HAT DATA EXCHANGE RATING SCHEME

HAT DATA EXCHANGE RATINGS GIVE HAT OWNERS FULL TRANSPARENCY ON SERVICES/APpS “powered by HAT”

This gives HAT owners transparency in understanding how apps that integrate with the HAT use the data given to them by HAT owners. This would also govern other non-app data debit requests e.g. coming through from Databuyer services. The rating scheme give HAT owners an “at a glance” indication of the app or the data debit requests by data acquirers on the HAT platform. The HAT App rating system provide all HAT Owners the assurance that data transactions are transparent. It does not purport to make a judgement on what data should or should not be exchanged. The rating system is empirical, evidence-based and evolving.

There are generally two types of apps.

Z class apps

Z class apps are HAT Dashboards that enable the HAT owner to view, browse and search their HAT microserver as well as manage permissions and organise their HAT. Z class apps are fully certified by the foundation to ensure no access by anyone except the HAT owner and whomever the HAT owner permits. The completeness of Z class apps is depicted by the number of *.

Z*** : This app has full functionality. All tools, apps and plugs available in the HAT ecosystem is available on this app, including the ability to manage the HAT owner's public profile, cancel data debits, enable and disable tools, apps and plugs.

Z** : Some functionalities to manage the HAT microserver are missing from this app.

Z* : Most functionalities to manage the HAT microserver are missing from this app

Z : This app has limited functionality for managing the HAT microserver

Z class apps are only issued by HAT Platform Providers

Normal class apps

Normal class apps are subjected the ratings below. For clarity, data plugs are a form of app and will be rated the same way.

FIRST LETTER: 

WHERE HAT DATA IS STORED BY THE APP

A* 

The app or the data debit request does not require any data from the HAT owner. This is usually the case for apps that request only a verified action, a signal, or apps that only write data into the HAT like data plugs.

A

The app requires data from the HAT but it does not store HAT data anywhere outside the HAT, except for performance and caching purposes.

B

The app requires data from the HAT and will store data outside the HAT but within its own app service and will not transfer the data anywhere else and this is expressly stated under its legal terms and conditions (please note that the foundation does not yet do audit checks on whether this is technologically or operationally complied with).

C

The app will store data outside the HAT and may transfer the data elsewhere for analysis purposes and this is expressly stated under its terms and conditions (please note that the foundation does not yet do audit checks on whether this is technologically or operationally complied with).

D

The app will store data outside the HAT and may transfer the data elsewhere for other undeclared purposes and this is expressly stated under its terms and conditions. (note: data debit request rated D that has any identifying data will not be approved under European regulations)

SECOND LETTER

CONDITIONS IMPOSED ON DATA CONTRIBUTED BY THE APP

A*

The app does not impose any conditions on the re-use and/or re-sharing of the data generated by the app that has been written to the HAT

A

The app imposes conditions on the re-use and/or re-sharing of the data generated by the app for legal purposes e.g. protection of minors etc.

B

The app imposes conditions on the re-use and/or re-sharing of the data generated by the app that has been written into the HAT.

THIRD LETTER

COMPLETENESS OF DATA CONTRIBUTED BY THE APP

A*

The data contributed by the app into the HAT is more than complete i.e. a subject access request from the HAT owner to the app yields the same data as that which is brought into the HAT and the app contributes other data such as descriptions and images to make the data more understandable AND the app contributes data generated by the person on the app back into the HAT (within performance limits).

A

The data contributed by the app into the HAT is complete i.e. a subject access request from the HAT owner to the app yields the same data as that which is brought into the HAT AND the app contributes data generated by the person on the app back into the HAT (within performance limits).

B

The data contributed by the app into the HAT is complete i.e. a subject access request from the HAT owner to the app yields the same data as that which is brought into the HAT but the app does not contribute all data generated by the person on the app back into the HAT.

C

The data contributed by the app is incomplete i.e. a subject access request from the HAT owner to the app yields more data than that which is brought into the HAT.