Rating Assurance & Certification

Applications are rated and reviewed before they go live

Purpose

The HAT Community Foundation Network-Enabled Application (NEA) Data Conduct and Rating Assurance and Certification (DaCRAC) is the review of a set of practices by an NEA that is transparently declared to enable a standardised risk assessment and rating of the app to be conducted.

Scope

The DaCRAC standard gives recommendations for developers of NEAs using the Dataswyft platform. It includes a set of quality criteria and covers the application's data conduct and the way data flows are orchestrated on the platform.

The DaCRAC standard only covers the treatment of self-dovereign data.

The Rating Assurance and Certification

Every NEA generates data when a user interacts with it, resulting in the data being stored somewhere. For applications on the Dataswyft platform, the application owner chooses where to store the data; whether it is on a device, in the application’s server, or within a Data Account. The decision of what data, where, and how personal data is stored will be rated by the Dataswyft Rating system using three characters:

First character: Access

The first character specifies where the data is stored: either, on the Data Account, both on the Data Account and the app server, or only on the app server. This character also declares if any Personally Identifiable Information (PII), such as email address, is collected or stored on the app server. If the organisation has rights to retrieve the information e.g. through a contracted Data Account, it is still only for the designated namespaçe. All other namespaces of the database are still private to the Data Account holder. For example, an organisation – let’s call it “Wood Factory” – using Data Accounts for their HR records has C as its first character. This indicates that the organisation does have access to the PII inside their employees' Data Accounts as they have credentials for access into the Wood Factory namespace. Should any individual leave Wood Factory, the organisation credentials would be terminated but the individual as the Data Account holder may be allowed to keep the data within the namespace.

The second character: Conditions

The second character specifies if the application imposes a condition on the user for the data's reuse and re-sharing. Some applications may choose to impose legal restrictions on re-sharing or technical restrictions for re-sharing (such as encryption).

The third character: Completeness

The third character specifies how complete the data is within the Data Account. This includes what may not normally be personal data e.g. the app's metadata, but would still be user-generated.

Merchants declare their rating according to the rating system specified by the HAT Community Foundation when they submit their application for review. The ratings are shown to all Data Account holders on the screen where they agree to the data contract. The Rating Assurance provides individuals with confidence that the website/application displaying the assurance has declared their treatment of personal data on the basis of the standards set out below. This rating assurance is not verified by Dataswyft. Merchants may choose to go beyond the assurance and be certified by the HAT Community Foundation. To achieve the Dataswyft Rating Certification, websites/applications must subject their code to periodic audit to verify that it consistently adheres to the rating declared.

A+ : The app or data debit request does not require any data from the Data Account holder. This is usually the case for apps that only write data into the Data Account like data plugs e.g. Facebook data plug

A+: The app does not impose any conditions on the reuse and/or re-sharing of the data generated by the app that has been written into the Data Account.

A+: The data contributed by the app into the Data Account is more than complete i.e. all the data generated by the Data Account holder within the app is contributed back into the Data Account. The app also licenses other data back to the user such as metadata, descriptions and images to make the data more understandable.

A: The app(s) reads data from the Data Account but it does not store the data anywhere outside the Data Account, except for performance and caching purposes OR that the data stored outside the Data Account cannot be identifiable.

A: The app imposes conditions on the reuse and/or re-sharing of the data generated by the app for legal purposes, e.g. protection of minors. OR the app does not contribute any data to the app.

A: The data contributed by the app into the Data Account is complete i.e. data generated by the Data Account holder within the app is not all contributed back into the Data Account (within performance limits).

B: The app(s) requires data from the Data Account and will store data outside the Data Account but within its own app service. It will not transfer the data anywhere else and this is expressly stated under its legal terms and conditions.

B: The app imposes conditions on the reuse and/or re-sharing of the data generated by the app that has been written into the Data Account e.g. it is encrypted etc.

B: The data contributed by the app into the Data Account is complete i.e. data generated by the Data Account holder within the app is not all contributed back into the Data Account. This is the case when pseudonymised data or metadata of the person is kept by the app but not contributed back to the Data Account holder.

C: The app(s) will store data outside the Data Account and may transfer the data elsewhere for analysis purposes. This is expressly stated under its terms and conditions.

C: The data contributed by the app is incomplete i.e. a subject access request from the Data Account holder to the app yields more data than that which is brought into the Data Account.

Last updated