Data Rights Protocol: 2022 Year in Review

As we approach the end of the year, we’re excited to share some updates on the progress of the Data Rights Protocol (DRP) initiative in 2022.

This year we released version 0.6 of the protocol and mapped out both conformance testing and interoperability roadmaps to reach version 1.0. Our latest release includes updates to the data model and begins to incorporate our latest security model. We are constantly working to improve the protocol and make it more user-friendly and accessible for all, and plan to post v0.7 for comment in the weeks ahead. Our tech lead Ryan Rix has muscled each new version of the protocol into existence, and we’re grateful for his vision.

In addition to up-versioning the protocol, we published a Security Model for the DRP, based on feedback received from our implementing companies. Our latest security model outlines the system goals and priorities, identifies potential risks and harms, and proposes a path forward. Good security is table stakes. We’ve been fortunate to onboard a talented Security Engineer, Kevin Riggle of Complex Systems Group, to the DRP core team and plan to continuously improve and strengthen security measures in the months ahead.

This year we commenced end-to-end testing of the DRP with some of our most active consortium members. Ethyca and Incogni by Surfshark collaborated on the very first end-to-end test of the protocol this May. Most recently, Transcend has joined them in completing an end-to-end test. End-to-end testing is critically collaborative and, like the protocol itself, premised on the co-development of a protocol and business processes that support and reflect what participating companies agree to adopt and deploy. We’re grateful for the philanthropic support we received from Mozilla Data Futures Lab, which allowed us to begin modeling these governance principles in practice.

To aid with our ambitious testing schedule for the DRP, we also developed and launched a testing app to help consortium members test their implementations of the protocol self-serve. The app is called OSIRAA (Open Source Implementers’ Reference Authorized Agent), and it was designed by John Szinger, Lead Software Engineer at the Innovation Lab, who also joined the DRP core team this year. It’s designed to help companies verify the conformance of their systems with the DRP and also to test interoperability between systems. OSIRAA is an important step in ensuring the widespread adoption and use of the DRP – it’s been nice to see implementers already using it.

This year we also took advantage of opportunities to share the protocol with the broader data rights community. We presented DRP at Mozilla’s MozFest, IAPP’s Global Privacy Summit, and Crypto Privacy Village at DEFCON30. We also shared our plans with the California DOJ privacy group and the new CPPA agency, who have been involved in similar standards projects like the Global Privacy Control. Our work was covered on IAPP’s blog and on their podcast.

Overall, it has been a productive year for the DRP project, and we know the momentum will continue in 2023. If you are a business interested in learning more and possibly implementing the Data Rights Protocol, we’d be delighted to hear from you (you can reach out here). We are grateful for the support and participation of our community, and we look forward to continuing this work together.

Get the latest on Innovation at Consumer Reports

Sign up to stay informed

We care about the protection of your data. Read our Privacy Policy