TTP Method

Purpose

An essential principle of MYOBI is that all Users participate in the Information ecosystem of MYOBI. In doing so, they also make use of the MYOBI Trust Infrastructure, Trust Services and other Services. What does this mean and what is its added value for Users?

These and other questions are answered below. The aim is to explain to Users in an accessible, understandable and accessible manner what the MYOBI service entails, what they can do with it and what it can do for them, and that they are informed about the content and meaning of the TTP policy of which this document is part. After reading this document, they should have an idea of ​​the expectations they may have of MYOBI and of other MYOBI Users; as well as the expectations that MYOBI and other MYOBI Users may have of them.

Although inescapable, the aim has been to use as little legal language and technical terminology as possible. If there is a conflict between this explanation of the working method of the TTP MYOBI and the TTP agreement and the TTP general conditions, the provisions of the TTP agreement and TTP general conditions take precedence. In this explanation of the TTP method, concepts are sometimes written with a capital letter. The reader can check the meaning of the term in Article 2 of the TTP general terms and conditions, where the definitions of the terms are included. Where “he”, “him” or “his” is, “she” or “her” can also be read.

Why participate?

Participating in the MYOBI Information Ecosystem means that Users are in control of their own Personal and Business Data. This gives them a grip on their data that is being circulated. No longer do others control what happens to their data and who can access and use it. From now on the User determines this himself. For people this means that they get a grip on their own data and thus on their own freedom and life. For companies, this means that the reliability of their company data will increase and, as a result, of their information management. They can rely more on their information management. They have substantially less operational and administrative burdens. Their costs are going down substantially. In short, it means more effectiveness and cost efficiency.

What is it?

MYOBI offers an environment in which Persons and Companies can manage and disclose their Personal and Business Data. This always happens in such a way that the User is at the helm. He exercises control over his own data. He decides who can access his data. He determines who may use this data further. He also corrects data if necessary if it is incorrect or incomplete. MYOBI faciliteert en verleent verder Diensten waardoor de betrouwbaarheid van gegevens hoog is. Zo verwacht MYOBI dat Gebruikers zelf hun gegevens verifiëren en zonodig corrigeren.

MYOBI also provides notary services. For example, it establishes the identity of Persons and Companies, issues the requirements for placing and verifying electronic signatures and, if desired, authenticates and stores documents such as concluded contracts.

MYOBI also makes possible a form of electronic contracting, also known as Smart contracting. This also applies to Smart compliance, accountability for compliance with the TTP policy and other laws and regulations. After all, users must have insight into the degree of compliance of other MYOBI Users with whom they exchange data or enter into Smart contracts, for example.

Users also often want to get a grip on their area of ​​responsibility and liability and Users often need insight into the area of ​​responsibility and liability of their (business) partners. MYOBI facilitates this with Legal Entity Management (LEM).

Three-layer model

MYOBI’s services consist of a number of layers or blocks, namely:

  1. MYOBI Technique
  2. MYOBI Operational;
  3. Services by Users.

These layers or blocks are naturally related to each other and continue to embroider on each other. One is the basis for the following. For example, the IT infrastructure and IT services form the basis for the Trust Infrastructure with which MYOBI provides the Trust Services. The Trust Services, in turn, form the basis for the use or application of Services. From a PDS (part of Trust Services) Smart contracts are offered by a Person and accepted by another Person on behalf of a Company and signed with an electronic signature (application of a Service).

Figure 1 below shows the relationship between these layers or blocks, followed by a brief explanation per layer or block.

Figure 1 MYOBI organization & TTP policy

A. MYOBI Technique

The technical infrastructure is developed and managed in this layer or block. We could say this is MYOBI’s factory. Here the technology is developed, managed and maintained. Here lies the intellectual ownership. By technology we mean the IT infrastructure and Services; the semantics of data elements and the models. The IT infrastructure is built with Microsoft Azure services. Semantics are determined by MYOBI and are a basic requirement to maintain the Information ecosystem. Legal models were created by the lawyers at Duthler Associates and First Lawyers and concern, for example, the contract portfolios.

B. MYOBI Operational

In this layer, MYOBI comes into contact with the outside world, with the Users. The MYOBI Techniek layer is mainly behind the scenes; the MYOBI layer operational forms the window to the outside. MYOBI operational uses the technical infrastructure of MYOBI Techniek to deliver the Trust Infrastructure and Trust Services.

The Trust Infrastructure makes a significant use of Microsoft’s basic Azure platform in a technical sense. The MYOBI Trust Services are offered and made available to Users via this platform. Users log in to this basic platform Azure. Microsoft Azure is also the platform on which the PDS of Users is set up and used and from which the services desk & sales work.

The Trust Infrastructure and Trust Services make significant use of the legal models for contracts and specified declarations of consent. The Information ecosystem cannot do without semantics for its conservation and management.

C. Services by Users

In this layer, the activities and Services take place fully in the outside world. The TTP policy forms the basis for this and contains the agreements that MYOBI makes with Users about the use of the Trust Infrastructure, Trust Services and Services.

Examples of Trust Services are using the PDS in healthcare for personal purposes or depositing and authenticating contracts concluded with Smart contracting.

Other examples of Trust Services are facilitating the use of an electronic signature and setting up a Personal Data Store (PDS). A PDS is a personal environment of Users that can be used to unlock their Personal Data and personalized Company Data. A Personal Health Environment (PHE), in which medical data of patients can be made accessible, is part of an PDS. Trust services are a necessary condition for, for example, applying Smart contracting or maintaining the Information ecosystem. In other words, the Trust Services are preconditions for the Professional Services.

Professional services include services such as Smart contracting, Smart compliance and Legal Entity Management (LEM), as well as support in applying them. MYOBI uses the lawyers of Duthler Associates and lawyers of First Lawyers to provide support in applying Smart contracting. Smart compliance support is provided by professionals from Duthler Associates.

What am I getting?

Without being exhaustive and to avoid clutter, the main concrete “products and services” are listed here.

First of all, Users receive a Personal Data Store (PDS). This is a personal environment, from which they keep control over their own Personal and Company data.

Second, they are given the opportunity to participate in an Information Ecosystem, in which the Personal and Business Data is subject to continuous verification.

Thirdly, Users are given the opportunity to use Smart contracts that can be made company-specific if necessary and if desired. The corporate legal function is optimized. This can provide substantial cost savings.

Fourth, Users can give specified permission. They also use a Smart contract for this. Specific permission can be given, for example, for sharing medical data with certain hospitals, healthcare institutions, doctors, pharmacists and other healthcare providers and care providers.

Fifth, companies receive an Accountability Seal, with the help of which they show the outside world to what extent they demonstrably comply with the TTP policy and any other legislation and regulations.

What do users actually get?

  1. A PDS with a PHE;
  2. Participation in Information ecosystem
  3. Smart contracts;
  4. Specified permission;
  5. Accountability Seal.

Mutual expectations

The use of MYOBI and participation in the Information ecosystem is not without obligation. Neither for MYOBI, nor for Users. MYOBI expects Users to always verify the Personal and Business Data concerning them and, if necessary, correct them. MYOBI expects Users to take appropriate security measures to prevent unauthorized or unlawful use or even abuse of their PDS and the other MYOBI Services. MYOBI expects Companies to ensure proper allocation of roles and powers to employees. MYOBI expects Companies to account for compliance with the TTP policy.

Users may expect MYOBI to honor and execute requests for correction of Personal and Business Data; that it uses a reliable platform and IT services; that it takes appropriate technical and organizational measures to protect the platform and IT services; that it uses reliable systems for the storage and transport of personal and company data provided and that it takes appropriate technical and organizational measures against falsification and theft of personal and company data.

How does it work?

A. Onboarden

Becoming a user of MYOBI starts with onboarding. It is not possible to use the MYOBI Services without onboarding. Onboarding is the process of making the necessary preparations, including identifying and authenticating Users and verifying company data including the authority to represent.

This is done as follows.

B. Identification and authentication of natural persons

Persons

The identification and authentication of a natural person takes place on the basis of his email address and mobile phone number. This e-mail address can be provided by this person himself, by a User of MYOBI or by an employee of the Service Desk. MYOBI checks whether the e-mail address and whether the mobile telephone number are unique data in combination and which have not previously been provided by other persons.

There are different levels of certainty regarding the reliability of a natural person’s identity. This certainty can be increased by having the identity confirmed by several “identity suppliers”.

It is also possible to authenticate the identity of the Person with other methods or other (authentic) sources, so that the reliability of the identity of the Person is increased. [1]

After the successful identification and authentication of the natural person, the Onboarding process can be continued.

C. Create Personal Data Store (PDS)

After successful identification and authentication of the natural person, MYOBI then creates a Personal Data Store (PDS). MYOBI does not do this until the natural person has agreed to the TTP policy. MYOBI offers the TTP policy using smart contracting. After acceptance and signing of the smart contract by the natural person and MYOBI, MYOBI creates a PDS and the natural person gets access to his PDS. The signed TTP policy is stored in and made accessible via the PDS of the natural person. We also call this natural person PDS user. The natural person can also use the PDS to apply an electronic signature.

D. Identification and authentication companies

A natural person can ask MYOBI to start the Onboarding process for a company. The person submits the Company’s identity or company details and the legal representative’s identity details to MYOBI. MYOBI then compares the company details with those from the extract from the trade register of the Chambers of Commerce. [2] If the data regarding the legal representative correspond, MYOBI identifies and authenticates the identity of the legal representative as described above. MYOBI also creates a PDS for the legal representative.

Smart contracting. Upon acceptance and signature of the TTP Policy by the legal representative and MYOBI, the Company may use the legal representative’s PDS. The legal representative can use the LEM services of MYOBI to appoint an LEM manager who can assign powers to other (Persons with) specific roles.

In the first instance, the Company is a Participating party. If the Company concludes more than five contracts using Smart contracting or if the company also uses MYOBI Services other than Smart contracting, the company will receive the status of Initiating party. The Company receives a signal from MYOBI when it has concluded three contracts using Smart contracting. The Company will then be informed by MYOBI that it can conclude two more contracts via MYOBI before becoming an Initiating party and thus a paying User.

E. Electronic signature

Key pairs are used for the application of electronic signatures. These key pairs are generated under the control of the PDS user in the personalized environment of the PDS. MYOBI has no access to the private key in any way.

F. Personal Data Store (PDS)

The PDS serves several purposes. A PDS can also have the status of active or passive. An active PDS is an PDS from an initiating party. A passive PDS is a PDS of a Participating party. An initiating party who no longer wishes to use his active PDS can notify MYOBI via an RfS (Request for Service). As soon as such a request has been granted by MYOBI, the PDS will become passive.

From a passive and active PDS an Initiating party or Participating party applies his or her electronic signature.

The PDS user can unlock signed contracts from an active and passive PDS. [3]

An Initiating Party can only purchase Services from MYOBI from an active PDS via an RfS (Request for Service).

The data in a passive PDS – which can also be contracts – is stored for three years. This means that the PDS is cleaned after three years and the data is no longer accessible. A Participating Party may request MYOBI to become an Initiating Party again within the three-year retention period. To this end, MYOBI will re-authenticate the identity of the PDS user, relying not only on the email address and mobile phone number provided by the PDS user itself.

G. Request for Service (RfS)

A RfS can relate, among other things, to:

  1. Request for onboarding of a natural person or Company;
  2. Request for offer of a certain service, such as that of LEM, Smart contracting or self-declaration assessment in the context of compliance with, for example, the Avg;
  3. Request for access to LPF, Baseline and Applied Rules;
  4. Request a copy from a commercial or authentic source, such as that of the trade register of the Chamber of Commerce;
  5. Request for legal support;
  6. Request to terminate status of initiating party;
  7. Request for an invoice.

An RfS can also be recognized by and is made visible with a button “ticket”.

The Service Desk first offers a smart contract for paid Requests for Services. A request for a service is then considered as a request to make an offer. MYOBI then makes the offer or not. This offer is then accepted by the Originating Party. The advantage of this is that it is irrefutably established that the request for the Service has been made, that the requested Service has been offered and that the initiating party has accepted the offer. The request is then granted.

H. Legal support

It is conceivable that Users need professional or legal support in the application of Smart contracting, Smart compliance or Legal Entity Management. This is facilitated by the Service Desk. They can do an RfS at the Service Desk via their PDS. The Service Desk will forward the request to Duthler Associates or First Lawyers.

Legal support is provided by lawyers from Duthler Associates or lawyers from First Lawyers. Legal support can consist of providing legal advice, guiding contract negotiations or providing legal assistance. This is done on an hourly rate and costing basis under the responsibility and terms of Duthler Associates of First Lawyers. To this end, Users conclude a Smart contract and ensure a sufficient balance on their current account. If the current account threatens to become exhausted, the Service Desk will inform the User. Every month or on demand, the Service Desk prepares an invoice based on the actual number of hours used.

I. Servicedesk

The Service Desk carries out the Onboarding process described above.

The Service Desk handles Requests for Services. If necessary, she proactively informs Users about the possibility of professional support for the company legal and compliance function. She also informs Users proactively or on request about the consumption of any professional support. This information is made available and accessible via the PDS.

The Services Desk is available for operational and practical questions and provides background information. She can also contact Users or potential Users on her own initiative to resolve problems or ambiguities.

For the Onboarding process, the MYOBI Service Desk automatically and continuously performs the following checks:

  • Uniqueness of email addresses and phone numbers, individually and in combination;
  • Uniqueness of Company Data;
  • Comparison of supplied personal and company data with authentic and public sources.

J. Compliance

MYOBI is accountable for the use of the Services by Initiating Parties to these Initiating Parties through their Personal Data Store.

The governance of MYOBI and the design of the platform of MYOBI, the Trust Infrastructure and the Trust Services comply with the European General Data Protection Regulation (GDPR), the eIDAS Regulation and the Implementation Act eIDAS Regulation, Implementation Act Consumer Rights Directive and the Sales Act remotely as well as the lower regulations based on it.

The setup of the MYOBI platform, the Trust Infrastructure and the Trust Services comply with the Distance Selling Act, the European Directive on digital content and digital services “(2019/770).

MYOBI also reports annually on the effective operation of the (management) measures it has taken to comply with the GDPR.

K. Technical aspects

Microsoft Azure is the basic platform for the Trust Infrastructure and the provision of Trust Services of MYOBI. In addition, software service components are used such as crypto vaults, active directory and databases.


[1] By transferring € 0.01 to a bank account number or by using IRMA.

[2] This is an automated process. MYOBI also checks in its own database whether the company data does not already exist. A company can only appear once. In addition, the MYOBI service desk can use other (public) sources such as websites, media and social media to verify the provided company data.  

[3] Smart contracts concluded by Users with other Users and signed by PDS holders can be certified by MYOBI. The authentication also takes place by means of an electronic signature.