Trust Framework

HAT Code of Practice and Trust Framework

The HAT Code of Practice ( provides the framework for operating the HAT Ecosystem against the following fundamental beliefs held by the HAT Foundation:

First, in the personal data economy, the way to deal with negative externality of personal data such as privacy and confidentiality concerns is to allow individuals to claim their personal data from the collectors (mainly the firms). While firms may still hold the individual’s data, it is the aspiration of the HAT ecosystem that when HATs are ubiquitous, firms would only need to synchronise their data with individual HATs, and may not wish to, in the future, actually store them.

Second, user information privacy is the utmost priority. For information privacy, we take the user-centric approach and deem privacy as generated in the whole data journey (collection, transferring, storing, analysis and dissemination) in the personal data ecosystem. Therefore, the confidentiality and security issues concerning personal data would be controlled by the HAT User.

Third, the HAT Foundation deems leveraging the three forms of architecture (technology, activity and value) as crucial for the development and viability of the multi-sided market.

Fourth, among the three architecture forms, value co-creation for all participants is essential to drive the HAT ecosystem. This means that the individual also has the freedom to manipulate, organise and bundle their data in any way.

Finally, the HAT Foundation regards the key to determining success for the HAT Ecosystem to be the regulation and governance rules such as the HAT privacy principles (HAT Briefing Paper 3), technology (HAT Briefing Paper 4), processes such as auditing and certification, and the regulatory roles of the HAT Foundation. These beliefs are manifested and implemented in the following operating principles:

HAT PRINCIPLE 1     HAT Personal Data is owned by the HAT User

HAT PRINCIPLE 2     Access to HAT User Personal Data is controlled by the HAT User

HAT PRINCIPLE 3     Usage of HAT Personal Data is controlled by the HAT User

HAT PRINCIPLE 4     The Value of the data marketplace on the HAT ecosystem is driven by the HAT Participants

HAT PRINCIPLE 5     HAT-ready Devices, HAT-ready Services and HAT Service Providers are HAT Compliant by supporting the other HAT Principles

Please see HAT Information Policies that support this framework and the certification process.