Configure the Product
Configuration User Interface
The Web UI is available by default at http://localhost:8890/.
Configuration#
The product is configured by categorizing data, and then defining valid purpose for use or sharing against those categories. Configuration plays two roles: a source of truth for non-technical and technical roles to collaborate and track changes over time, and a definition for enforcement point within the platform. By capturing knowledge into one place (that's usually scattered acrosss a company), and organizing it in a form that can be understand by different roles, coordination and execution becomes much simpler. Through this common platform configurtation, API calls and security credentials are connected to the language shown below, ensuring that the right data is used for the right reasons, and a consistent audit trail forms proving that data is used correctly across an organization.
Categories#
The first step in configuration is defining Categories. Data use and sharing is defined over sets of Categories, which in turn define specific Fields. This makes it more natural to talk about the Purpose of a query, by saying "this task needs contact data" and then separately capturing which Fields represent "contact data." The set of Fields can evolve over time without changing the definition of any given Purpose. Once there is at least one Category defined, you can proceed with configuring other aspects of the system.
Note that these Categories and Fields don't have to match the schema in a database or the structure of a given document. The Configuration is simply capturing the kind of language that would appear in a Privacy Policy or a Consent. There are mapping APIs to connect this piece Configuration to specific structed data.
Types of Use and Sharing#
There are five types of use and sharing that can be defined and asserted across the product. Platform Use, Platform Sharing, and User Access broadly capture the terms you would expect to see in a Privacy Policy or similar document. They talk about which Categories are used for which Purposes, which Third-Parties get access to data under those purposes, and what rights a user (or guardian) has to their own data. Contractual Exchange captures the rights and obligations that appear in a B2B contract like a BAA or MSA. Instead of having thousands of contracts scattered across an organization, there's a single place to capture use and reporting requirements, and a single audit stream to prove that terms are met. Finally, Consented Sharing is a single place to define all of the different fine-grained Affirmative Consents that a user can grant through the platform.
Platform Use#
Platform Use defines the purposes that may be asserted for use of data within the platform. Common examples include "provide the service", "billing", "advertising", or "train a model." Some of these Purposes are core to platform operation and must be acknowledged by users. Others may be defined as opt-in, like "marketing deals", and require an end-user to agree to the purpose for their data to be used.
For both core and opt-in Platform Use Purposes, Overrides may be defined. Each Override ensures that a given purpose is never applied to specific populations, like users below a specific age or those living in specific locations.
Platform Sharing#
Many uses of data require Third-Party support, and therefore require data to be shared externally. Platform Sharing captures which Third-Parties are being given which Categories of data for which Purposes, and defines a ceiling on the set of Categories that are valid to share for any given Purpose. It also captures whether a Third-Party is acting as a Service Provider, effectively an entity that treats data as opaque (e.g., when you put data into an AWS Aurora instance Amazon doesn't use your data for their own purposes).
A given Platform Sharing Purpose can be connected to a Platform Use Purpose to explain that sharing is done in support of that Purpose. When this is done, the Category ceiling may not exceed the valid Categories for the Platform Use Purpose, and if the Platform Use purpose is an opt-in, the Platform Sharing Purpose may not be asserted for a given user who has not opted-in to that Purpose. Similarly, any Overrides defined on the Platform Use purpose will also apply to the Platform Sharing Purpose.
Additional Platform Sharing Purposes may be defined, and additional Overrides may apply to those Purposes.
User Access#
User Access defines the rights users have to data associated with themselves, how those rights (as above) are overridden based on age or locale, and the rights that guardians have to a child's data and the ability to control how that data is shared. Overrides may expand the set of categories (e.g., granting access to all categories for users in a specific region) and reduce the set (e.g., not sharing details like Billing to children). Guardians may be given access to specific categories of their child's data, and may be given controls to turn-off specific Third-Party sharing, but only while the child is under a specified threshold age.
Contractual Exchange#
Users may come to a platform by their choice, like when someone creates an account for a social media app. First-party users may also be on a platform through their employer, their health insurance plan, a benefit of some other service they use, etc. Third-party users may have their data exchanged between businesses with no direct platform interaction. In both the First and Third-Party cases, some contract exists that captures rights and obligations on both sides for how data may or may not be used, what reporting must be done back to (e.g.) an employer or business partner, and what rights a user has to their own data under these exchanges.
Contractual Exchange captures these details. When a user onboards as a First-Party under one of these relationships, that context affects the resulting Personalized Terms. When a B2B relationship results in sharing their population's data, the shared data is held to these terms. Tranquil Data allows you to define an arbitrary number of Contractual Purposes, and within those an arbitrary number of terms.
When Platform Use or Platform Sharing is asserted, these terms will be used to ensure that contractual requirements are met. It's common for contracts to disallow Purposes like advertising, AI, or monetization. In certain verticals (like Health and Life Sciences) it's common to expand the Categories of access that users have to their data. The Categories of data shared back to the contract party will vary depending on vertical or business model, but are frequently about guaging and metering use, supporting user populations directly, or demonstrating Return on Investment. All of these may be expressed and enforced using Contractual Exchange.
Consented Sharing#
Consented Sharing supports the definition, enforcement, and audit of data sharing via fine-grained Consents. The term "consent" has many meanings, but in Tranquil Data it means an Affirmative Express Consent. This is designed to support a UX where users decide which categories of data they share based on their own preferences.
Definitions of consent
There are several types of consents. Affirmative Express Consent is the current gold-standard. The United States Federal Trade Commission defines it like this:
"Affirmative Express Consent" means any freely given, specific, informed, and unambiguous indication of an individual consumer's wishes demonstrating agreement by the individual, such as by an affirmative action, following a Clear and Conspicuous Disclosure to the individual of: (1) the categories of information that will be collected; (2) the purpose(s) for which the information is being collected, used, or disclosed; (3) the hyperlink to a document that describes the types of entities to whom the Covered Information is disclosed; and (4) the hyperlink to a simple, easily-located means by which the consumer can withdraw consent and that Clearly and Conspicuously describes any limitations on the consumer's ability to withdraw consent. The Clear and Conspicuous Disclosure must be separate from any "privacy policy," "terms of service," "terms of use," or other similar document.
As with Contractual Exchange, there may be any number of Purposes for Conseted Sharing, and any number of defined terms for each Purpose. Consents are purposefully open-ended, supporting the flow of data to anything from clinical trials, to competitive tournaments, to cross-app sharing, to personal exchange. Each Consent explains to a user why they would share data, and what they should expect in return. Each Consent requests a set of Categories, but allows a user to decide which subset of those Categories they wish to share under that Consent. This gives a user a chance to express some initial preference, and as they build trust and see value, expand what they choose to share.
Explaining and Tracing Data Sharing#
A complete Configuration defines the framework for all possible ways data may be used or shared. Within that framework, a given set of data may be shared with a single party for many different reasons. As Tranquil Data is asked to make decisions against stated purpose, part of its job is to select from this framework the contextually appropriate rationale, and explain why each decision was made. This nuance is captured in the decision trace so that a platform can understand each flow to a given Third-Party, audit each set of data shared in the right context, and even start metering and monetizing data exchange based on the reasons for exchange.