Permission Review

Permissions relate to your application’s access to read and write data in a PDA.

When an organisation submits an application to Dataswift for review, it is asking for Dataswift to set up the correct permissions for its app’s users. This allows the app to use the data and namespace in the PDA as desired. Review is a key part of the Application Governance process. After the contracts and permissions are set up, it is however still up to the app to persuade its users to grant these permissions.

Please speak to your account manager at Dataswift and we'll work through the required Permissions Request Form.

Permissions set-up

Permissions set-up is an important function of Dataswift’s stewardship of the PDA owner’s data.

Permissions set-up means Dataswift has to set up the terms for data reads and writes and ensures data integrity is maintained on the Platform. Apps can only read and write data that they have permissions for, and only when permissions are confirmed will an owner's PDA’s APIs be enabled for data to go in and out of the PDA.

Types of Permission Contracts

There are four types of permission contracts that we are asked to set up:

Contract 1 - App Namespace Permissions: Every app that’s building on the PDA would require permission to READ and WRITE data into its own namespace. When filling out the Contract 1 Permissions Request Form, application owners will need to provide the data attributes their app will be collecting and storing into their namespace, along with its purpose.

Type of permission: The right to read/write into a PDA namespace named after the app (sometimes referred to as a folder)

Contract 2 - Other Namespace Permissions: This contract provides permissions for an app to READ data in a namespace other than its own (e.g. Facebook). When filling out the Contract 2 Permissions Request Form, application owners need to provide the data attributes their app will be requesting from other namespaces, along with its purpose and duration.

Type of permission: The right to read data from other namespaces on the PDA through. Note: reading data from other namespaces requires a technical process called a data debit.

Contract 3 - Tool Processing Permissions:

This contract provides permissions for an app to READ, WRITE and PROCESS data through a PDA Function (aka SHE function) that processes data within a PDA and outputs new data into namespaces within the PDA. In filling out the Contract 3 Permissions Request Form, application owners will need to provide information about the data that is used by their function.

Type of permission: The right for a tool or function to read and process data within a PDA and output/write new data into namespaces within the PDA

Contract 4- Data Plug permissions :

This contract provides permissions for a data plug to WRITE data into a namespace. Data plugs are usually proprietary to Dataswift so it is unlikely that a data plug is created by a third party unless they are a Dataswift partner.

Type of permission: The right for the data plug to WRITE data into a permitted namespace (eg Facebook namespace for Facebook data) in the PDA.

Process Steps

STEP 1: Fill in Permissions Request Form. The main artefact of the permissions process, the Permissions Request Form is a request from an application owner to set up the contracts that would give their app the necessary permissions to either access a namespace or get some data from their app users’ PDAs. The app owner will need to fill out this form to get an application through to the review process.

STEP 2: Go through App Review

The permissions set-up request process is part of preparing an application review for ‘going live’ with their PDAs, and is captured in the Permissions Request Form. The process involves the app review process, where Dataswift’s Review Committee conducts the following reviews of the application:

  • Design review – to ensure design consistency across all apps in the ecosystem in terms of usage of terms and design assets.

  • Technical elements – to ensure the API endpoints are called on correctly, error handling has been attended to and there are no other technical issues

  • Contractual review – to ensure that the contract is valid and set up correctly for the right set of data within the PDA for the stipulated usage, duration, and purpose.

  • Compliance review - to ensure that standard platform rules are followed as well as ensuring compliance to data protection and privacy regulations.

  • Data Conduct review - to ensure that data collection, storage, usage and processing have been handled responsibly

To prepare for this review process, application owners will need to run through the checklist for putting their app through review.

Information needed for review

Declarations: in order for Dataswift to set up the data contracts for the permissions between the application owner and app users, the app owner needs to make several declarations listed in this section of the Permissions Request Form. Should these declarations change once the app is live, the app owner will need to request for another app review.

Standard information: Application owners need to provide information about their applications and tools so that this can be clearly displayed to the PDA owners on their PDA dashboard. This includes the data they place into the namespace and is relevant for user applications, marketplace applications (for contracted PDAs), and tools. This information will also be used to place the application in app stores and in the HAT store.

Application for permissions contracts: Providing the necessary information to apply for anyone of the different types of contracts (see above).

Data conduct for personal data collection, storage, processing, and sharing: Application owners will need to make a declaration of how their app handles personal data; ie the flow of data, where and how it's collected, where it is stored, when/where/how and what is processed and what/when/how it is shared and with whom.

How are the permissions governed?

When an app is live, contracts (internally called HMI Contracts) will be logged on the platform when users register or login to the application and accept the contract. Dataswift logs its details, manages and maintains the HMI Contracts, their versioning, and updates on behalf of the application owners and their users. Dataswift monitors the applications’ compliance with their obligations under the Agreement, including necessary audits, under the oversight of the HAT Community Foundation (HCF).

Contracts are checked by Dataswift’s Performance and Monitoring committee to ensure apps behave in accordance with certain rules that may be regulatory (e.g. imposed by HCF) or other rules that may be introduced by the HCF or Dataswift. Apps have the right to appeal to HCF if they feel they have been unfairly treated.

Data flows between the app and PDA would be automatically enabled once the permissions are given by users in the live environment.

Legal implications

Unlike “consent” where individuals consent to data being moved from one place to another, PDAs are legally owned by individuals. Permissions are therefore a result of legal contracts set up by Dataswift directly between the app and its users. Without the individual agreeing to these contracts, the app’s access to the PDAs would be illegal. Dataswift, as the steward of the platform of PDAs, has to ensure that any access must have the correct permissions and the individual must not have revoked the permissions, which they can do from the PDA dashboard (unless the PDA is a contracted PDA). If they have, the app will no longer have access to the PDA.

The legal aspect of the platform is about compliance with the law i.e. GDPR, intellectual property rights, database rights, obligations of data controllers, and the data processors. Since PDAs are legally owned by individuals, Dataswift has an obligation to ensure that apps and even Dataswift ourselves do not encroach on the individuals’ rights under the law.

The governance aspect of the platform is about stewardship and ensuring that everyone plays by the same set of rules. The rating of all applications sits within governance, as does the risk assessment of applications that wish to go live. Governance also has to manage the HAT Community Foundation (HCF)’s oversight of Dataswift’s decision to allow or not allow certain contracts/permissions to be set up.

The way to think about governance and legal is to use a simple analogy: if an application wishes to set up a contract to ask for ALL of the data within the PDA, this is legally permissible. Dataswift can set up the contract for the two parties (ie. the app and the individual) to agree. However, governance may not allow this as it could compromise Dataswift’s stewardship of PDA data. So when would Dataswift say yes or no? Apps should know that Dataswift has an objective way of deciding that, under the strict oversight of HCF whom they can appeal to if practices are deemed unfair.