A toolkit for gathering and documenting valid consent

What makes the solution innovative:

Our solution is innovative in two ways. First, we propose a new process, that brings the content and action for giving consent closer to the beneficiary in a more inclusive and easy to understand format. It also makes the transaction of data more salient to the individual.  Second, we leverage mobile and blockchain technology to build a tamper-proof, decentralized and universally accessible registry for consents. This increases transparency and provides oversight of personal data use. Given reliable authentication is possible it will also empower the beneficiary to revoke consent.

How the solution demonstrates 'privacy by design':

The main focus of our solution is on the principles of consent and purpose specification. The beneficiary’s free and specific consent is the preferred legal basis for the collection, use, or disclosure of personal information, The greater the sensitivity of the data, the clearer and more specific the quality of the consent required. This is exactly where our solution links in, by increasing the quality and validity of the consent given and clarifying the purpose.

We aim to also provide the possibility to withdraw consent, by providing a voice interface to the backend registry. By providing this consent monitor interface, the solution also demonstrates openness, right to access and compliance.

How the solution can be incorporated into digital identification systems:

Our solution can easily be linked up with existing digital identification systems, either through full integration, or by referencing the identifier of the existing system in the consent.

It can be fully integrated by using the authentication method of the existing system when the user provides consent. This is for example how consent is created in the id systems of India and Estonia. The consent will still be registered on the registry. This will allow to add more features in the future, for example, transaction logs of data access inside the id system can be checked against the user consent saved in the wallet and on the blockchain.

A more pragmatic approach would be that ID number of the existing system be referenced when the consent is given. This would be useful in order to attach consent to a unique, universal id and could be used to find the consent object on the registry. It would imply, however, that the beneficiary knows their ID number.

How the solution is 'user-friendly':

We assume that the term “user” in here refers to the data subject. The pragmatic approach outlined above is very user friendly in case the ID number is something many people know. From our experience however, that is not often the case in humanitarian settings. Arguably, full integration, using the existing ID system’s authentication mechanism is even more user friendly since it would streamline the act of giving consent with other identity transaction. From a system integrators point of view, the consents would have to be referenced to the specific data attributes from within the system.

How the solution ensures interoperability:

First, we will use public blockchains that are universally accessible to store the timestamp proof of consents. That also ensures that the consents can be migrated in case another architecture is preferred. Second, we are working with stakeholders and the digital identity community towards developing a schema for consents. In particular, we are part of the w3c Verifiable Credentials working group which is a great platform for developing interoperable and open standards. We have developed a schema for consent that we are using inside Gravity’s ID system that we can build upon.

How the solution accounts for low connectivity environments and for users with low literacy and numeracy levels:

We address low literacy and numeracy levels by providing explanation in the beneficiary’s preferred language in a simple, jargon-free manner. IVRs have successfully been used by organizations in settings with many different dialects in South Sudan and Kenya information gathering and dissipation.

Our solution only requires a basic mobile phone, and in case of zero network coverage, the IVR can be implemented as an app and downloaded on the data collector’s device, which we expect to be a smart device. As soon as this device connects to the internet, the consent is uploaded to the registry as usual.

Vision over the next three to five years to implement or grow the solution to affect the lives of more people:

We see two pathways to scale for our solution. First, we aim to integrate our solution into existing ID systems that have achieved scale as a mechanism for obtaining and documenting valid consent. We also aim to integrate it in Gravity’s Identity Platform. Second, we want to offer the solution as a toolkit to humanitarian organizations. This could be done for instance by integrating a module into Open Data Kit, that is used by many organizations, in order to make the consent collection more seamless for the organization.

https://medium.com/gravity-earth

How the solution team is organized:

How many people work on the solution:

Solution age:

The organizations applicants are currently working with:

With Xavier project for the the implementation of a self-sovereign digital ID education wallet for refugees. We use Gravity’s digital identity platform to track attendance, course completion and learning outcomes for refugees in three of Xavier Projects schools in Kakuma Refugee Settlement in northern Kenya. The self-sovereign wallets serve as interoperable data layer to which other parties can request access.

In collaboration with Strathmore University in Nairobi, we are currently working on the issuing of blockchain certified diplomas. Also, We have a partnership with PwC that gives us access to their network and expertise.

Applicant skills that can attract the different resources needed to succeed and make an impact:

Gravity leverages a core team of multidisciplinary experts in the fields of mobile money, blockchain technology, banking and the humanitarian/international development, helping us to deliver a holistic solution that draws from each of our team members expertise in the area. We are well connected in the Nairobi ecosystem of NGOs, innovators and the government, which gives us access to many distribution channels and information. In addition, our Partner PwC has also committed to providing resources to the Mission Billion challenge. 

Revenue model:

As Gravity, our revenue model is transactional. We charge our customers per data request to our users wallets. Part of this transaction is paid out to the user in airtime. There is a lack of interoperable data in a variety of domains, including education, cash transfer programming and financial history. We fill this gap by providing an interoperable data layer consisting of self-sovereign wallets. Our approach to gather data on this wallet is product driven. We build products for each use case that link into the wallet, but solve an immediate need for the users (like our education product). We believe this is the model of the future for data sharing and interoperability.

Reason for applying to the Mission Billion Challenge:

We are strong believers that the future of personal data and identity systems must be private by design. This will only happen if there is a common effort by everyone involved in order to build interoperable and open source modules that can find widespread adoption. Contributing our ideas, experience and network to this endeavor is our main motivation to apply. Participation will also advance our work thanks to collaboration with the ID4D ecosystem and by improving our product offering with an open source consent module.

Key barriers to the solution:

Low literacy and numeracy and the variety of languages will be a challenge. However, we can draw on the experience or organizations in our personal network that have successfully worked with similar solutions in these settings. Another key barrier is the friction it creates during the data collection task. This can only be solved through a user centered design approach, spending time on the ground and iterating on our solution. We are aware that the module must be user friendly for the data collecting party in order to find adoption in this kind of setting.