How CPN puts users in control of their personal data

With the introduction of the GDPR in May 2018, EU citizens have had their rights to data privacy and the ability to control their personal data enshrined in law. This includes the right to be forgotten, the right to rectification, and the right to be informed amongst others.

One of the key principles of GDPR the team behind CPN believes in is the absolute right for citizens to be informed about how their data is being collected, processed, stored, and used.

We believe that giving citizens this knowledge not only gives them power, but reduces fear and uncertainty about what we are doing with their data. How does a news platform like CPN balance the data rights of the citizen against the ability to deliver personalised news content? We may know we aren’t doing anything nefarious, but how do we prove that to you?

The Personal Data Receipt

Initially conceived and implemented by the team at Digital Catapult, the Personal Data Receipt (PDR) is a simple but effective way of changing the relationship between the data subject (the user of the CPN platform) and the data controller (the CPN platform).

Every new user who signs up to CPN will receive a structured email containing a record of the permissions they gave the CPN platform to hold and process their data. This can be stored by the user as an easily-accessible record of their relationship with the CPN platform.

An example of a Personal Data Receipt.

An example of a Personal Data Receipt.

We believe this is a much more responsible behaviour than all those websites and services which ask you to click away your consent but never give you a record so you forget what you’ve agreed to and where.

The PDRs also contain the contact details of the person responsible for GDPR compliance at the originating organisation. This permanent receipt controlled by the user now means that if the platform starts behaving in a way they didn’t agree to, they have proof with which to seek redress, and details of the right person to get in touch with.

Any time the user changes their permissions within the platform, they will receive a new PDR with their updated consent and preferences, so they can check how these have changed over time.

User Testing

Of course, coming up with a new idea like the PDR doesn’t mean anything if users don’t find them helpful or useful. So we integrated the PDR functionality within the latest pilot run by VRT at the end of March 2019, and followed-up with the trial participants at the end to get their feedback about the system. (Read more about the March pilot here.)


The results from this trial were very encouraging!

Across all three trial sites in Belgium, Germany, and Cyprus, the vast majority (83%) of users understood the purpose of PDRs, and 80% felt that PDRs were either useful or very useful. However, the system did fail to deliver PDRs to some 15% of users who signed up - something we’re investigating. And given the brief duration of the trial, it’s understandable that only 1/8th of users had tried to change their data preferences during the trial.

We believe that with these study results, PDRs will give users of the CPN platform a real confidence boost that we understand and respect their GDPR rights.

The CPN team also invites to other European news organisations to personalise their news stories with the software modules from CPN. In a new pilot, the Cypriot news organisation Dias and Deutsche Welle are also experimenting with the personalisation of their news articles. The insights and next steps will be published here.

Interested in piloting the CPN software? Contact us here!