Application Governance

Dataswift governance is the review of applications and the management and maintenance of applications’ contracts with their users. Dataswift governance consist of 5 parts:

(1) Permissions Request set up and Application Rating:

Dataswift Product team receives the websites/applications’ requests to set up contracts between the app and their users. The contracts, known as HAT Microserver Instruction Contracts (HMICs), are set up by Dataswift to auto-generate when the app’s users register at the app, enabling Apps to request access for reading or writing data into their app namespace/folders or to access other namespace/folders data in the PDA. HMIC set up requests will include various declarations by the application of their data conduct (i.e. the way the app collect, stores, process and shares data). Dataswift implements the rating system set out by the HAT Community Foundation. Dataswift will then display their declaration of the Application’s rating on the HATStore as well as on the PDA Dashboard app.

(2) Reviewing:

Dataswift Review Committee conducts the following reviews of the Application:
  • Design review - to ensure design consistency across all apps in the ecosystem in terms of usage of terms and design assets.
  • Technical elements - to ensure the API end points are called on correctly, error handling has been attended to and there are no other technical issues
  • Contractual review - to ensure that the contract is valid and set up correctly for the right set of data within the PDA for the stipulated usage, duration, and purpose.
  • Compliance review - to ensure that standard platform rules are followed as well as ensuring compliance to data protection and privacy regulations.
  • Data Conduct review - to ensure that data collection, storage, usage and processing have been handled responsibly.
Getting ready to go live? Here is a checklist.

(3) Maintaining contracts:

When an app is live, HMICs will be logged on the HATDeX platform when users register or login to the application and accepts the contract. Dataswift logs its details, manages and maintains the HMICs, their versioning and updates on behalf of app owners and their users. Dataswift monitor Clients (apps) compliance with their obligations under the Agreement, including necessary audits, under the oversight of HAT Community Foundation.

(4) Continuing Governance:

HMICs are checked by Dataswift’s Performance and Monitoring committee to ensure apps behave in accordance with the Policies (including any other governance protocols). Such Policies may be regulatory (e.g. imposed by HCF), standard (e.g. for contracted or regulated PDAs) or non-standard (e.g. source constraints set by Data Providers).

(5) Certification:

Post approval, applications can apply to have an official HATDeX Rating certificate by the HAT Community Foundation.Dataswift reserves the right to refuse or reject any permission request by an application. We recommend all applications take their first version MVP live to ensure that their application is able to pass the requirements of Dataswift Governance. Dataswift governance is subject to oversight by the HAT Community Foundation (see diagram below for HCF’s role).