HAT DATA EXCHANGE RATING SCHEME

HAT DATA EXCHANGE RATINGS GIVE HAT OWNERS FULL TRANSPARENCY ON
SERVICES/APpS “powered by HAT”

This gives HAT owners transparency in understanding how apps that integrate with the HAT use the data given to them by HAT owners. This would also govern other non-app data debit requests e.g. coming through from Databuyer services. The rating scheme give HAT owners an “at a glance” indication of the app or the data debit requests by data acquirers on the HAT platform. The HAT App rating system provide all HAT Owners the assurance that data transactions are transparent. It does not purport to make a judgement on what data should or should not be exchanged. The rating system is empirical, evidence-based and evolving.

FIRST LETTER: 

WHERE HAT DATA IS STORED BY THE APP

A* 

The app or the data debit request does not require any data from the HAT owner. This is usually the case for apps that request only a verified action, a signal, or apps that only write data into the HAT like data plugs.

A

The app requires data from the HAT but it does not store HAT data anywhere outside the HAT, except for performance and caching purposes.

B

The app requires data from the HAT and will store data outside the HAT but within its own app service and will not transfer the data anywhere else and this is expressly stated under its legal terms and conditions (please note that the foundation does not yet do audit checks on whether this is technologically or operationally complied with).

C

The app will store data outside the HAT and may transfer the data elsewhere for analysis purposes and this is expressly stated under its terms and conditions (please note that the foundation does not yet do audit checks on whether this is technologically or operationally complied with).

D

The app will store data outside the HAT and may transfer the data elsewhere for other undeclared purposes and this is expressly stated under its terms and conditions. (note: data debit request rated D that has any identifying data will not be approved under European regulations)

SECOND LETTER

CONDITIONS IMPOSED ON DATA CONTRIBUTED BY THE APP

A*

The app does not impose any conditions on the re-use and/or re-sharing of the data generated by the app that has been written to the HAT

A

The app imposes conditions on the re-use and/or re-sharing of the data generated by the app for legal purposes e.g. protection of minors etc.

B

The app imposes conditions on the re-use and/or re-sharing of the data generated by the app that has been written into the HAT.

THIRD LETTER

COMPLETENESS OF DATA CONTRIBUTED BY THE APP

A*

The data contributed by the app into the HAT is more than complete i.e. a subject access request from the HAT owner to the app yields the same data as that which is brought into the HAT and the app contributes other data such as descriptions and images to make the data more understandable AND the app contributes data generated by the person on the app back into the HAT (within performance limits).

A

The data contributed by the app into the HAT is complete i.e. a subject access request from the HAT owner to the app yields the same data as that which is brought into the HAT AND the app contributes data generated by the person on the app back into the HAT (within performance limits).

B

The data contributed by the app into the HAT is complete i.e. a subject access request from the HAT owner to the app yields the same data as that which is brought into the HAT but the app does not contribute all data generated by the person on the app back into the HAT.

C

The data contributed by the app is incomplete i.e. a subject access request from the HAT owner to the app yields more data than that which is brought into the HAT.