PrivAct Ecosystem. Click on different elements to learn more.

FSAP

The Federated Secure Aggregation Protocol. Click on the different elements to learn more about the protocol.
The privact system to guarantee individual privacy. Use mouse and hover effects to learn more about the system.
### Main Categories Services refers to any type of service or product that produces or consumes personal data. The definition is broad: It could be a website, an advertising service, your smart watch, your car… The privact ecosystem provides a level playing field for all service providers that is compliant with the latest data protection laws (e.g. GDPR, EU Data Act). This is your realm. Every technology you use as a human being and digital citizen. The privact ecosystem allows you to manage your digital privacy transparently and easily. All you have to do is use technology certified with the privact seal – everything else works automatically. The Foundation will be the non-profit organization to be established. It acts as a trustee for users’ digital privacy rights and provides the necessary technology and infrastructure – the privact ecosystem. It never gains knowledge of any user data. Research organizations range from small to large, can be non-profit or for-profit, and are interested in conducting market research. The privact ecosystem provides a clear and transparent set of rules so that all organizations have a level playing field when it comes to accessing the largest pool of anonymized consumer data. ### Services Services need to avoid cloud computation wherever possible. Cloud storage of personal data needs to be restricted to the minimum legaly or logistically needed ammount and time. Services participating in the ecosystem can use the Foundation’s seal to signal to consumers at the point of sale / use their commitment to respecting users’ privacy. As a user, the seal makes your life easy. All you have to do is use services that have been awarded the seal. This makes protecting your digital privacy as easy as buying organic food. All you have to do is choose the right product or service. Everything else happens automatically under the hood. Services must not transmit personal data to the cloud that can also be computed locally on users’ devices. On the other hand, any data that must be transferred to the cloud will receive a digitally signed contract from the user that defines the scope of data storage. By doing this, the Service can always prove that it’s complying with the GDPR. ### Research Organizations Organizations can conduct privacy preserving market research on any question that can be automatically evaluated from data in local databases. However, it is not possible to provide users with questions that must be answered manually. To collect this kind of information, or as a website to obtain statistical data about its users, first – acting as a SERVICE – the data must be written into the database. Then – acting as a RESEARCH ORGANIZATION – it can be mined using the federated secure aggregation mechanism. Research organizations must report on their social behavior. Categories can range from workers’ rights to women’s representation on boards to the organization’s environmental footprint. The actual categories will evolve over time. They will be used to match users’ expectations of how organizations should behave and to determine what market research individual users will participate in. ### Foundation The Foundation has the responsibility to audit the research organizations. This audit is mainly focused on the behavioral information provided by the organizations. Research organizations must accept the Foundation’s terms and conditions to participate in the ecosystem. Before the results of the Federated Secure Aggregation evaluation system are delivered back to the research organizations, we will check for and mask potential privacy violations, such as low numbers in certain intervals. A web interface allows organizations to feed their research question into the federated secure aggregation evaluation system. The possible content is provided by the central database schema. Maintaining the central database schema is at the heart of the Foundation’s work. The schema serves as the knowledge base for all potentially available personal data. Services and research rely on this catalog. In addition to avoiding duplicate records, one of the Foundation’s central tasks is to categorize the personal information registered in the catalog. Examples of these categories could be Health Data, Location Data, or Financial Data. The Foundation has the responsibility to audit the Services. This audit is mainly focused on the sparse storage of personal data in the cloud and the prohibition of interconnecting different data sources. Services must accept the terms and conditions of the foundation to participate in the ecosystem. Services must notify the Foundation of any data points they wish to store on users’ devices. The Foundation checks for duplicates and adds the new data point to the central database schema. ### User Devices Every service participating in the ecosystem must compute everything possible locally on your device. In return, you can safely share the personal data the service needs to provide you with the best possible experience. Any service may request access to different categories of your personal data. Examples of these categories could be Health data, Location data, or Financial data, as categorized in the central database schema. As with the current permission system of allowing app access to your addressbook or camera, you can always block, allow, or revoke any service’s access to the different categories. The local database is where your personal data is stored. It is actually not a single database, but a system of databases under your control. This includes various devices you own, as well as cloud providers you choose and trust for things like backups. You don’t keep all your money under your pillow, do you? Also, some data may be stored with trusted third parties, such as your health insurance company or government agencies that provide verified ID information. The central database schema is synchronized with your local database. This allows you, services, and research to benefit from the structured and categorized data. You can define how you want the organization you choose to support to behave socially. Categories can range from workers’ rights to women’s representation on boards to the organization’s environmental footprint. The actual categories will evolve over time. This is matched with the information provided by the research organization. Only if the organization’s social behavior matches your individual expectations will your data be included in the requested research. The federated secure aggregation protocol allows individual data to be aggregated into statistical data without revealing personal data. It is mathematically proven to be robust against a wide variety of attack vectors. Privact uses it to enable market research on the combined data pool without violating anyone’s privacy. ### privact e.V. The goal of the non-profit organization privact e.V. is to establish this ecosystem in society. We are working with partners to build the Foundation, develop the necessary technology, and create the momentum to make this system the new normal. The privact e.V. is not the Foundation.