This article defines the term “Survey” as it is used within the privact framework.
Definition
A survey is a query across multiple users which returns only fully anonymized data to the survey issuer. No personal data is ever transferred to the issuer.
Fully anonymized data is defined as user can not be identified and the data can not be de-anonymized.
Use cases
Initiating a survey
A survey can be initiated by anyone who
- has successfully applied at privact as an issuer,
- agrees to privacts terms and conditions of using the survey service,
- is publishing her CO2 neutrality (coorperations only)
New surveys can be created by an interface provided by privact. This will limit what can be done in a survey to make sure, that issuers are not freely programming against the full set of personal data.
If a survey uses specially protected data, e.g. sensitive health data or credit card information, the survey is reviewed by privact before it is executed.
Survey execution
A new survey that was issued, is added to a list of ongoing surveys, hosted by privact.
A background service running on the user’s device will regularly look for ongoing surveys and, depending on privacy settings and data requirements of the survey, participate and provide personal data to privact for the sole purpose of creating the survey statistics. Any data transferred is deleted as soon as possible and not made accessible to anyone.
Results of a survey
Result are always fully-anonymized data, e.g. statistics. As fully-anonymized data, it does not qualify as personal data anymore.
Once a survey had either been running for a preconfigured time or a sufficient number of participants has been reached, the survey ends and the results are made available.
Results will be published on a server hosted by privact.