OPENi Privacy by design @Athens hackathon, September 2014

1Reinventing Marketing for the Mobile Era

12 SEPT 2014

PERSONAL DIGITAL DATA PRIVACY

OPENI PRIVACY-BY-DESIGN SOLUTION


AGENDAA Few Words about VELTI

Personal Data Storage Services

Tackling Digital Personal Data Privacy

On Educating Privacy-aware End-Users

Privacy-By-Design in Mobile Marketing


ABOUT VELTI

Velti was founded in 2000 to develop and execute highly interactive campaigns

with subscribers for mobile operators.

Fourteen years later,

VELTI is a global provider of mobile marketing & advertising solutions

that enable brands, advertising agencies, mobile operators, and media to

engage with consumers via their mobile devices.

Consumers’ personal data privacy protection & consumer consent is

key to VELTI solutions

VELTI conducts marketing campaigns in over 67 countries across the

globe

Most of the TOP-20 largest mobile operators worldwide have run

campaigns with VELTI


ABOUT VELTI’s Innovation

Velti has a dedicated innovation team with 15 (25% PhD/ 75% MSc) employees with

analytical and innovation skills focusing on mobile technologies and next generation services

Velti Innovation Team Research Areas:

- Mobile Applications (native applications, mobile web, rich media advertisements)

- Cloud-based Systems & Applications

- Big- Data Analysis and Processing

- Digital Data Privacy & Monetization

- Mobile Advertising

- Advance User Visualization and Interaction Experiences

The team has been involved in more than 10 EU research projects within the past 5 year.


A Rapidly Evolving Digital Era – Mobile & Personal

Consumers spend more time on mobile than on computers. (Source: Fast

Company)

Mobile internet access enabled by smartphones and tablets has nearly doubled

the amount of time spent online since 2010. (Source: Heidi Cohen)

189 million Facebook users (almost one out of five) are mobile-only, and mobile

use accounts for 30% of Facebook ad revenue. (Source: Fast Company)

751 million (nearly three-quarters of the total) Facebook users access the network

from mobile devices at least some of the time. (Source: Digital Buzz Blog)

Twitter has more than 500 million total users. 288 million users are active monthly,

collectively sending out over 400 million tweets each day. (Source: Digital Buzz

Blog)

25% of smartphone owners ages 18–44 say they “can’t recall the last time their

smartphone wasn’t next to them.” (Source: Fast Company)

310*Apps

Downloads in 2016

81*Apps

Downloads in2013

*Billions

- Source: © Gartner (Sept. 2012)


Personal Data Challenges for End-Consumers

A large majority of Europeans engage with Online Social Networks (OSNs)

74% of users consider that they do not have sufficient control

70% are concerned with the way such data are handled by

Personal data sharing is a complex and pervasive process that is still not well

understood;

Native Mobile Applications acting as Data Silos;

Data Processors vs Data Collectors

Personal Data Fragmentation

Asymmetry between data processing and control means available to OSNs and

those afforded by citizens;

Upcoming EU General Data Protection Regulation – harmonisation of EU’s legal

framework and improvement of users’ control over their shared data


Data Protection Directive (EU - ePrivacy Directive)

Many types of data stored on or generated by a smart device are personal data. They arepersonal data whenever they relate to an individual, who is directly (such as by name) or

indirectly identifiable to the controller or to a third party.• Location

• Contacts

• Unique device and customer identifiers (such as IMEI, IMSI, UDID and mobile phone number)

• Identity of the data subject

• Identity of the phone (i.e. name of the phone)

• Credit card and payment data

• Phone call logs, SMS or instant messaging

• Email

• Information society service authentication credentials (especially services with social features)

• Pictures and videos

To the extent that the app developer has outsourced some or all of the actual data processing to a third party andthat third party assumes the role of a data processor then the app developer must comply with all obligationsrelated to the use of a data processor. This would also include the use of a cloud computing provider (e.g. forexternal data storage).


Data Protection Directive

Article 5 of the ePrivacy Directive

An app developer may use third party libraries with software that provides common functionalities, such

as for example a library for a social gaming platform. The app developer must ensure users are aware

of any data processing undertaken by such libraries and if that is the case, that such data processing

is compliant with the EU legal framework, including where relevant, by obtaining the consent of the user.

In that sense, app developers must prevent use of functionalities that are hidden from the user.

Data Protection Directive (Article 17)

It requires from the manufacturers of a device or an application to embed data protection from the very

beginning of its design.

This includes ensuring the availability of appropriate mechanisms to inform and educate the end user

about what the apps can do and what data they are able to access, as well as providing appropriate

settings for app users to change the parameters of the processing.


9

To address the multiplicity complexity and sustainability of the emerging cloud-based mobile apps ecosystem,from both consumers’ and application developers’ point of view, OPENi project developed an innovative open-source Graph API platform that:

enables mobile application consumers to store data and metadata from their mobile application usage in their own space in the cloud

“CLOUDLET"

This information, along with fruitful dynamic contextual data, can be then shared (under the control of theconsumers) securely among their applications, services and across connected devices, towards optimizing end-users’ overall quality of experience (QoE).

OPENi Line of Thinking… Personal Data Service (PDS),


10

DIRECT & EXPLICIT DATA MANAGEMENT

Users are the owners of

their personal data

generated, accessed and

managed by their mobile

applications & the

controllers of the access

permissions rules governing

the use of the latter.

Introduced Innovations on Privacy

CATALYZING CROSS APP. DATA SHARING

Users make their data

available across

app/provider’s boundaries,

resolving today’s problems

of digital personal data

fragmentation in data silos

and duplication of among

various service providers.

CONTEXT AWARENESS TYPE EXTENDIBILITY

Allows developers to

use and build context-

aware applications that

operate collaboratively

to enhance end-users

meta-information on a

common platform

PRIVACY-BY-DESIGN ARCHITECTURE

Via users’ Cloudlet OPENi-

enabled applications can

access, store and update users’

data and content according to

their preferences. OPENi API

Platform has no direct access to

any of user’s data, acting as

personal digital data proxy.


11

OPENi Profiled and Analysed a number of Personal Data Storageservices to ascertain the De facto industry standards with regard to:

data privacy,

data control,

interoperability with 3rd party apps and services

accessibility and ease of use.

CAYOVA, FredomBox, Gigya, Personal, Mydex, OwnCloud, Pidder, Privowny, Qiy, e.t.c.

Personal Data Storage Services Landscape


12

OPENi Cloudlet Positioning


EDUCATING PRIVACY AWARE USERS


STEP I. Understanding Complexity for End-Users Point of View

Which Types of Data are Most Interesting at the

Time of InstallationSurprise for Types of Data Collected.


STEP II. Introducing a Taxonomy: “OPENi Privacy Dimensions”

OPENi Privacy Dimensions High Level Opt-in Opt-out Dimensions Dimensioning (max) Auditing/Monito

ring

(P0 (high) – P3 (low))

User Profile (General Setting) Let apps access my profile

(e.g., name, picture and other count information)

[10,1]

Assuming 10 CBS accounts per user.

P0

User Profile (Online Payment) Let apps use my access online wallet accounts for experiences across apps. [5,1]

Assuming 5 Cards per user.

P0

Device Profile Let apps use my device unique identifiers (such as: MAC, IP, UDID, UUID,

Advertising ID).

[1] P1

Device Comp. Let apps use my Webcam and Microphone. [1] P3

Contacts/Groups Let apps access my contacts information [5] P2

Location Let apps use my location via

A. WiFi

B. GPS

C. 3G/GPRS

[N,N,N,N]

[N,N]

[N]

where N >> 1000

P2

Social Activity Let apps access information about my social activity. {N}

where N >> 1000

P2

Media Files Let apps use my media. {M}

where M > 1000

P2

Product and Services Let apps use my services and product information [M, M]

where M ~ 1000

P3

Health Factors & Condition Let apps access my health profile information [M, M, M]

where M ~ 1000

P0


16

STEPIII. OPENi Permission Visualisation

I. Permissions Dialog & Personal

Data Visualization

II. Personal Data Management

(Opt-in & Opt-out)

III. Fine-grained Privacy Control

interface

IV Auditing


PRIVACY BY DESIGN

THE CASE OF MOBILE MARKETING


18

Personalized Advertising Use Case Ecosystem


19

Among Multiple Data

Collectors and Controllers

Almost Impossible to Proses

and Derive Intuitive

Outcomes

Privacy Concern Challenges

PERSONAL DATA FRAGMENTATION

APP DEVELOPERS ISOLATION

MOBILE APP. USERS

Cannot control the ad serving

process even if users

experience is reduced.

Cannot assert data privacy

and gain trust.

Cannot Control the Ad

Serving Process;

Cannot Control the Use of

the Personal Data that they

Share.

Cannot Receive Personalized

Ads based on their Context

and Interests.


20

On Privacy-Aware Ad Targeting (Service Enabler)

ADVERTISER

How about a mechanism to allow users monitise their data; include something that rewards users for sharing their data (in a privacy preserving

way) with an advertising service?

OPENi Platform

Personal Data

Advertising SE

Targeting Audience Management - Dashboard

Audience Demographics

Targeting Analysis

Campaign Audience Monitoring

Retargeting & Optimization AD Network

(Mobile Ad Server, Rich

Media Server)

Targeting Data

Ad Serving

(Targeted)

A

B

C


21

On Privacy-Aware Ad Serving – A novel “Pull” Model

OPENi Platform

OPENi API Platform

Cloudlet

CBSs

Advertising SE Recommender SE

Timeline SE

Advertisers

Mobile Ad

Networks

Ad ID

Ad ID

Ad Anonymously Served

• Any OPENi-enable application in order to serve

an ad to a specific user is just accessing users’

Advertisement Object(s), stored in his/her

Cloudlet word, towards retrieving an Ad

Campaign ID and the name of the Mobile Ad

Network via which it will pull the content of the

ad.

• Since the latter Ad Campaign ID and

corresponding information related to the ad (e.g.,

the advertising brand, mobile ad network, e.t.c.)

is stored in OPENi users’ Cloudlets

Advertisement type of objects, the OPERA users

will be able to explicitly control the access/use

of this object(s) by their apps. Specifically, by

opting-out from the use of the latter objects,

her/his app will not have the ability to access the

above objects and thus, the user will never get a

Campaign X Ad.


End-consumers

Have full control and transparency of the use of their personal data from their personal Cloudlet.

Can potentially monetize the use of the latter (e.g., via loyalty programs)

Added Value: they receive more useful information, while they retain control of their data

Publishers (OPENi Application Developers)

Retain the option to use existing advertising models

Explore new marketing models with ease for their business models (affect and control the value of their applications)

Retain control over what type of campaigns are visible to their end-consumers/users.

Added Value: their consumers are more satisfied with more relevant campaigns, advertisers run more campaigns on their OPENi enabled

applications (increase value).

Advertisers

Enhance their capabilities to target personalised advertising and marketing campaigns but in a transparent way and to the explicit control of

the end-consumer.

Added Value: they can perform better audience management and targeting

Data Owners /Services

Personal data available through the OPENi platform from 3rd parties can be used for personalised advertising and marketing campaigns if

the end-consumers have provided their explicit consent, thus unlocking the value of these personalised data.

Added Value: they may receive part of the revenue from the advertising campaign while fulfilling regulatory framework

1

2

3

4

OPENi Emerging Ecosystem and Business Value


THANK YOUMORE INFO AT WWW.VELTI.COM

Technology

OPENi Privacy by design @Athens hackathon, September 2014