in an email, which is only sent to the company — you have immutable proof you took action or gave a clear instruction on a specific date, with actual legal consequences.

When will the project be deployed?

We have finished the first sprints focused on encrypting personal data via public key infrastructure. Of course, we do not want other people to access the blockchain entry without your approval and see what instructions you gave to the brands in your life.

Our initial challenge was to add metadata in an encrypted way to the Cardano blockchain and only allow for the involved parties — namely you as an individual and the company-recipient — to view this data. The initial step or first part of this process has been completed and included a (i) refactoring of the user registration process now including key generation, and then both an (ii) encryption and (iii) decryption process.

This week, we finalized validating the setup of the multiparty encryption of metadata, as well as the local test environment for our Cardano-node. This node will become the communication layer between the Profila app and the Cardano blockchain.

Our proof-of-concept implementation of the multiparty encryption can be found on GitHub, which can be forked and used by the community.

🔜 During the next 2 sprints, we foresee adding this data to the Cardano blockchain and integrate with our app in early November.

Throughout this development process, we are fortunate to have the IOHK professional services team as well as the Cardano community on our side. IOHK has provided us with many hours of valuable insights into their technology and advice on its implementation. The weekly checkup and reporting meetings with the Catalyst teams and with other winning projects gave us valuable insights and feedback.

More about Profila’s projects

If you want to know more about this project, you can follow our progress via GitHub and check out our first reporting video on YouTube. You can also register for the weekly Catalyst Town Halls, where all projects have a change to present their progress and where, later in November, we will provide more progress reports once the integration is final.

Also, we currently have 4 additional projects in the pipeline under Project Catalyst Fund6, which are being voted on between now and 21 October 2021 and already received great scores from the community advisors (average 4,5/5).

All Cardano owners can download the Catalyst voting app and look for the following projects to vote on:

• NFT business models ➡️ NFT for customer feedback/content
• Dapps and Integrations ➡️ Dapp to control/monetize your data
• Atala Prism Adoption ➡️ Control your data (vault) via PRISM
• Metadata ➡️ How often can a brand contact you

Feel free to join the Profila community on:

👉 Discord

👉 Telegram

👉 YouTube

👉 Twitter

👉 LinkedIn

👉 Instagram

💙Learn more about Profila for consumers and brands

🔬 Learn more about Profila’s privacy research project with the University of Luzern’s Blockchain department (and funded by Innosuisse, the Swiss Innovation Agency)