HAT DATA EXCHANGE RATING SCHEME

HAT Data Exchange Ratings give HAT owners full transparency on how data acquirers would be using HAT data

HAT Community Foundation (HCF) has a rating scheme for applications and services “powered by HAT”. This gives HAT owners transparency in understanding how apps that integrate with the HAT use the data given to them by HAT owners. This would also govern other non-app data debit requests e.g. coming through from databuyer services. The rating scheme give HAT owners an “at a glance” indication of the app or the data debit requests by data acquirers on the HAT platform. The HAT App rating system provide all HAT Owners the assurance that data transactions are transparent. It does not purport to make a judgement on what data should or should not be exchanged. The rating system is empirical, evidence-based and evolving.

The first letter (DATA USAGE)

The first letter in the rating scheme is an understanding of how data acquirers store HAT owners' data whenever they take data from the HAT.

A*

The app or the data debit request does not require any data from the HAT owner, merely a verification that the data has been generated within the HAT. This is usually the case for apps that request only a verified action. 

A

The app does not store HAT data anywhere outside the HAT, except for performance and caching purposes. All data generated by the HAT owner is kept within the HAT.

B

The app will store data outside the HAT but within its own app service and will not transfer the data anywhere else and this is expressly stated under its legal terms and conditions (please note that the foundation does not yet do audit checks on whether this is technologically or operationally complied with).

C

The app will store data outside the HAT and may transfer the data elsewhere for analysis purposes and this is expressly stated under its terms and conditions (please note that the foundation does not yet do audit checks on whether this is technologically or operationally complied with).

D

The app will store data outside the HAT and may transfer the data elsewhere for other undeclared purposes and this is expressly stated under its terms and conditions. (note: data debit request rated D that has any identifying data will not be approved under European regulations)