Operator Tokenomics and Respectful Personal Data Brokering

This article was written by Eve Maler and David Luna.

A video demonstration is included at the end of this article that shows a no-code integration of the Privacy Co-op consent engine into a user journey design.



The Challenge

Creating tangible value while complying with privacy regulations can get complicated. In order for providers to deliver the most personalized (and monetizable) experience, consumers need to share some personal data. Meanwhile, data privacy regulations are upping the ante for gathering consent before using personal data, forcing enterprises to re-architect their customer experience. So how can organizations continue to enhance personalized experiences and customer loyalty without getting into regulatory hot water?


Telecommunications companies, retailers, and financial institutions all require special insight into personal data to deliver value in the face of competitive pressures, including serious disruption of existing business models. That means they’re also under pressure to deliver a special duty of care regarding trustworthiness of consumer relationships. As consent becomes more valuable and also more expensive due to regulations, and consumer trust and privacy outcomes are drifting to new lows, end-users are tiring of the “oversharing imperative” — and service providers are tiring of the cybersecurity and liability implications.


The Scenario

Imagine a world where…



Alice enters a retail store, Acme. She’s on record as agreeing to share her data with Acme, and the store is able to detect her presence through her mobile device. When Alice buys items using her phone, Acme rewards her by depositing AcmeCoin in her associated cryptocurrency wallet. Because Acme’s systems are integrated with a respectful data brokerage ecosystem, all of Alice’s interactions, identity data, and consents generate auditable proof of the company’s rights to collect, use, and share her data — and she can change her mind anytime about those rights. The ecosystem preserves and enhances the relationship between Acme and Alice and their mutual value exchange.


Consulting company Dojo Partners recently debuted just such a scenario to key stakeholders at GSMA’s Mobile World Congress in Barcelona under the headline Operator Tokenomics. ForgeRock’s innovation labs team is working with Dojo, consent service Privacy Co-op, blockchain provider Hedera Hashgraph, and privacy solution provider Pryv in a pilot program as part of the GSMA Foundry. We aim to explore and build a repeatable model for such an ecosystem, applicable to individual companies as well as to entire sectors.


Serving Multiple Stakeholders With No Compromises

The challenge encompasses four distinct stakeholders:


  • The end-user values privacy, wants meaningful data control, and — if their data is used or shared even in a legitimate way — wants to be informed and potentially even reimbursed.
  • The business leader looks to leverage personal data to build compelling business propositions, create an unbeatable experience, and persuade users to return again and again.
  • The chief privacy officer values clarity of purpose for which data is to be collected, assurances around compliance with privacy regulations, and adherence to users’ consent elections.
  • The systems integrator needs to ensure that any new IT systems or components are able to fit seamlessly and with minimal friction and cost into the lives of their developers and end-users.

Elements of a Proposed Solution

What are the major components of the “Operator Tokenomics” solution proposed to GSMA stakeholders at Mobile World Congress ‘22?


  • A powerful consent engine that can capture users’ choices and serve as an authoritative store for businesses that rely on knowing and acting on these choices
  • A respectful data marketplace in which personal data is made available, subject to calculable consent constraints
  • Sophisticated payment systems that enable directly rewarding users for data usage, through the use of cryptocurrency wallets or other loyalty reward frameworks
  • A robust consumer identity and access management (CIAM) solution that ties together users’ identity data and consent choices across the brokerage ecosystem and internal business systems, while enabling consent self-service

Users must be able to make meaningful choices when agreeing to data sharing. However, providing too detailed an experience in asking for consent can backfire, causing “negative psychological effects triggered by the proliferation of choice in a privacy context.” As well, some users will reasonably elect to accept an offered default level of data sharing as long as they have the option to change their minds in a convenient fashion later. Modern services and applications need to be flexible enough to present all of these consent choices.


Imagining – and Building – a Respectful Data Brokerage Ecosystem

When registering for access to a service for the first time, a user can generate a new account for that service or utilize an existing federated identity. In doing so, the service grants a set of default data-sharing choices which it should inform the user to review — much akin to agreeing to terms and conditions. These settings are transmitted to the consent engine, where the user can review and update them at any time in accordance with the service’s policies.

The following simple demonstration of ForgeRock Intelligent Access Trees shows a no-code integration of the Privacy Co-op consent engine into a user journey design. It enables organizations like Acme — a member of the respectful data brokerage ecosystem — to leverage an independent and trusted source of Alice’s express consent into any part of her journey; including registration, authentication, or profile self-service. enables organizations like Acme — a member of the respectful data brokerage ecosystem — to leverage an independent and trusted source of Alice’s express consent into any part of her journey; including registration, authentication, or profile self-service.


Designing a user’s authentication and consent journey with ForgeRock Intelligent Access Trees, integrating the Privacy Co-op consent engine

Internal use case: When Acme wants to use Alice’s personal data for an email marketing campaign, a consent engine acts as an authoritative source for whether or not her data is suitable for inclusion, ensuring compliance and auditability of decisions.


External use case: On the basis of Alice's express affirmative consent available through the consent engine, her data can be made available in a data marketplace or exchange. Specific conditions for data sharing can also be established, adhered to, and proven. Examples include data anonymization and restricting certain data to specific audiences.


The consent service lets users alter their own consent elections at any time, whether or not the user is currently interacting with the service seeking that consent. A consent service acting as a user’s authorized agent (as conceived in the CCPA legislation) becomes legally responsible for helping to keep the data licensee honest. Privacy compliance officers gain assurance that they are licensed to place specific data on the exchange. Systems integrators can ensure that both deployment and the end-user experience for personal data collection, use, and sharing are transparent, frictionless, and seamless.

Potential interaction points between a service owned by Acme Retail, with ForgeRock as the identity solution, Privacy Co-op as the consent engine, Hedera Hashgraph as the distributed ledger technology, and a generic data marketplace/exchange


The ecosystem incorporates a reward facility to remunerate users for licensing their data, with the possibility of paying greater rewards for the ability to license data with fewer conditions. A service may choose to grant a user a small reward for the use of their data internally (for example, to enable sending a newsletter) and other rewards for wider usage and sharing. The user can apply conditions, and the offered rewards could reflect the choices the user makes — for example, licensing data sharing only within the U.S. and in anonymized form might be worth fewer reward tokens than less-restricted sharing. Ultimately, licensing per usage in a granular fashion is possible.


Let Us Know If You’re Interested!

We believe this model incentivizes the right interactions among the stakeholders, all underpinned by easy-to-use and simple-to-integrate technology. It holds promise for letting end-users achieve convenient, direct, fine-grained data control and mutual value exchange with businesses that can prove the data rights they hold. And it lets IT achieve simple, repeatable integration of a complex set of ecosystem interactions.


We are eager to hear from and work with enterprises to test and deepen the utility of this approach. Please check out the additional resources on the Dojo site. And let us know in the comments below what you think!

1 Like