[RFW0003] NFT of data subscription information and how a brand accesses it

[ProfilaMitchell]

Table of Contents

• Housekeeping
• The Problem
• User Story
• Request Type A/B
• Owner
• Summary
• Is This Really Necessary?
• Motivation
• Named concepts
• Examples, Risks & Assumptions
• Success Metrics
• Conceptual Design
• Drawbacks
• Alternatives
• New Data
• Business Release Date

Housekeeping

Make sure to clearly understand Type-A and Type-B requests, and the relavant limitations. Failling to follow the guidelines pertaining to the two acceptable types of RFWs will automatically lead to disfqualification of the RFW.

Take time to complete each section below with as much detail as is required to establish a comprehensive understanding about the underlying product specification.

ALL BELOW FIELDS ARE REQUIRED

The Problem

There is a lack of a secure way to share data between brands and users

User Story

As a user I want to allow a brand to access my data via a data subscription so I can see their content

• High severity - Core feature of the platform, essential to business model that brands can subscribe to users
• High Priority - If brands cannot subscribe to user data, they have little to no use case for the platform

Request Type A/B

Type B

Owner

Mitchell Goudie

Summary

The minting of an NFT to give to brands which grants them access to user data, which is encrypted and stored on Profila. The terms of the access (which user data, for how long, compensation) are included in the NFT. This functions as a data subscription between a brand and the user.

Is This Really Necessary?

The sharing of data between users and brands (data subscription) is an integral part of Profila in not only allowing users to have more control over their data, sharing only what they want with the brands that they want (and no third parties), but also allowing them to be compensated for it. This also facilitates access to evergreen, user created data for brands as opposed to algorithmically assumed metrics. Delivering on these goals is the "best way" to shift the current marketing surveillance paradigm.

Motivation

The minting of an NFT to give to brands, through which they are granted access to user data stored on Profila servers (encrypted). This functions as a data subscription between a brand and the user.

By implementing a system wherein users can grant access to their data (specific elements) to specific brands which have an NFT (which, aside from acting as a key, contains the information of the contract), we deliver on Profila's goal of allowing consumers to control relationships with brands and the use of their data by brand's. The scope of this request:

• The minting of the NFT which is given to the brand. This NFT contains the terms of which they are allowed to access the user data
• The verification that when a brand attempts to access a users information, they have the NFT which grants them access in their wallet
• The facilitation of payment once the brand accesses the data
• The re-encryption of the user data once the agreed upon time period of access has passed, so that despite the brand still holding the NFT, it no longer grants them access to the data

Named Concepts

Data Subscription - Is when a brand subscribes to a certain set of user data based on their needs, and compensates the user for access to the data. The access is revoked at the end of the contract.

Examples, Risks & Assumptions

1. Explain concretely what will manifest as a result of this RFW.

• Brands will receive an NFT once they have agreed on terms of a data subscription with a Profila user
• Brands will be able to use this NFT as a key to gain access to the agreed data of the user
• Profila users can see the agreed terms on the Brands NFT
• Users receive a subscription offer from a brand with clear data requests and payment details. This earned money appears in the ‘wallet’ dashboard [but is not held in the Profila app]
• Profila users receive their payments from subscriptions on a monthly basis

The NFT contains the following details:

1. Individual's name, last name
2. Brand's name
3. The link to respective IPFS location
4. The dataset which the Individual has agreed to share with the brand
5. The fixed length of time the brand has access to this information
6. The payment amount and currency (stable coin, fiat, or ZEKE)
7. The date of the agreement

2. Explain how is it different from what is already manifesting i.e. what we already have?

Currently there is no blockchain element to data subscriptions

3. Explain what Profila users/brands will experience as a result of this RFW. How will they feel as a result of it? How will they benefit as a result of it?

• Profila users will feel more connected to brands by being able to sell access to select parts of their Profila
• Profila users will feel secure in knowing they can view the terms of the contract in an immutable form
• Profila users will feel empowered in their ability to be paid for access to their data whilst retaining control over which brands use it
• Brands will feel in control in being able to access specific data sets for a set price
• Brands will experience less stress in relation to user data management as terms are all agreed upon by both parties
• Brands will experience joy in having an evergreen set of data available to access whenever they need
  

4. If applicable, provide sample messages for any new messages the system will display as a result of this RFW.

Message for Brands receiving the NFT to access the data: This NFT will act as your key to access the users data. Once the agreed date in the contract passes, you will lose access to the data unless you offer the user another subscription.

5. Define what is out of scope in this request.

The UI process of granting (and requesting) access to user data is out of the scope of this RFW

6. What are the data protection, privacy and security assumptions made for this request (example, should this be GDPR, HIPPA (healthcare), NIST compliant etc. - Speak to Michiel or Ipek!)

GDPR - Access to user data is being granted via NFT as a key, as such, proper precautions regarding the timeframe this NFT works as access need to be taken

7. Explain how this user story will be supported (i.e customer support - if the user story fails technically, how will the user be supported).

Support Flow If the NFT cannot be minted with the relevant subscription details, tech support must be notified

User Logic

• There is text that notifies the 'Subscription offer could not be accepted. Please contact support@profila.com with the Subject "Subscription Offer Error"'
• The subscription offer remains visible for the user so no further step is needed here
  

Tech Support Logic

• Needs to resolve issue with why the user cannot accept the offer (why the NFT with contract details is not being minted)
• Relay to CS team that issue resolved so Profila can notify the user
  

8. Explain how this user story impacts revenue or billing (if applicable).

• Profila would receive income from the data subscription formed between the brand and the user
• A cost is incurred in generating an NFT

9. State any additional risks identified as a result of this user story.

There is a risk that the brand somehow records or exports user data and uses for their own marketing purposes outside of the agreed contract terms

Success Metrics

A brand can offer the user a data subscription, and once accepted would have access to the agreed dataset for the agreed amount of time, whilst compensating the user.

Conceptual Design

General Flow

• The users data will be stored on Profila servers but encrypted.
• Once a data subscription agreement has been established, the terms of this agreement are stored in an NFT
• The NFT will be accessible for the user, the brand, and Profila
• The NFT acts as a key to access a certain dataset from the user

The NFT contains the following details:

1. Individual's name, last name
2. Brand's name
3. The link to respective IPFS location
4. The dataset which the Individual has agreed to share with the brand
5. The fixed length of time the brand has access to this information
6. The payment amount and currency (stable coin, fiat, or ZEKE)
7. The date of the agreement

• Once the agreed timeframe of the contract expires, the user data should be re-encrypted so that the NFT no longer grands the brand access

NB: As the metadata of these NFTs will be visible, it allows anyone to view details of the agreement. In this case, the nickname for the user could be used as an alias to their real identity within Profila. The user's DID could also be used

Drawbacks

Alternatives

New Data

The NFT generated that is given to the brand to access user data

Business release date

A rough timing for the planned release for the specification possibly resulting from this request. The implementation of NFT enabled data subscriptions is requested by Q4 2022

[ghost]

• Does this RFW imply the future ability to cancel subscription? I suppose it does, as otherwise delaying payment doesn't make much sense, brand could just pay upfront for the whole subscription period.
• Why encryption is needed? How would it work? Where encryption keys would be stored and who would have access to them?
• If NFT would be a key that unlocks the content, it means that NFT-key can be transferred to other brands. I don't think that is desired behavior, if I subscribe to particular brand, I expect that my data would be available only to that particular brand. If that's the case we shouldn't give access on the availability of NFT in brands (or whoevers) wallet. Instead we can grant access to some public keys holder, keypairs are not transferrable, that would comply with required logic.

[ProfilaMitchell]

• Does this RFW imply the future ability to cancel subscription? I suppose it does, as otherwise delaying payment doesn't make much sense, brand could just pay upfront for the whole subscription period.
• Why encryption is needed? How would it work? Where encryption keys would be stored and who would have access to them?
• If NFT would be a key that unlocks the content, it means that NFT-key can be transferred to other brands. I don't think that is desired behavior, if I subscribe to particular brand, I expect that my data would be available only to that particular brand. If that's the case we shouldn't give access on the availability of NFT in brands (or whoevers) wallet. Instead we can grant access to some public keys holder, keypairs are not transferrable, that would comply with required logic.

@vladwix

1. The RFW does imply the ability to cancel a subscription
2. The user data is encrypted on Profila servers. The NFT would serve as a key to access it. However this logic will not be applicable given the preference of using smart contracts as opposed to NFTs