Adjustable privacy features: now available on Ocean Market
Introduction
In collaboration with Ocean Protocol, we implemented new adjustable privacy features into Ocean Market.
If data owners want to build their data market on top of Ocean Protocol, it will now include customizable privacy features by design, including a privacy preference center, multilingual privacy policies and more editable metadata.
Section 1 of this blog post discusses the need for decentralized data sharing solutions and how Ocean Protocol resolves the current trade-off between the use and monetization of private data and the risk of disclosing it.
Section 2 explains how sharing data while maintaining privacy with Ocean’s Compute-to-Data allows individuals and companies to monetize private data while retaining full ownership and control.
We then describe how Ocean Protocol follows the principle of Privacy by Design and explain the new privacy features that Ocean Market offers by default now. We then provide a brief guide using these features in practice when setting up a data market.
Background
AI loves data. It can support research and lead to life-altering innovations in science and technology. The more data available, the more accurate AI models, leading to better business and research outcomes.
However, while large amounts of valuable data are generated every year, data sharing, AI application and analysis are often hampered by restrictions or concerns about security, privacy and regulatory risks. For example, the European Data Protection Regulation (GDPR) imposes high potential fines for data protection violations, which can be as high as 4% of a company’s annual turnover.
As a result, data often remains locked in silos and its value is underutilized. Data is kept under lock and key and is used by a handful of large companies. In the status quo, there is not enough incentive to share data.
But: the confluence of blockchain, AI and data may very well be a lightning charge to spark an immense and far-reaching decentralized data economy. This is where Ocean Protocol comes in.
“The increasing loss of control over one’s own data and the non-transparent way in which companies exploit users requires change. Ocean Protocol enables this change.”
Meike Molitor, Compliance Lead at deltaDAO
Ocean is based on a radical opportunity: the potential for data to be shared openly and without barriers. The idea was to develop a decentralized data-sharing protocol that allows anyone to publish and share their own data sets. At its core, Ocean aims to give people and organizations the power to take control of their data, share their data the way they want, and monetize their data on their own terms. It aims to create an open data economy.
deltaDAO acts as integrator of the Ocean Protocol tech stack.
One focus of the ongoing collaboration between deltaDAO and the Ocean Protocol Foundation is to add more privacy-preserving features to the Ocean Tech Stack. In recent months, we have focused on
- improving the privacy features in Ocean Market
- building market and Compute-to-Data demonstrators, such as the Minimal Viable Gaia-X
- educating enterprises and consortia about the Web3 data economy and Ocean Protocol core design
Compute-to-Data (CtD)
Compute-to-Data allows for privacy-preserving data sharing, remote computation and data monetization and is a core feature and strong advantage of Ocean Protocol. CtD keeps the data on-premises and enables data consumers to run remote compute jobs on the data. Data owners keep full control as the data never leaves their premises and is accessed only by algorithms.
CtD resolves the tradeoff between using private data and the risks of exposing it. Newly monetized data creates new revenue streams for data publishers. Using Automated Market Makers (AMMs), price discovery allows newly published data to be priced to market value.
CtD is directly integrated into Ocean Market, where data providers can opt to restrict the access type to “compute only”. Once data is made accessible, the compute job is brought to the data and executed on-premise. This is especially suitable to train AI models, calculate statistics or build business analytics use cases on private data without revealing them.
“The technology must default towards the ideals of data protection, towards democratizing data while retaining privacy rights. Compute-to-Data is Ocean’s response to solving the current trade-off between benefits of using private data and the risks of exposing it.”
Trent McConaghy, Co-Founder of Ocean Protocol
There are many applications in business, technology and science, benefitting from sufficient aggregation or anonymization of data. Moreover, data owners can approve only vetted and trusted algorithms, which further lowers privacy risk.
“Using Ocean Protocol, data consumers can train their AI models on remote private data sets and extract insights while ensuring compliance with privacy regulation. The data remains secure. It never leaves the owner’s premises.”
Frederic Schwill, Tech Lead at deltaDAO
Applications and business cases of Ocean’s CtD
Ocean’s CtD is a versatile technology that can be applied to problems and business cases of varying complexity.
In Ocean, a Compute-to-Data infrastructure is set up as a Kubernetes (K8s) cluster. The cluster runs in the background on, for example, cloud services like AWS or Azure or private infrastructure. This Kubernetes cluster is responsible for running the actual compute jobs, out of sight for marketplace clients and end-users. In its simplest form, it could compute an average. For example, getting an average of wages across offices of a multinational company can be difficult due to privacy regulations in different jurisdictions.
More advanced applications could feature statistics or business analytics use cases, for example, doing remote analytics across the supply chain of certain automakers.
CtD is especially useful when applied to verticals like the health sector, where Ocean Protocol enables the possibility to train machine learning models across patient data residing at different hospitals. CtD applied in the health sector can accelerate advancements in science and research, ultimately saving more lives faster.
Privacy-preserving data monetization
CtD, combined with Ocean Protocol’s built-in data monetization layer, is a powerful tool to enable sustainable business models around private data lakes. Users can benefit from this technology in several ways. Developers can quickly launch their own data marketplace using Ocean software components while connected to the Ocean decentralized data-sharing network.
Data owners can sell the private data in a marketplace while maintaining control:
- Privacy: sell private data while preserving privacy. It stays private because only AI algorithms see the data directly.
- Control: data assets remain secure. Control stays with data owners because data never leaves the premises.
Data consumers can access private data without the liability of directly seeing private data.
AI practitioners and data scientists can access valuable, private data that was previously unavailable, which can lead to more accurate AI models to improve research and business outcomes.
Following Privacy by Design principles
Being based on blockchain, Ocean Protocol has some key advantages compared to traditional Web2 data sharing solutions:
It is fundamentally different from the traditional manner we exchanged data in the past, which usually involves giving up control and using a middleman mediating between data market participants. The middleman is a single point of failure and could use the data for own benefits or have their data stolen, as regularly reported in the media.
Following Privacy by Design principles and giving control back to the user, are key elements of the GDPR. Ocean gives full control and sovereignty to data owners. Moreover, compared to Web2 solutions, Ocean Market requires minimal personal data, which corresponds to the data minimization principle of the GDPR.
NEW: adjustable privacy features
Ocean Market is an out-of-the-box data marketplace for monetizing data — both with an Ocean reference marketplace and the promise to allow developers to build their own marketplaces to monetize their data. Here data can be bought or sold in a privacy-preserving manner using CtD.
If data owners want to spin up their data market based on Ocean Market, it will now include adjustable privacy features by design. Here’s how:
- Multi-language privacy policies. Ocean Market delivers a privacy policy in English, German, Spanish, and French to inform the market users adequately and transparently about the processing operations. These policies are free to use and can be quickly adjusted to your needs so that you can get started right away and worry less about regulations.
- Facilitated introduction of new policies: Moreover, Ocean Market provides easy to edit markdown files to enable you to add and remove privacy policies easily. You can add a policy by providing your own markdown file in the content/pages/privacy directory.
- Privacy preference center. There is also a configurable privacy preference center. We offer a simple configuration for showing a cookie banner, as well as a more advanced setup. If your use case requires it, you can now configure a fine-grained preference center for marketing or analytics cookies, which require user consent.
- History Table: The history table is a transparency feature you can use to overview the transactions you made on Ocean Market quickly.
- Disclaimers. To increase transparency even further, Ocean Market provides several disclaimers to inform users about privacy implications.
- Editable metadata: After publishing a data asset, you can rectify your metadata (e.g. the author field) at any time.
- Data Lifecycle Management: You can restrict the processing of your personal data on Ocean Market by using Purgatory, a mechanism to hide any data asset from Ocean Market.
How to use the new privacy features
If you are new to Ocean Market, head over to Ocean Protocol’s dedicated beginners guide on how to launch a blockchain-based data marketplace in under one hour.
After finishing the initial setup of your data market, depending on your use case, you may want to enable the features mentioned above.
To get started and display a simple pre-configured cookie banner, head to your .env file in the root of your repository. If you do not yet have a .env file, you can create one.
Make sure you have the file saved at the same location as shown below:
Now copy and paste the following into the file:
GATSBY_PRIVACY_PREFERENCE_CENTER=”true”
You will notice a few changes when you now run your market with the following command: npm start.
First, you will notice a cookie banner appearing in the bottom left corner (1). Additionally, a link to open this banner again is now displayed in the footer (2).
Now, to configure everything that is displayed within the privacy preference center, you can open the “content” folder and navigate to a file called “gdpr.json”. Open it up and you will see the configurations for our privacy preference center.
You can change the title, body and even the text on the buttons in this file. Additionally, you will notice a variable called “optionalCookies”. Here you can configure which optional cookies your market implementation uses and give the user the option to opt-in or out of each category individually.
If you click on the “Customize” button in the cookie banner of your running market, you will see the additional preferences a user can set.
To use those preferences, head over to the CookieConsent provider located in the “provider” folder in the “src” directory. Open the “CookieConsent.tsx” file and you will find two functions that are of special interest. “handleAccept” and “handleReject”. Each time the user changes their settings on any given cookie category, these functions will be called respectively. The “cookieName” passed over to the functions is the same you set in the “gdpr.json” file.
To make interaction with cookies a little easier for you we also provide a helper file named “cookie.ts” located in the “utils” folder within the “src” directory. You can import the “setCookie” and “deleteCookie” functions, as well as the “getCookieValue” function anywhere in your code to handle your cookies easily.
But there’s more! Let’s say your market will only use strictly necessary cookies and you want to display a cookie banner only to inform users. In that case, you can go ahead and delete the “optionalCookies” variable in the “gdpr.json” config file altogether. Now change the text of the cookie banner and give the close button a more fitting label and you are all set.
Your users will now be presented with a simple cookie banner informing them of your use of cookies, which they can acknowledge.
Conclusion
For Ocean, secure data sharing is a means to an end: it enables staking, pricing, curation and incentivizing sharing. Until now, anyone who wanted to offer data for sale had to set up companies, set up the back office, build sales and distribution channels, and then provide the actual value of the data. With Ocean, these hurdles are much, much lower.
Ocean Protocol resolves the current trade-off between the benefits of using private data and the risks of exposing it. Ocean follows the Privacy by Design principle and gives control and sovereignty back to data owners.
If you want to spin up a data market based on Ocean Market, all privacy features are already supported from the start.
About deltaDAO
deltaDAO AG, located in Hamburg, is the first Ocean Protocol engineering, integration and consulting company, by Ocean Protocol community members. We are working closely with BigchainDB GmbH and the Ocean Protocol Foundation to achieve our common mission to kickstart a European Data Economy. We are a Gaia-X member active in several working groups and initiatives. deltaDAO is a co-organizer of the Gaia-X Hackathon, responsible for the “Compute-to-Data & Distributed Ledger Technology” track where we, as Web 3.0 specialists and integrators, build towards a Minimal Viable Gaia-X with the other Gaia-X community members.
