Your address will show here +12 34 56 78
Consumer, Legislation, Personal Data, Privacy, Trending

General Medical Council and doctors’ unions hit out at government’s ‘cavalier approach’ to patient data.

Police forces will be able to “strong-arm” NHS bodies into handing over confidential patient data under planned laws that have sparked fury from doctors’ groups and the UK’s medical watchdog.

Ministers are planning new powers for police forces that would “set aside” the existing duty of confidentiality that applies to patient data held by the NHS and will instead require NHS organisations to hand over data police say they need to prevent serious violence.

Last week, England’s national data guardian, Dr Nicola Byrne, told The Independent she had serious concerns about the impact of the legislation going through parliament, and warned that the case for introducing the sweeping powers had not been made.

Now the UK’s medical watchdog, the General Medical Council (GMC), has also criticised the new law, proposals for which are contained in the Police, Crime and Sentencing Bill, warning it fails to protect patients’ sensitive information and could disproportionately hit some groups and worsen inequalities.

Human rights group Liberty said the proposed law is so broad that police forces will be able to “strong-arm information” from the NHS and other bodies, and that this could include information about people’s health, religious beliefs and political links. It added: “Altogether, these provisions are likely to give rise to significant and severe breaches of individuals’ data rights.”

Under the proposed legislation, which will be debated in the House of Lords in the coming weeks, local health boards will be legally required to provide confidential patient information when it is requested by police. The bill explicitly sets aside the existing common-law duty of confidentiality.

The purpose is to prevent serious violence, but there is already provision to allow patient information to be shared with police where there is a public interest need, such as the threat of violence or preventing a crime. The bill does not set out in detail what kinds of data could be handed over.

Under the proposed new law, police would have the power to demand information regardless of whether the NHS considered it to be in the public interest or not.

Professor Colin Melville, medical director at the GMC, told The Independent: “We are concerned the bill doesn’t protect patients’ sensitive health information and risks undermining the trust at the heart of doctor-patient relationships. We also share concerns held by others that an erosion of this trust may disproportionately affect certain communities and deepen societal inequalities.”

The GMC has raised its objections with the Home Office, which has said that the law will still require organisations to meet data protection rules before sharing any information.

But the doctors’ union, the British Medical Association (BMA), said in a briefing for members of the House of Lords that this would not provide adequate protection.

It said that health information had “long been afforded special legal status, over and beyond the Data Protection Act, in the form of the common-law duty of confidentiality”, which had been upheld by several court cases.

It added that the bill would “override the duty of medical confidentiality, including by legally requiring identifiable health information about individuals to be shared with the police”, saying: “We believe that setting aside of the duty of confidentiality, to require confidential information to be routinely given to the police when requested, will have a highly damaging impact on the relationship of trust between doctors and their patients. A removal of a long-established protection for confidential health information, alongside a broad interpretation of ‘serious crime’, may mean many patients are reluctant or fearful to consult or to share information with doctors,”

Dr Claudia Paoloni, president of the Hospital Consultants and Specialists Association, said the new law would “seriously undermine” the existing trust-based relationship with patients, and would create barriers to them seeking care: “We have significant concerns about what appears to be a cavalier approach to long-held principles, without clear objectives, and which is likely to have unintended consequences. Unless these concerns around individual patient confidentiality can be satisfactorily answered, we believe such powers should be removed from the bill.

“Other than the most serious crimes, which are already covered by precedent on disclosure on public interest grounds, it remains unclear precisely in what way laws to force the release of individuals’ medical records would be used.”

The latest data controversy comes after the NHS was forced to pause plans to share GP patient data with third parties to aid research, after an outcry from some doctors and patients over how the information would be used.

A Home Office spokesperson said: “Appropriate safeguards are in place, and any information shared must be proportionate. The bill makes clear that information can only be shared in accordance with data protection laws.”

Source: https://www.independent.co.uk/news/health/police-nhs-patient-data-bill-b1938998.html

0

Legislation, Personal Data, Privacy, Tech, Trending

The cyberspace pioneer is skeptical about a blockchain-based internet

Web inventor Tim Berners-Lee wants to rescue his creation from centralization. But does he align himself with Web3’s promise of salvation?

At TNW Conference, the computer scientist gave a one-word answer: “Nope.”

That snub may seem to clash with Berners-Lee’s recent actions. The 67-year-old now campaigns to save his “dysfunctional” brainchild from the clutches of Big Tech.

He’s also made a cool $5.4million by selling an NFT — one of Web3’s supposed pillars. But the Brit has his own vision for the web’s successor: a decentralized architecture that gives users control of their data.

Berners-Lee want to build it on a platform he calls Solid — but you can call it Web 3.0.
“We did talk about it as Web 3.0 at one point, because Web 2.0 was a term used for the dysfunction of what happens with user-generated content on the large platforms,” he said.

“People have called that Web 2.0, so if you want to call this Web 3.0, then okay.”

On the blockchain, it just doesn’t work. Berners-Lee shares Web3’s purported mission of transferring data from Big Tech to the people. But he’s taking a different route to the target. While Web3 is based on blockchain, Solid is built with standard web tools and open specifications. Private information is stored in decentralized data stores called “pods,” which can be hosted wherever the user wants. They can then choose which apps can access their data. This approach aims to provide interoperability, speed, scalability, and privacy.

“When you try to build that stuff on the blockchain, it just doesn’t work,” said Berners-Lee.

Source: https://thenextweb.com/news/web-inventor-tim-berners-lee-screw-web3-my-decentralized-internet-doesnt-need-blockchain

0

Consumer, Legislation, Privacy, Tech, Trending
The Digital Services Act will reshape the online world
The EU has agreed on another ambitious piece of legislation to police the online world.

Early Saturday morning, after hours of negotiations, the bloc agreed on the broad terms of the Digital Services Act, or DSA, which will force tech companies to take greater responsibility for content that appears on their platforms. New obligations include removing illegal content and goods more quickly, explaining to users and researchers how their algorithms work, and taking stricter action on the spread of misinformation. Companies face fines of up to 6 percent of their annual turnover for noncompliance.

“The DSA will upgrade the ground-rules for all online services in the EU,” said European Commission President Ursula von der Leyen in a statement. “It gives practical effect to the principle that what is illegal offline, should be illegal online. The greater the size, the greater the responsibilities of online platforms.”

“What is illegal offline, should be illegal online”

Margrethe Vestager, the European Commissioner for Competition who has spearheaded much of the bloc’s tech regulation, said the act would “ensure that platforms are held accountable for the risks their services can pose to society and citizens.”

The DSA shouldn’t be confused with the DMA or Digital Markets Act, which was agreed upon in March. Both acts affect the tech world, but the DMA focuses on creating a level playing field between businesses while the DSA deals with how companies police content on their platforms. The DSA will therefore likely have a more immediate impact on internet users.

Although the legislation only applies to EU citizens, the effect of these laws will certainly be felt in other parts of the world, too. Global tech companies may decide it is more cost-effective to implement a single strategy to police content and take the EU’s comparatively stringent regulations as their benchmark. Lawmakers in the US keen to rein in Big Tech with their own regulations have already begun looking to the EU’s rules for inspiration.

The final text of the DSA has yet to be released, but the European Parliament and European Commission have detailed a number of obligations it will contain:

  1. Targeted advertising based on an individual’s religion, sexual orientation, or ethnicity is banned. Minors cannot be subject to targeted advertising either.
  2. “Dark patterns” — confusing or deceptive user interfaces designed to steer users into making certain choices — will be prohibited. The EU says that, as a rule, canceling subscriptions should be as easy as signing up for them.
  3. Large online platforms like Facebook will have to make the working of their recommender algorithms (used for sorting content on the News Feed or suggesting TV shows on Netflix) transparent to users. Users should also be offered a recommender system “not based on profiling.” In the case of Instagram, for example, this would mean a chronological feed (as it introduced recently).
  4. Hosting services and online platforms will have to explain clearly why they have removed illegal content as well as give users the ability to appeal such takedowns. The DSA itself does not define what content is illegal, though, and leaves this up to individual countries.
  5. The largest online platforms will have to provide key data to researchers to “provide more insight into how online risks evolve.”
  6. Online marketplaces must keep basic information about traders on their platform to track down individuals selling illegal goods or services.
  7. Large platforms will also have to introduce new strategies for dealing with misinformation during crises (a provision inspired by the recent invasion of Ukraine).

The DSA will, like the DMA, distinguish between tech companies of different sizes, placing greater obligations on bigger companies. The largest firms — those with at least 45 million users in the EU, like Meta and Google — will face the most scrutiny. These tech companies have lobbied hard to water down the requirements in the DSA, particularly those concerning targeted advertising and handing over data to outside researchers.

Although the broad terms of the DSA have now been agreed upon by the member states of the EU, the legal language still needs to be finalized and the act officially voted into law. This last step is seen as a formality at this point, though. The rules will apply to all companies 15 months after the act is voted into law, or from January 1st, 2024, whichever is later.


Source: https://www.theverge.com/2022/4/23/23036976/eu-digital-services-act-finalized-algorithms-targeted-advertising
0

Consumer, Legislation, Privacy, Tech, Trending

French regulators have hit Google and Facebook with 210 million euros ($237 million) in fines over their use of “cookies”, the data used to track users online, authorities said Thursday.

US tech giants, including the likes of Apple and Amazon, have come under growing pressure over their [business] practices across Europe, where they have faced massive fines and plans to impose far-reaching EU rules on how they operate.

The 150-million-euro fine imposed on Google was a record by France’s National Commission for Information Technology and Freedom (CNIL), beating a previous cookie-related fine of 100 million euros against the company in December 2020.

Facebook was handed a 60-million-euro fine.

“CNIL has determined that the sites facebook.com, google.fr and (Google-owned) youtube.com do not allow users to refuse the use of cookies as simply as to accept them,” the regulatory body said.

The two platforms have three months to adapt their practices, after which France will impose fines of 100,000 euros per day, CNIL added.

Google told AFP it would change its practices following the ruling. “In accordance with the expectations of internet users… we are committed to implementing new changes, as well as to working actively with CNIL in response to its decision,” the US firm said in a statement.

Cookies are little packets of data that are set up on a user’s computer when they visit a website, allowing web browsers to save information about their session.

They are highly valuable for Google and Facebook as ways to personalise advertising — their primary source of revenue.

But privacy advocates have long pushed back. Since the European Union passed a 2018 law on personal data, internet companies face stricter rules that oblige them to seek the direct consent of users before installing cookies on their computers.

90 notices issued

CNIL argued that Google, Facebook and YouTube make it very easy to consent to cookies via a single button, whereas rejecting the request requires several clicks.

It had given internet companies until April 2021 to adapt to the tighter privacy rules, warning that they would start facing sanctions after that date.

French newspaper Le Figaro was the first to be sanctioned, receiving a fine of 50,000 euros in July for allowing cookies to be installed by advertising partners without the direct approval of users, or even after they had rejected them.

CNIL said recently that it had sent 90 formal notices to websites since April.

In 2020, it inflicted fines of 100 million and 35 million euros respectively on Google and Amazon for their use of cookies.

The fines were based on an earlier EU law, the General Data Protection Regulation, with CNIL arguing that the companies had failed to give “sufficiently clear” information to users about cookies.

Source: https://www.france24.com/en/technology/20220106-france-fines-google-facebook-more-than-%E2%82%AC200-million-for-cookie-breaches

 
0

Consumer, Corporate, Legislation, Personal Data, Privacy, Trending

In September 2021, the Kingdom of Saudi Arabia issued its Personal Data Protection Law to regulate the processing of personal data. The PDPL is the first federal, sector-agnostic data privacy legislation in Saudi Arabia. Organizations will be faced with significant changes to their operations to ensure compliance.

The PDPL comes into effect only 180 days after the publication in the Official Gazette, meaning the law will be effective March 23, subject to the passage of the implementing regulations. For the first two years, it will be enforced under the Saudi Data and Artificial Intelligence Authority, after which a transition to the National Data Management Office will be considered.   

Like other new data protection laws and updates within the broader Middle East and North Africa region, some elements within the PDPL are similar to those of other international data protection regulations. The law also includes numerous unique requirements — such as data transfer and localization requirements — businesses will need to pay careful attention to. Fulfilling these requirements may be operationally burdensome and early planning will be critical to avoid significant setbacks.
The PDPL also includes extraterritorial effect so organizations based outside Saudi Arabia will still be subject to the law and its requirements if they process the personal data of Saudi residents.

What does the law introduce?
The PDPL introduces a number of requirements that could significantly impact how companies in the Kingdom operate. The most notable include:

Registration requirements. 
Data controllers, the organizations that determine the means and purpose of processing of personal data, must register via an electronic portal which includes an annual registration fee.

Records of processing. 
Data controllers must create and maintain a record of how they process personal data, and it must be registered with the SDAIA. Any foreign company operating in the Kingdom and processing personal data of Saudi residents must appoint a local representative. More guidance regarding when this requirement will become effective is forthcoming from the SDAIA. Organizations will also be expected to appoint data officers to manage compliance with the law.

Data subject rights.
Individuals are now provided with new rights to their data, namely that they have the right to information about how their data is processed, the ability to access copies of their data and request corrections, and the right to have their data destroyed. Individuals will also have the right to lodge complaints with the regulatory authority.

Data transfers.
Data transfers outside the Kingdom are only permitted in limited circumstances. However, even if the transfer meets one of the permitted exceptions, the data controller must receive approval by an appropriate government authority, amongst other conditions.

The principal legal basis for processing under the law is consent. Personal data may only be processed without consent in certain circumstances. Individuals will also have the right to withdraw their consent to the processing of their personal data. Importantly, data controllers must also have prior consent of individuals to send direct marketing and must provide an opt-out mechanism.

Impact assessments.
Data controllers must assess projects, products and services to identify data protection risks posed to individuals.

Privacy notice.
Data controllers must implement a privacy notice specifying how data will be processed prior to collecting personal data from individuals.

Breach notification.
Data controllers will be expected to report data breaches to the regulatory authority as soon as they become aware of an incident.

Sensitive data.
Information such as genetic, health, credit and financial data will fall under scope of the law. This data is also likely to be subject to additional regulation.

So how do we prepare?
Like most compliance efforts, early preparation is essential, especially to achieve compliance with some of the more onerous requirements detailed in the PDPL. As a priority, organizations should follow this six-point plan:

Step 1: Understand the data. 
Organizations must understand what data they hold, how it is used and who it is shared with. This can be accomplished by creating a record of processing activities to trace data through the information lifecycle. This document can be used as a single source of truth and to inform other compliance activities.

Step 2: Establish governance. 
Identifying local representatives where appropriate and appointing data officers will be an essential step. These individuals should be integrated into existing data protection or security networks of governance to enable the successful communication and escalation of risks.

Step 3: Create policies and procedures.
Policies and processes must be updated to reflect the new data protection responsibilities, including procedural guidance for responding to data subject rights requests and issuing data breach notifications. Policy refreshes must also address the assessment of data protection and security standards in place among third parties.

Step 4: Implement and test breach plans.
Organizations need a robust data breach plan that articulates each step involved in responding to a breach, the individuals and teams involved, and the timelines to complete each step. Testing your plan will help to ensure your teams are cohesive and ready should an actual incident occur.

Step 5: Identify international data transfers.
Using the ROPAs as a starting point, organizations should seek to understand what data is transferred internationally and where it is transferred to. This includes understanding how limitations in the law may affect these transfers and beginning to adopt strategies for compliance.

Step 6: Provide training and change management.
Training is an effective tool to develop a sustainable culture of compliance. To complement training activities, organizations should consider identifying change management strategies to help ensure that the compliance activities are embedded successfully.

Source: https://iapp.org/news/a/how-to-prepare-for-saudi-arabias-personal-data-protection-law/?mkt_tok=MTM4LUVaTS0wNDIAAAGDqUdxDYhqkPyxHyko4ed2GyuwzheNwgSQ4hjNmCZTuv7-CU3tAAeMAcWRZ2fJ_tz3KavvmN2VgSlfxV0ldu0m9vyZRLP9mlWHgKIaDzpqn31-

0

Consumer, Legislation, Personal Data, Privacy, Trending

Many businesses collect data for multifold purposes. Here’s how to know what they’re doing with your personal data and whether it is secure.


As technologies that capture and analyze data proliferate, so, too, do businesses’ abilities to contextualize data and draw new insights from it. Artificial intelligence is a critical tool for data capture, analysis, and collection of information that many businesses are using for a range of purposes, including better understanding day-to-day operations, making more informed business decisions and learning about their customers.

Customer data is a focus area all its own. From consumer behavior to predictive analytics, companies regularly capture, store, and analyze large amounts of quantitative and qualitative data on their consumer base every day. Some companies have built an entire business model around consumer data, whether they’re companies selling personal information to a third party or creating targeted ads. Customer data is big business.

Here’s a look at some of the ways companies capture consumer data, what exactly they do with that information, and how you can use the same techniques for your own business purposes.

Types of consumer data businesses collect

The consumer data that businesses collect can be broken down into four categories: 

Personal data. This category includes personally identifiable information such as Social Security numbers and gender as well as nonpersonally identifiable information, including your IP address, web browser cookies, and device IDs (which both your laptop and mobile device have).

Engagement data. This type of data details how consumers interact with a business’s website, mobile appstext messages, social media pages, emails, paid ads and customer service routes

Behavioral data. This category includes transactional details such as purchase histories, product usage information (e.g., repeated actions), and qualitative data (e.g., mouse movement information).

Attitudinal data. This data type encompasses metrics on consumer satisfaction, purchase criteria, product desirability and more. 

How do businesses collect your data?

Companies capture data in many ways from many sources. Some collection methods are highly technical in nature, while others are more deductive (although these processes often employ sophisticated software).

The bottom line, though, is that companies are using a cornucopia of collection methods and sources to capture and process customer data on metrics, with interest in types of data ranging from demographic data to behavioral data, said Liam Hanham, data science manager at Workday. 

“Customer data can be collected in three ways: by directly asking customers, by indirectly tracking customers, and by appending other sources of customer data to your own,” said Hanham. “A robust business strategy needs all three.”

Businesses are adept at pulling in all types of data from nearly every nook and cranny. The most obvious places are from consumer activity on their websites, social media pages, through customer phone calls and live chats, but there are some more interesting methods at work as well.

One example is location-based advertising, which utilizes tracking technologies such as an internet-connected device’s IP address (and the other devices it interacts with – your laptop may interact with your mobile device and vice versa) to build a personalized data profile. This information is then used to target users’ devices with hyper-personalized, relevant advertising.

Companies also dig deep into their customer service records to see how customers have interacted with their sales and support departments in the past. Here, they are incorporating direct feedback about what worked and what didn’t, what a customer liked and disliked, on a grand scale.

Besides collecting information for business purposes, companies that sell personal information and other data to third-party sources have become commonplace. Once captured, this information is regularly changing hands in a data marketplace of its own.

Turning data into knowledge

Capturing large amounts of data creates the problem of how to sort through and analyze all that data. No human can reasonably sit down and read through line after line of customer data all day long, and even if they could, they probably wouldn’t make much of a dent. Computers, however, sift through this data more quickly and efficiently than humans, and they can operate 24/7/365 without taking a break.

As machine learning algorithms and other forms of AI proliferate and improve, data analytics becomes an even more powerful field for breaking down the sea of data into manageable tidbits of actionable insights. Some AI programs will flag anomalies or offer recommendations to decision-makers within an organization based on the contextualized data. Without programs like these, all the data captured in the world would be utterly useless.


How do businesses use your data?

There are several ways companies use the consumer data they collect and the insights they draw from that data.

To improve the customer experience.

For many companies, consumer data offers a way to better understand and meet their customers’ demands. By analyzing customer behavior, as well as vast troves of reviews and feedback, companies can nimbly modify their digital presence, goods, or services to better suit the current marketplace.

Not only do companies use consumer data to improve consumer experiences as a whole, but they use data to make decisions on an individualized level, said Brandon Chopp, digital manager for iHeartRaves.

“Our most important source of marketing intelligence comes from understanding customer data and using it to improve our website functionality,” Chopp said. “Our team has improved the customer experience by creating customized promotions and special offers based on customer data. Since each customer is going to have their own individual preferences, personalization is key.”

1: To refine a company’s marketing strategy

Contextualized data can help companies understand how consumers are engaging with and responding to their marketing campaigns, and adjust accordingly. This highly predictive use case gives businesses an idea of what consumers want based on what they have already done. Like other aspects of consumer data analysis, marketing is becoming more about personalization, said Brett Downes, SEO manager at Ghost Marketing.

“Mapping users’ journeys and personalizing their journey, not just through your website but further onto platforms like YouTube, LinkedIn, Facebook, or on to any other website, is now essential,” Downes said. “Segmenting data effectively allows you to market to only the people you know are most likely to engage. These have opened up new opportunities in industries previously very hard to market to.”

2: To transform the data into cash flow

Companies that capture data stand to profit from it. Data brokers, or data service providers that buy and sell information on customers, have risen as a new industry alongside big data. For businesses that capture large amounts of data, collecting information and then selling it  represent opportunities for new revenue streams.

For advertisers, having this information available for purchase is immensely valuable, so the demand for more and more data is ever increasing. That means the more disparate data sources data brokers can pull from to package more thorough data profiles, the more money they can make by selling this information to one another and advertisers.

3: To secure more data

Some businesses even use consumer data as a means of securing more sensitive information. For example, banking institutions sometimes use voice recognition data to authorize a user to access their financial information or protect them for fraudulent attempts to steal their information.

These systems work by marrying data from a customer’s interaction with a call center, machine learning algorithms, and tracking technologies that can identify and flag potentially fraudulent attempts to access a customer’s account. This takes some of the guesswork and human error out of catching a con.

As data capture and analytics technologies become more sophisticated, companies will find new and more effective ways to collect and contextualize data on everything, including consumers. For businesses, doing so is essential to remain competitive well into the future; failing to do so, on the other hand, is like running a race with your legs tied together. Insight is king, and insight in the modern business environment is gleaned from contextualized data.

4: Data privacy regulations

So much consumer data has been captured and analyzed that governments are crafting strict data and consumer privacy regulations designed to give individuals a modicum of control over how their data is used. The European Union’s General Data Protection Requirements (GDPR) lays out the rules of data capture, storage, usage, and sharing for companies, and GDPR regulation and compliance doesn’t just matter for European countries – it’s a law applicable to any business that targets or collects the personal data of EU citizens.

Data privacy has made it to the U.S. in the form of the California Consumer Privacy Act (CCPA). The CCPA is, in some ways, similar to GDPR regulation but differs in that it requires consumers to opt out of data collection rather than putting the onus on service providers. It also names the state as the entity to develop applicable data law rather than a company’s internal decision-makers.

Data privacy regulations are changing the way businesses capture, store, share and analyze consumer data. Businesses that are so far untouched by data privacy regulations can expect to have a greater legal obligation to protect consumers’ data as more consumers demand privacy rights. Data collection by private companies, though, is unlikely to go away; it will merely change in form as businesses adapt to new laws and regulations.

Source: https://www.businessnewsdaily.com/10625-businesses-collecting-data.html

0

Consumer, Personal Data, Privacy, Trending
Two-sided opt-in requires both the merchant making a sale and the consumer requesting their data to opt-in for the exchange. No data is shared unless both consumer and merchant opt-in to the bank, credit card issuer, or consumer-facing app to request the data.

During the past few decades, consumers have learned to understand the difference between opt-in, opt-out, and even double opt-in processes. Millions of people sign up for online platforms or services by providing their personally identifiable information (PII). Consumers offer their data in exchange for offers, subscriptions, and basic services.
As subscribers, consumers expect to receive some security in exchange for sharing an email address. The simplest form is a second opt-in, which created the “double opt-in” standard, which provides explicit permission from the consumer. This happens, for example, when one downloads an app on a mobile device. Consumers often grant that permission reflexively, and many are unaware that this double opt-in is the de-facto standard.

Going beyond double opt-in

Most consumers understand that banks and other companies own their data when they sign up or check a box to agree to their terms. In turn, the companies that own the credit and debit cards that consumers carry in their wallets can use the spending data in ways regulated by the outlined agreement within the terms of services to which both parties agreed.
But today’s consumers are demanding more from these relationships. They want more control over their data. It’s not enough to earn 1% cash back on purchases or use points for travel. Instead, they want to pick the partners that access their data based on their best interests.

Companies like Klarna, the Swedish fintech (financial technology) company, capitalize on this trend by building bespoke relationships with retailers and creating special “buy now, pay later” offers for consumers. This strategy enables the consumer to bypass building new relationships with each retailer because Klarna has that covered. Such transactions can happen because Klarna “opted in” to the retailer’s API. In contrast, the consumer needs to only “opt-in” to the credit card issuer, or in this case Klarna, to allow data to be shared.
New middleware is coming that will enable merchants to provide receipt data related to consumer transactions. This data can be delivered directly to financial institutions (banks, credit-card companies, etc.) without requiring merchants to engage directly with each financial entity for pre-approved use cases. This middleware receives the receipt data from the merchant through its proprietary API or standard batch process and can then offer it to the financial institution. The financial institution can then execute the use case by issuing credit for card-linked offers or displaying the receipt within the banking app.

What is two-sided opt-in?

Two-sided opt-in requires both the merchant making a sale and the consumer requesting their data to opt-in for the exchange. No data is shared unless both consumer and merchant opt-in to the bank, credit card issuer, or consumer-facing app to request the data. Two-sided opt-in also places control for the interaction squarely in the hands of those involved in the transaction. And it will provide enormous benefits to consumers and retailers.

Consumers will no longer need paper receipts. Instead, they will be able to see each product in their credit card’s electronic item-detail history instead of the aggregated transactions and purchase totals that appear now. Consumers will also be directly notified of product recalls and can manage returns easily through an app instead of searching for an itemized paper receipt.
But the benefits for retailers are even more robust. Retailers utilizing two-sided opt-in will create a new revenue stream. Their customers will view product transactions down to the SKU-level — an ability that benefits every retailer, large and small. Even small retailers who leverage this data to create new revenue streams can see profits in the thousands of dollars per month. Larger retailers will build new revenue streams in the millions.

Through this technology, retailers will gain insights into consumer behavior, leading to new opportunities to market using far more granular trend analysis and deeper data. Savvy retailers will increase the effectiveness of their marketing spend by leveraging SKU-level data to deliver highly personalized, consumer-focused experiences.

The triangle of benefit: retailers, fintechs, and consumers.

This triangle of benefit will soon become the standard, as retailers drive more revenue from data they had never been able to monetize while getting closer to their consumers. Banks and fintechs can gain more control over each transaction and be able to market against them. And consumers can eschew paper receipts and enjoy more transparency and control over their experience and finances.

It all starts with the new privacy standard of two-sided opt-in.

Source: https://www.digitalcommerce360.com/2021/08/31/why-two-sided-opt-in-will-become-the-new-standard/
0

Consumer, Corporate, Personal Data, Privacy, Trending

InfoSum, a startup which takes a federated approach to third-party data enrichment, has launched a new product (called InfoSum Bridge) that it says significantly expands the customer identity linking capabilities of its platform.

“InfoSum Bridge incorporates multiple identity providers across every identity type — both online and offline, in any technical framework — including deterministic, probabilistic, and cohort-level matches,” it writes in a press release.

It’s also disclosing some early adopters of the product — naming data-for-ads and data-aggregator giants Merkle, MMA and Experian as dipping in.


The idea being they can continue to enrich (first-party) data by being able to make linkages, via InfoSum’s layer, with other “trusted partners” that may have gleaned more tidbits of info on those self-same users.

InfoSum says it has 50 enterprise customers using InfoSum Bridge at this point. The three companies it’s named in the release all play in the digital marketing space.

The 2016-founded startup (then called CognitiveLogic) sells customers a promise of “privacy-safe” data enrichment run via a technical architecture that allows queries to be run — and insights gleaned — across multiple databases, yet maintains each pot as a separate silo. This means the raw data isn’t being passed around between interested entities. 

Why is that important? Third-party data collection is drying up, after one (thousand) too many privacy scandals in recent years — coming with the legal risk attached to background trading of people’s data as a result of data protection regimes like Europe’s General Data Protection Regulation.


That puts the spotlight squarely on first-party data. However, businesses whose models have been dependent on access to big data about people — i.e. being able to make scores of connections by joining up information on people from different databases/sources (aka profiling) — are unlikely to be content with relying purely on what they’ve been able to learn by themselves.

This is where InfoSum comes in, billing itself as a “neutral data collaboration platform”.

Companies that may have been accustomed to getting their hands on lashings of personal data in years past, as a result of rampant, industry-wide third-party data collection (via technologies like tracking cookies) combined with (ehem) lax data governance — are having to cast around for alternatives. And that appears to be stoking InfoSum’s growth.

And on the marketing front, remember, third-party cookies are in the process of going away as Google tightens that screw…

“We are growing faster than Slack (at equivalent stage e.g. Series A->B) because we are the one solution that is replacing the old way of doing things,” founder Nick Halstead tells TechCrunch. “Experian, Liveramp, Axciom, TransUnion, they all offer solutions to take your data. InfoSum is offering the equivalent of the ‘Cisco router for customer data’ — we don’t own the data we are just selling boxes to make it all connect.”

“The announcement today — ‘InfoSum Bridge’ — is the next generation of building the ultimate network to ‘Bridge the industry chasm’ it has right now of hundreds of competing IDs, technical solutions and identity types, bringing a infrastructure approach,” he adds.

We took a deep dive into InfoSum’s first product back in 2018 — when it was just offering early adopters a glimpse of the “art of the possible”, as it put it then.

Three+ years on it’s touting a significant expansion of its pipeline, having baked in support for multiple ID vendors/types, as well as adding probabilistic capabilities (to do matching on users where there is no ID).

Per a spokesman: “InfoSum Bridge is an extension of our existing and previous infrastructure. It enables a significant expansion of both our customer identity linking, and the limits of what is possible for data collaboration in a secure and privacy-focused manner. This is a combination of new product enhancements and announcement of partnerships. We’ve built capabilities to support across all ID vendors and types but also probabilistic and support for those publishers with unauthenticated audiences.”

InfoSum bills its platform as “the future of identity connectivity”. Although, as Halstead notes, there is now growing competition for that concept, as the adtech industry scrambles to build out alternative tracking systems and ID services ahead of Google crushing their cookies for good.

But it’s essentially making a play to be the trusted, independent layer that can link them all.

Exactly what this technical wizardry means for internet users’ privacy is difficult to say. If, for example, it continues to enable manipulative microtargeting, that’s hardly going to sum to progress.

InfoSum has previously told us its approach is designed to avoid individuals being linked and identified via the matching — with, for example, limits placed on the bin sizes. Although its platform is also configurable (which puts privacy levers in its customers hands). Plus there could be edge cases where overlapped data sets result in a 100% match for an individual. So a lot is unclear.

The security story looks cleaner, though.

If the data is properly managed by InfoSum (and it touts “comprehensive independent audits”, as well as pointing to the decentralized architecture as an advantage) that’s a big improvement on — at least — one alternative scenario of whole databases being passed around between businesses which may be (to put it politely) disinterested in securing people’s data themselves.

InfoSum’s PR includes the three canned quotes (below) from the trio of marketing industry users it’s disclosing today.

All of whom sound very happy indeed that they’ve found a way to keep their “data-driven” marketing alive while simultaneously getting to claim it’s “privacy-safe”…

John Lee, Global Chief Strategy Officer, Merkle: “The conversation around identity is continuing to be top of mind for marketers across the industry, and as the landscape rapidly changes, it’s essential that brands have avenues to work together using first-party identity and data in a privacy-safe way. The InfoSum Bridge solution provides our clients and partners a way to collaborate using their first-party data, resolved to Merkury IDs and data, with even greater freedom and confidence than with traditional clean room or safe haven approaches.”

Lou Paskalis, Chairman, MMA Global Media and Data Board: “As marketers struggle to better leverage their first-party data in the transition from the cookie era to the consent era, I would have expected more innovative solutions to emerge.  One bright spot is InfoSum, which offers a proprietary technology to connect data, yet never share that data. This is the most customer-friendly and compliant technology that I’ve seen that enables marketers to fully realize the true potential of their first party data. What InfoSum has devised is an elegant way to respect consumers’ privacy choices while enabling marketers to realize the full benefit of their first party data.”

Colin Grieves, Managing Director Experian: “At Experian we are committed to a culture of customer-centric data innovation, helping develop more meaningful and seamless connections between brands and their audiences. InfoSum Bridge gives us a scalable environment for secure, data connectivity and collaboration. Bridge is at the core of the Experian Match offering, which allows brands and publishers alike the ability to understand and engage the right consumers in the digital arena at scale, whilst safeguarding consumer data and privacy.”

Thing is, clever technical architecture that enables big data fuelled modelling and profiling of people to continue, via pattern matching to identify “lookalike” customers who can (for example) be bucketed and targeted with ads, doesn’t actually sum to privacy as most people would understand it… But, for sure, impressive tech architecture guys.

The same issue attaches to FloCs, Google’s proposed replacement for tracking cookies — which also relies on federation (and which the EFF has branded a “terrible idea”, warning that such an approach actually risks amplifying predatory targeting).

The tenacity with which the marketing industry seeks to cling to microtargeting does at least underline why rights-focused regulatory oversight of adtech is going to be essential if we’re to stamp out systematic societal horrors like ads that scale bias by discriminating against protected groups, or the anti-democratic manipulation of voters that’s enabled by opaque targeting and hyper-targeted messaging, circumventing the necessary public scrutiny.

Tl;dr: Privacy is not just important for the individual. It’s a collective good. And keeping that collective commons safe from those who would seek to exploit it — for a quick buck or worse — is going to require a whole other type of oversight architecture.

Source: https://techcrunch.com/2021/06/10/infosum-outs-an-identity-linking-tool-thats-exciting-marketing-firms-like-experian/

0

Tech, Trending

If you’re reading this then you are a participant in the modern web. The web we are experiencing today is much different than what it was just 10 years ago. How has the web evolved, and more importantly – where is it going next? Also, why do any of these things matter?

If history has taught us anything, these changes will matter a lot.

In this article, I will lay out how the web has evolved, where’s it going next, and why this matters.

Think about how the internet affects your life on a daily basis. Consider how society has changed as a result of the internet. Social media platforms. Mobile apps. And now the internet is going through another paradigm shift as we speak.

The Evolution of the Web

The web has evolved a lot over the years, and the applications of it today are almost unrecognizable from its most early days. The evolution of the web is often partitioned into three separate stages: Web 1.0, Web 2.0, and Web 3.0.

What is Web 1.0?

Web 1.0 was the first iteration of the web. Most participants were consumers of content, and the creators were typically developers who build websites that contained information served up mainly in text or image format. Web 1.0 lasted approximately from 1991 to 2004.

Web 1.0 consisted of sites serving static content instead of dynamic HTML. Data and content were served from a static file system rather than a database, and sites didn’t have much interactivity at all.

You can think of Web 1.0 as the read-only web.

What is Web 2.0?

Most of us have primarily experienced the web in its current form, commonly referred to as web2. You can think of web2 as the interactive and social web.

In the web2 world, you don’t have to be a developer to participate in the creation process. Many apps are built in a way that easily allows anyone to be a creator.

If you want to craft a thought and share it with the world, you can. If you want to upload a video and allow millions of people to see it, interact with it, and comment on it, you can do that too.

Web2 is simple, really, and because of its simplicity more and more people around the world are becoming creators.

The web in its current form is really great in many ways, but there are some areas where we can do a lot better.

Web 2.0 Monetization and Security

In the web2 world, many popular apps are following a common pattern in their life cycles. Think of some of the apps that you use on a daily basis, and how the following examples might apply to them.

Monetization of Apps

Imagine the early days of popular applications like Instagram, Twitter, LinkedIn, or YouTube and how different they are today. The process usually goes something like this:

  1. Company launches an app

  2. It onboards as many users as possible

  3. Then it monetizes its user base

When a developer or company launches a popular app, the user experience is often very slick as the app continues rising in popularity. This is the reason they are able to gain traction quickly in the first place.

At first, many software companies do not worry about monetization. They strictly focus on growth and on locking in new users – but eventually they have to start turning a profit.

They also need to consider the role of outside investors. Often the constraints of taking on things like venture capital negatively affect the life cycle, and eventually the user experience, of many applications that we use today.

If a company building an application takes in venture capital, its investors often expect a return on investment in the order of magnitude of tens or hundreds of what they paid in.

This means that, instead of going for some sustainable model of growth that they can sustain in a somewhat organic manner, the company is often pushed towards two paths: advertisements or selling personal data.

For many web2 companies like Google, Facebook, Twitter, and others, more data leads to more personalized ads. This leads to more clicks and ultimately more ad revenue. The exploitation and centralization of user data is core to how the web as we know and use it today is engineered to function.

Security and privacy

Web2 applications repeatedly experience data breaches. There are even websites dedicated to keeping up with these breaches and telling you when your data has been compromised.

In web2, you don’t have any control over your data or how it is stored. In fact, companies often track and save user data without their users’ consent. All of this data is then owned and controlled by the companies in charge of these platforms.

Users who live in countries where they have to worry about the negative consequences of free speech are also at risk.

Governments will often shut down servers or seize bank accounts if they believe a person is voicing an opinion that goes against their propaganda. With centralized servers, it is easy for governments to intervene, control, or shut down applications as they see fit.

Because banks are also digital and under centralized control, governments often intervene there as well. They can shut down access to bank accounts or limit access to funds during times of volatility, extreme inflation, or other political unrest.

Web3 aims to solve many of these shortcomings by fundamentally rethinking how we architect and interact with applications from the ground up.

What is Web 3.0?

There are a few fundamental differences between web2 and web3, but decentralization is at its core.

Web3 enhances the internet as we know it today with a few other added characteristics. web3 is:

  • Verifiable

  • Trustless

  • Self-governing

  • Permissionless

  • Distributed and robust

  • Stateful

  • Native built-in payments


In web3, developers don’t usually build and deploy applications that run on a single server or that store their data in a single database (usually hosted on and managed by a single cloud provider).

Instead, web3 applications either run on blockchains, decentralized networks of many peer to peer nodes (servers), or a combination of the two that forms a cryptoeconomic protocol. These apps are often referred to as dapps (decentralized apps), and you will see that term used often in the web3 space.

To achieve a stable and secure decentralized network, network participants (developers) are incentivized and compete to provide the highest quality services to anyone using the service.


When you hear about web3, you’ll notice that cryptocurrency is often part of the conversation. This is because cryptocurrency plays a big role in many of these protocols. It provides a financial incentive (tokens) for anyone who wants to participate in creating, governing, contributing to, or improving one of the projects themselves.

These protocols may often offer a variety of different services like compute, storage, bandwidth, identity, hosting, and other web services commonly provided by cloud providers in the past.

People can make a living by participating in the protocol in various ways, in both technical and non-technical levels.


Consumers of the service usually pay to use the protocol, similarly to how they would pay a cloud provider like AWS today. Except in web3, the money goes directly to the network participants.

In this, like in many forms of decentralization, you’ll see that unnecessary and often inefficient intermediaries are cut out.

Many web infrastructure protocols like Filecoin, Livepeer, Arweave, and The Graph (which is what I work with at Edge & Node) have issued utility tokens that govern how the protocol functions. These tokens also reward participants at many levels of the network. Even native blockchain protocols like Ethereum operate in this manner.


Native payments

Tokens also introduce a native payment layer that is completely borderless and frictionless. Companies like Stripe and Paypal have created billions of dollars of value in enabling electronic payments.

These systems are overly complex and still do not enable true international interoperability between participants. They also require you to hand over your sensitive information and personal data in order to use them.


Crypto wallets like MetaMask and Torus enable you to integrate easy, anonymous, and secure international payments and transactions into web3 applications.

Networks like Solana offer several hundred digit millisecond latency and transaction costs of a small fraction of a penny. Unlike the current financial system, users do not have to go through the traditional numerous, friction-filled steps to interact with and participate in the network. All they need to do is download or install a wallet, and they can start sending and receiving payments without any gatekeeping.

A new way of building companies

Tokens also brings about the idea of tokenization and the realization of a token economy.

Take, for example, the current state of building a software company. Someone comes up with an idea, but in order to start building they need money in order to support themselves.

To get the money, they take on venture capital and give away a percentage of the company. This investment immediately introduces mis-aligned incentives that will, in the long run, not align well with building out the best user experience.

Also, if the company ever does become successful, it will take a very long time for anyone involved to realize any of the value, often leading to years of work without any real return on investment.

Imagine, instead, that a new and exciting project is announced that solves a real problem. Anyone can participate in building it or investing in it from day one. The company announces the release of x number of tokens, and give 10% to the early builders, put 10% for sale to the public, and set the rest aside for future payment of contributors and funding of the project.

Stakeholders can use their tokens to vote on changes to the future of the project, and the people who helped build the project can sell some of their holdings to make money after the tokens have been released.

People who believe in the project can buy and hold ownership, and people who think the project is headed in the wrong direction can signal this by selling their stake.

Because blockchain data is all completely public and open, purchasers have complete transparency over what is happening. This is in contrast to buying equity in private or centralized businesses where many things are often cloaked in secrecy.

This is already happening in the web3 space.

One example is the app Radicle (a decentralized GitHub alternative) which allows stakeholders to participate in the governance of their project. Gitcoin is another that allows developers to get paid in cryptocurrency for jumping in and working on Open Source issues. Yearn allows stakeholders to participate in decision making and voting on proposals. Uniswap, SuperRare, The Graph, Audius, and countless other protocols and projects have issued tokens as a way to enable ownership, participation, and governance.

DAOs (Decentralized Autonomous Organizations), which offer an alternative way to build what we traditionally thought of as a company, are gaining tremendous momentum and investment from both traditional developers and venture capital firms.

These types of organizations are tokenized and turn the idea of organizational structure on its head, offering real, liquid, and equitable ownership to larger portions of stakeholders and aligning incentives in new and interesting ways.

For example, Friends with Benefits is a DAO of web3 builders and artists, is about a year old, has a market cap of around $125 million as of this writing, and recently received a $10 million round of investment from a16z.

DAOs could encompass an entire post in and of themselves, but for now I’ll just say that I think that they are the future of building products and (what we in the past thought of as) companies. Here is a good post outlining the current DAO landscape.

How Identity Works in Web3

In web3, Identity also works much differently than what we are used to today. Most of the time in web3 apps, identities will be tied to the wallet address of the user interacting with the application.

Unlike web2 authentication methods like OAuth or email + password (that almost always require users to hand over sensitive and personal information), wallet addresses are completely anonymous unless the user decides to tie their own identity to it publicly.

If the user chooses to use the same wallet across multiple dapps, their identity is also seamlessly transferable across apps, which lets them build up their reputation over time.

Protocols and tools like Ceramic and IDX already allow developers to build self-sovereign identity into their applications to replace traditional authentication and identity layers. The Ethereum foundation also has a working RFP for defining a specification for “Sign in with Ethereum” which would help provide a more streamlined and documented way to do this going forward. This is also a good thread that outlines some of the ways that this would enhance traditional authentication flows.


Source: https://www.freecodecamp.org/news/what-is-web3/

0

Corporate, Marketing, Tech, Trending

Today InfoScout announced the launch of their company and their analytics dashboard for Consumer Packaged Goods (CPG) marketers. Bain Capital Ventures, along with Founder Collective and Dunnhumby Ventures, led a $5M Series A funding round in the company. We are thrilled to be partnering with the InfoScout founders, Jared and Jon, along with the entire InfoScout team.

We’ve discussed in the past here and here the rise of Marketing as the next great function in enterprise technology. A new wave of startups is leveraging Big Data and cloud computing to deliver incredible power to CMOs, giving them access to real-time insights and helping them drive faster, more data-driven decisions. InfoScout is leading this trend in the CPG industry where the marketing challenge is even more acute since the CPG brands don’t’ have direct access to the customer data (this is owned by the retailers) and the customer purchases take place primarily offline.

Given the lack of access to customer data, the 4 trillion-dollar industry of Consumer Packaged Goods (CPG) spends tens of billions of dollars on market research, syndicated data, and panel data to determine which products are selling to whom and why. For instance, why are a particular cereal brand’s sales declining? Are households substituting the brand for a private label brand? Are they shifting to other breakfast substitutes such as yogurt and granola bars? Or, are they simply eating less breakfast? Retail point of sale (POS) data is helpful for understanding aggregate SKU sales by retailer but sheds zero light on the behavior of individual consumers or segments of households.

The incumbent market research firms have tried to solve this problem by conducting surveys of households or by building panels of families who have to “self-report” their purchase behavior with the assistance of proprietary hardware solutions. The problem with the legacy data providers is that their solutions are typically not real-time (they often are one to two quarters behind); they have significant underlying data problems because they rely on human recollection and require significant reporting effort; and their solutions require significant professional services and consulting support to use.

InfoScout is entering this market with a disruptive solution – the first module of which they are launching today. With InfoScout’s dashboard, marketers at retailers and brands can access real-time household purchase data built on fifteen million offline receipts captured a year (via smartphones) containing 100 million SKU-level purchases with accurate prices and descriptions. The marketers can review and manipulate this data in an easy to use web and mobile interface – no coding, no data consultants, and no data warehouse folks required. Brand managers, shopper marketing analysts, CMOs, and CEOs can now for the first time (without calling a data jockey internally) see how their new product launches are performing instantly; how their marketing campaigns are affecting household buyer behavior; how competitor’s launches are impacting their sales; and whether these insights are consistent by demographic and geographic segment. In addition, because InfoScout has the richest data solution for offline CPG purchase data, these marketers can drill into granular levels of analysis that were never before possible.


Source: https://ajayagarwal.net/2013/10/21/big-data-meets-marketing-again-this-time-in-the-world-of-offline-cpg/

0