- We know from experience that personal data allocated in centralized databases suffer from vulnerabilities such as hacks, breaches, and data leaks. These exploits could have devastating consequences to an individual’s personal and financial life if it materializes as identity theft.
- The transfer of personal data between third parties is possible when there is express consent given by the user. A specific and determined purpose for the treatment and the collection of this data needs to be proportional to the purpose sought. Beware of international transfers of personal data to countries without a regulatory framework on data protection or States that do not follow the European data protection model contained in the GDPR (General Data Protection Regulation).
- QSTN aims to decentralize data aggregation by giving complete ownership and control of personal data back in the consumer’s hands by creating an ecosystem where users answer questions, earn credits and spend these rewards within their digital environment.
In recent years we’ve seen an increase in the interest of users understanding how their data on the Web is managed and stored. As a result of several important data breach scandals by various tech giants, people have become more aware of their data protection rights and how their personal information should be handled. According to the 2021 Thales Data Threat Report, 45% of the American companies surveyed have suffered some type of data breach in the recent past, and that number could be higher because these leaks are often not detected. This report also found out that companies invest between 6% and 15% of their budget in data security, which explains why the security of the databases is violated with such regularity and ease.
But instead of investing their resources in increasing the security of databases or simplifying the content and procedures to comply with privacy rights, companies are more focused on lobbying and influencing the decision-makers to protect their own interest, many times at the expense of the user’s data. Remember when Mark Zuckerberg had to testify before Congress during the Cambridge Analytica Scandal. Not even the CEO of the largest social media network could fully comprehend the extension of the data breach caused by his client using his platform. And little has changed since then: we still don’t know who handles our personal data when being sold by these companies nor the purpose of these acquisitions.
The regulations related to data protection are relatively new. For instance, Europe’s General Data Protection Regulation (GDPR) was published on May 24, 2016, but became mandatory for all Member States on May 25, 2018. In the case of the US, we have the California Consumer Privacy Act (CCPA), which implements similar protection following the European legal framework, and CCPA only became effective on January 1st, 2020. Companies haven’t caught up to adapting their businesses to effectively store, manage and dispose of personal data from their consumers. There’s still a lot of work to do and awareness to raise regarding data privacy matters.
These data protection legislations allow users to have access to the information and exercise whatever privacy right that the consumer sees fits. But sometimes this access to the information is limited and jealously guarded by the data managers and controllers. QSTN aims to revolutionize this sector by creating a decentralized data aggregator, giving complete ownership and control of the personal data back in the consumer’s hands.
Take for example a similar business model: Google Rewards. Users answer specific questions and then receive a small reward as credits to be spent inside the Google apps ecosystem. Later, these answers are sold to determined advertisers but it suffers from the issues related to centralized processing of personal data: lack of transparency, inequitable distribution of benefits, requires permission to access or register, and zero control over the data once you input it, in this case, the answered questions that constitute personal data and should be legally covered by data protection rights. Speaking of data protection rights, these are:
- Right to be informed about the purpose of collecting personal data;
- Right of access to the stored data;
- Right to rectification of data;
- Right to erasure of data;
- Right to restrict data processing;
- Right to data portability;
- Right to object to the use of data;
Ideally, these are the privacy rights that should be guaranteed by data processors and managers although it is not always clear how the user can exercise these rights, which requires the responsible person or entity to enable the tools to allow consumers to properly procure their privacy rights when required.
But taking the example mentioned above, it’s important to understand the relationship between user aggregated content and the ownership of it because when you sell data for a profit, revenue or credit, companies don’t disclose who their client is, who they are selling your data to and how long they will keep this information. Lack of transparency could cause a conflict of interest because aggregators may be selling your information to a company whose values you don’t share or want to be associated with.
The next evolution for the Internet, Web3, will open new frontiers that we’ve never seen before. For the first time, users truly own and control their data in permission-less environments and with complete freedom to handle their activities as they see fit. Contrary to the way we browse the Web before, where Tech giants control every aspect of the service; from the registration of users, conditions of use, to even the censorship of content. This new web is called to revolutionize the way we create and share data, all of this thanks to decentralized protocols such as NEAR Protocol and purposeful projects like QSTN.