The Dataswift ONE Rating Assurance and Certification


The purpose of the Dataswift ONE Rating Assurance and Certification standard is to develop a set of principles for websites and applications built on Dataswift’s Personal Data Accounts (PDAs), so that application developers, public institutions, businesses and the public are able to trust these applications, and the way they handle personal data. This standard aims to encourage innovation in PDA applications and the development of privacy preserving apps that are of a high quality, and that are fit for purpose, but also be transparent about how the apps differ in their treatment of personal data. These apps have the potential to change the way applications in the digital and data economy are delivered in the future.The Dataswift ONE Standard is primarily for users to understand how their personal data is stored by app developers and to define a consistent, standardised criteria for applications integrating with PDAs but may also be used by:
  • public and private professionals selecting digital products and services to recommend; and
  • cross sector organizations commissioning bespoke applications.
The emergence of websites, mobile applications, platforms, registries and repositories that hold personal data has created a new environment that enables Machine learning driven services with rich insights and user experience. However, such services may need to access private data such as payment transactions, health records and identity information. Holding such data is beginning to be a liability and increases risks to organisations.The development of the HAT Microserver technology has resulted in the capability of individuals to own their own personal data server. By enabling individuals to collect all their data into their own server and use it to create value for themselves is a step in advancing the Internet. Indeed, the fact that such a technology is able to be deployed at scale would enable mass coordination and better markets for personal data usage to emerge, creating societal value. However, such a technology can also cause harm and left unchecked, would enable privacy to be for sale to the highest bidder and incentivising behaviors that could be damaging to the welfare of society as a whole. In short, the HAT Microserver technology would generate a new set of product opportunities as well as risks in personal data exchanges. This Rating Standard aims to bring together current good practices of data conduct to address these opportunities and risks.


This rating standard gives recommendations for developers of applications using the Dataswift ONE, intending to meet privacy and usability requirements from the handling of personal data. It includes a set of quality criteria and covers the data conduct of the application and the way data flows are orchestrated on the platform. An application is defined as a web or mobile application that has passed the development, testing, releasing and updating of an app, including native, hybrid and web based apps; apps associated with wearable, ambient and apps that are linked to other apps. The Dataswift ONE rating standard does not cover the processes or criteria that an app developer or publisher follows to establish whether an application is subject to regulatory control e.g. as a finance app or as a medical device. This rating standard only covers applications built on the Dataswift ONE platform that have gone live or are intending to go live in production level environments.

The Dataswift ONE Rating Assurance and Certification

Every application generates data when a user interacts with it, resulting in the data being stored somewhere. For applications integrated with the Dataswift ONE, the application owner chooses where to store the data, whether it is on a device, in the Application’s server, or within a PDA. The decision of what data, where and how personal data is stored will be rated by the Dataswift ONE Rating system.

The first character: Access

The first character specifies where the data is stored, if it’s in the PDA, both on the PDA or on the app server, or only at the app server. This character also declares if any Personally Identifiable Information (PII), such as email address is collected or stored on the app server. If the organisation has rights to retrieve the information e.g. through contracted PDA, it is still only for the designated namespaçe. All other namespaces of the database is still private to the PDA owner. For example, an individual who is an employee of organisation “Wood Factory” and whose organisation uses PDAs for their HR records would have the first character as C, indicating that the organisation does have access to the PII inside the PDA as they have credentials for access into the Wood Factory namespace. Should the individual leave the company, the organisation credentials would be terminated but the individual may be allowed to keep the data within the namespace.

The second character: Conditions

The second character specifies if the application imposes condition on the user for reuse and resharing of the data. Some applications may choose to impose legal restrictions on resharing, or technical restrictions for resharing (such as encryption).

The third character: Completeness

The third character specifies how complete is the data within the PDA. This includes what may not normally be personal data e.g. meta data of the app, but would still be user generated.
Merchants declare their rating according to the rating system when they submit their application for review. The ratings are shown to all PDA owners on the screen where they agree to the data contract. The Dataswift ONE Rating Assurance provide individuals with confidence that the website/application displaying the assurance have declared their treatment of personal data on the basis of the standards set out below. This rating assurance is not verified by Dataswift. Merchants may choose to go beyond the assurance and be certified by the HAT Community Foundation. To achieve the Dataswift ONE Rating Certification, websites/applications must subject their code to periodic audit to verify that it consistently adheres to the rating declared.
1st Character
2nd Character
3rd Character
A+ : The app or data debit request does not require any data from the PDA Owner. This is usually the case for apps that only write data into the PDA like dataplugs e.g. Facebook data plug.
A+: The app does not impose any conditions on the re-use and/or re-sharing of the data generated by the app that has been written into the PDA.
A+: The data contributed by the app into the PDA is more than complete i.e. all the data generated by the PDA owner within the app is contributed back into the PDA. The app also licenses other data back to the user such as metadata, descriptions and images to make the data more understandable.
A: The app(s) reads data from the PDA but it does not store the data anywhere outside the PDA, except for performance and caching purposes OR that the data stored outside the PDA cannot be identifiable.
A: The app imposes conditions on the re-use and/or re-sharing of the data generated by the app for legal purposes, e.g. protection of minors. OR the app does not contribute any data to the app.
A: The data contributed by the app into the PDA is complete i.e. a i.e. data generated by the PDA owner within the app is not all contributed back into the PDA (within performance limits).
B: The app(s) requires data from the PDA and will store data outside the PDA but within its own app service. It will not transfer the data anywhere else and this is expressly stated under its legal terms and conditions and privacy policies.
B: The app imposes conditions on the re-use and/or re-sharing of the data generated by the app that has been written into the PDA e.g. it is encrypted etc.
B: The data contributed by the app into the PDA is complete i.e. data generated by the PDA owner within the app is not all contributed back into the PDA. This is the case when pseudonymised data or metadata of the person is kept by the app but not contributed back to the PDA owner.
C: The app(s) will store data outside the PDA and may transfer the data elsewhere for analysis purposes. This is expressly stated under its terms and conditions and privacy policies.
C: The data contributed by the app is incomplete i.e. a subject access request from the PDA Owner to the app yields more data than that which is brought into the PDA.