[MINUTES] CCG Atlantic Weekly 2025-10-07 from meetings@w3c-ccg.org on 2025-10-07 (public-credentials@w3.org from October 2025)

From: <meetings@w3c-ccg.org>
Date: Tue, 7 Oct 2025 17:11:09 -0500
To: public-credentials@w3.org
Message-ID: <CA+ChqYcn21CJS9-y+dvcKCjsv+k7st0uxvZSXkoP5Eh_tKW=Rw@mail.gmail.com>
Meeting Summary: CCG Atlantic Weekly - 2025/10/07

*Topics Covered:*

   - Introduction to "My Terms" (IEEE 7012 Standard)
   - Current Online Reality and the Need for Change
   - My Terms: A New Ecosystem for Data Exchange
   - Agreements and Contracts
   - Implementation Challenges and Future Directions
   - Enforcement of My Terms

*Key Points:*

   - *My Terms Standard (IEEE 7012):* Ian Henderson introduced "My Terms,"
   an upcoming IEEE standard (likely to be published in January 2026) designed
   to standardize and improve how individuals manage their privacy terms and
   data exchange with organizations.
   - *The Problem:* The current online model of "notice and consent" is
   broken and doesn't scale. Individuals are presented with numerous privacy
   policies and terms they don't understand, leading to a lack of control over
   their data.
   - *The Solution:* My Terms aims to shift the online environment to be
   more like the offline world, giving individuals more control over their
   data through standardized contracts rather than consent. The standard uses
   a data privacy vocabulary and enables individuals to propose their own
   terms, fostering a more transparent and user-centric approach.
   - *Target Audience:* Primarily focused on organizations that aren't
   currently using data in a way that is going against individuals privacy.
   - *Agreements and Contracts:* The system uses a set of 13 initial
   agreements that can be selected, with the agreements becoming contracts
   when signed. These agreements include Type 1 (one-off data contributions)
   and Type 2 (ongoing relationships).
   - *Implementation:* The system involves individuals using agents to
   manage their data agreements. Organizations can either accept the
   individual's terms or propose alternatives. A history of interactions is
   kept to track how organizations respond to term proposals.
   - *Challenges and Future:* Implementation challenges include getting
   agents into users' hands. There's discussion about options like a single
   mobile app, or more decentralized solutions.
   - *Enforcement:* The standard aims to provide a better framework for
   data agreements, and that those contracts are easier to enforce than the
   current system.
   - *Next Steps:* My Terms team is seeking feedback and collaboration as
   they approach publication. They are also working on outreach and practical
   implementation, including the development of market innovation labs and
   plugins for platforms like WordPress.

Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-atlantic-weekly-2025-10-07.md

Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-atlantic-weekly-2025-10-07.mp4
*CCG Atlantic Weekly - 2025/10/07 11:55 EDT - Transcript* *Attendees*

Alex Higuera, Benjamin Young, Chandima Cumaranatunge, Dave Lehn, Erica
Connell, Fireflies.ai Notetaker Ivan, Geun-Hyung Kim, Greg Bernstein,
Harrison Tang, Hiroyuki Sano, Iain Henderson, JeffO - HumanOS, Jennie
Meier, Joe Andrieu, Kaliya Identity Woman, Kayode Ezike, Kerri Lemoie,
Parth Bhatt, Phillip Long, Rob Padula, Ted Thibodeau Jr, Vanessa Xu, Will
Abramson
*Transcript*

Will Abramson: we usually get started about five pass admin and…

Iain Henderson: What's that?

Iain Henderson: Yeah.

Will Abramson: then hand over to you take it away I think it's useful to
have 15 minutes at the end for questions…

Iain Henderson: How much time do you want me to talk about my terms? Yeah,
I think this group will have a lot of questions…

Will Abramson: if possible Yeah.

Iain Henderson: which I'm looking forward to. So that for me is the real
value.

Will Abramson: Okay, Grace.

Will Abramson: Just give people a couple more minutes. Trick in start.
Thanks.

Will Abramson: It's okay. I'm gonna get started. I think we got a decent
group. so I'll start with just, standard administrative stuff before I hand
over to Ian who's going to talk to us about my terms, which is an IE E
standard that's working its way through so first of all the standard thing
code of ethics and professional conduct. So let's continue to create a
welcoming inclusive community here and treat people with respect. Listen to
each other's all that stuff. You can read the code of conducts on the W3C.
It's in the agenda minutes. I think we do great at this but let's continue
to keep that in mind.

Will Abramson: Second IP note. So anyone can participate in these calls.
However, substantiative contributors to any CCG work items must be members
of the CCG with full IPR agreements signed. And if you're not sure about
that, reach out to any of the chairs and we can help you with that, help
you get involved. so these calls are recorded using Google Meet and will be
sent out after the meeting to the CCG mailing list. So there's a recording
and a transcript all available on the mailing list. Introductions and
reintroductions. Does anyone want to say hello to the community who's new
or hasn't said hello in a while? Fancy saying hi. Okay. Not hearing anyone
on the queue. Seeing anyone on the queue.

Will Abramson: Do anybody have any announcements or reminders for the
community today they want to share?

Will Abramson: Korea. Yep.

Kaliya Identity Woman: Hi. So,…

Kaliya Identity Woman: we have the internet identity workshop coming up in
two weeks October 21st to 23rd in Mountain View, California. And then
immediately following we're doing a new workshop working to support Aentic
protocol creators coming together. So if folks working on protocols in the
agentic AI space please encourage them to join us there. we'll be doing it
just like IW using openspace technology and creating the agenda in the
morning. And I'll put the two links in the chat. Thanks.
00:05:00

Will Abramson: Thanks, anybody else have any announcements or reminders? I
think I have one. so tomorrow we will start the series of APAC, Asia
Pacific friendly CCG calls, which is an experiment that we're running in
October to see if there's appetite for, a different call time that is more
inclusive. the Asia-Pacific region. So tomorrow we have these guys from
Turing Certificates who are going to be talking to us about education
credentials in particular crossborder use case. the call time is at 12:00
p.m. universal standard.

Will Abramson: So, it's 1:00 p.m. UK. I don't know what the translation is.
8:00 a.m. 8:00 a.m. east coast. So, yeah, if you can make it, it'd be
great. Let's see. Hopefully, we're going to get some Asia Pacific folks who
don't usually get to show up to this call because it's a strange time for
them. So, should be interesting to okay, with that, let's see. work items.
Does anybody have any updates on work items that have been worked on by the
community before you hand over to Okay, not seeing anyone. So with that, I
think Ian, go for Talk to us about my terms. I'm looking forward to this.
Okay.

Iain Henderson: Hi I've met a few of you obviously quite well. For anyone
else have not met, I am Ian Henderson. I'm based in central Scotland, UK.
I've been in the identity community for many years. Regular attendance at
I'll be over at the one next week, which is good. I'm looking forward to
that. some of you might have heard before of what was called ILE E7012
which is clearly a very boring name and we'll come back to what that means
in a moment.

Iain Henderson: So e712 is something that I've been working on with docel's
project VRM type folks for about eight years since we started at le it
finally is ready to pop out. I suspect it will publish in January this year
and we'll come back to what that means in a minute. But since we came up
with the nickname my terms, it's gone from way down in boring land to my
terms. that's quite interesting. I can see where that fits in. So that
single change of name has taken it from being it's always been about the
same stuff, but it's now got a high profile and it's about to get a lot
higher through that switch and emphasis. And there's a guy called John
Havens.

Iain Henderson: Some of you will know John, but he's the chair of Ile E and
he's now running around his network which is very extensive saying that my
terms is their most significant standard since Wi-Fi which is obviously ILE
E2.11 or something like that. Whether my terms goes in that direction or
not remains to be seen but it certainly is seen as having the potential to
be big and important. So that's the introduction. I've got a set of slides
that are quite textheavy and I'll share them afterwards. So I'll just go
through and get to the highlights. I'm most interested in the feedback from
yourself. because that's what we need right at this point where it's kind
of three four months away from publication. Let me find that right.

Iain Henderson: Can you guys see that screen?

Will Abramson: It's not presenting, but you can see Yeah.

Iain Henderson: Right, let me try and do that presentation mode. Can you
see that now? So, customer commons is for anyone who doesn't know it's a
spin out of project VRM has been around since 2007 2008. Several of you
here have been part of that for the duration and its goes ups and downs and
its waves of less activity. The fundamental point is build things on the
side of the customer and overall relationship management will be a lot
better.
00:10:00

Iain Henderson: so that's the theory behind customer commons over the
period we've got involved in different things but it e approached us eight
years back and said that thing you're talking about privacy policies
written from the individual perspective if you made those machine readable
they could be standardized is that a good idea yes so we've been working it
under that IE umbrella for eight years going in different directions some of

Iain Henderson: you've been involved. That's the original project
authorization or PAR as it's called. I won't read through that. You can
skim it yourself. But essentially, it's about individuals being able to
propose their own terms, particularly around privacy terms. So rather than
if each of us deals with 300 organizations, which in our world is probably
a significant underestimate, that means we have 300 different privacy
policies that we've signed. 300 different terms and conditions, none of
which we really have a record of. Most of which we've not actually
understood, and agreed with, but we've still checked the box anyway. So
that's the very very broken nature of the current model. So 7012 was
designed to give us an alternative to that by standardizing part of the
privacy policy journey. What's this one saying?

Iain Henderson: This is an extract from the introduction where this was
docs that had written this one which is basically saying the online world
needs to work more like the offline world. You don't go into Starbucks
across the road and they don't come and stick a tracker beacon. maybe
Starbucks is a bad example. You don't go into the local bakers and get
tracked all over the place, In every other shop that you go to. Whereas in
the online world, those signals don't exist, And they need to be hardcoded
and hardwired so that the websites, apps, organizations understand what's
been asked of them and what they need to do. And one final introduction,
this is a paper way dating way back to 2013 that says the current model
which is known as notice and consent.

Iain Henderson: So I give you notice of what we plan to do and you consent
to that was regarded way back in 2013 as broken. And the bit in red that
says we need to develop new norms because this model will never scale. And
here we are whatever that is 12 years later and we're still doing the same
model. Notice and consent utterly broken. I'm okay so far.

Will Abramson: Mhm.

Iain Henderson: So current online reality which sometimes it's easy to
forget none of us can do anything at all online without that being done
under terms the obvious question is who defined those terms until now the
answer is always the organization that runs the service so that starts with
your computer manufacturer you go through the manufacturer you go through
the OS terms you can do the browser terms you do the ISP terms and we all
just click and accept and move on because that's how things have evolved
over the 30-year period. But it's easy to forget just how pervasive terms
are. They are everywhere and they're broken everywhere. So my terms is our
attempt to change that. My term specifies and enables a new ecosystem
governed by contract rather than Right?

Iain Henderson: If you're in GDPR governed places, that's probably a more
meaningful statement. In GDPR, the one good thing about GDPR in my opinion
and a lot of bad things was that it made every data exchange have to choose
its legal basis. why am I asking this person to exchange data? Consent is
one of the bases. legitimate interest, contract and then there's three more
obscure ones for kind of national safety, personal safety, etc. But
contract has always been one of the legal basis on which data can move
backwards and forwards. So essentially we're saying replace consent die
contract. and that's what the 712 standard itself is about. Come back to
those other pieces of the jigsaw.

Iain Henderson: It's underpinned by a WC3 thing called data privacy
vocabulary. I don't know if any of you folks have bumped into that, but
essentially it's a giant online dictionary of privacy and data protection
words each of which has now got an IRI. It's got a definition. It's got a
source. So if I say in my contract we do homorphic encryption that's not an
isolated set of two words because I'm pointing to that IRI over there. So
the whole ecos system starts to firm up. Second point on here the question
is often who's this for?
00:15:00

Iain Henderson: it's specifically not for big tech, right? The one bunch
that this will not be good for is Google, those organizations because they
do the things that we're effectively trying to move beyond, mainly
surveillance. Who is it right for is basically the 9% of organizations
worldwide that don't do all that stuff. So in the early days, we expect
it's about the local baker, right?

Iain Henderson: or the local car repair shop or the local whatever that's
fundamentally is not doing anything they shouldn't be doing with personal
data. Therefore, why do they need their own privacy policy? Why can't they
just use that easy standard one that says we're just doing baker stuff,
right? And car repair stuff. So, current model data moves grudgingly
manually under non-standardized terms with limited controls. hardly any
enforcement. So current very broken model. The way I tend to think about it
is the whole global economy is running on what I'll call two star fuel.
It's rubbish data getting moved around at vast scale to no particularly
great effect. Maybe five or six businesses do well out of it. Most of them
are not doing particularly well in the current model.

Iain Henderson: target model which I think is the steady state for the
internet is data moves willingly right because we need to share data to
make things happen it's automated it's under standardized terms with
contractual controls that enable enforcement building blocks we're taking a
similar approach to creative commons except we replace licenses with
contract the license is relatively because you don't need to sign them. But
we take the same approach where we're saying that okay there's 13 initial
agreements and you can point to the ones that you want in each particular
context.

Iain Henderson: The agreements will be hosted at customer commons probably
just in the US and other organizations probably my data global outside of
the US but as long as it's a not for profofit in a relevant space they can
be a host of these human legal and machine readable standard agreements.
the 7012 piece is the handshake that says okay who makes the first move,
who responds, how do they respond, etc.

Iain Henderson: That is one of the ways that you can start to bring things
to life where you're essentially saying if it's a cookie policy that's
popping up, this text here, which is a bit blurred, is basically saying if
you don't like our one, choose my terms and you click on that my terms
button and that would then take you through the journey that ends up with
the more friendly approach. And that's what we need to get into over the
next three months is the visualization and the storytelling rather than The
actual core of the technical bit of the standard is each person has an
agent. And that's a bit ironic because in that group we've been talking
about people having agents for about 5 years now. And much to my annoyance
I is incredibly slow when it comes to moving these things through.

Iain Henderson: But it does look that it's now going to publish at a time
when a person having an agent is not going to seem as a weird thing,
Because as we'll find out at IIW in the Gentic Workshop, lots of folk are
talking about agents and building agents in and deploying agents. But
person has an agent, organization has an agent, person points to agreement,
said I want that one. Organization can say great, we take that one or they
can say we don't like that one. How about this other one? and they're
allowed one loop around negotiation and at that point they either sign or
they walk away. When they sign both parties get a copy of the agreement. If
they don't sign clearly they both walk away. So that's under the hood side
of things. so the individual ends up with an artifact being managed for
them by an agent that essentially remembers what deals they got in place
with

Iain Henderson: Clearly, we're not going to go through all of that, but
I'll share that slide. That's the process flow. What happens when the
individual initiates the dance, which is the preferred model in the
technical standard. Personally, I don't think it's going to be the only
model. I think the other module is going to be organization says we accept
and provide the button that allows the individual to click and move on.
00:20:00

Will Abramson: Okay.

Iain Henderson: On day one which I think mid January there will be 13
agreements which when they're signed to become contracts and I'll talk
about the two different types. Don't worry about that. Type one assumes a
one-off contribution of personal data for a definfined purpose. And there'
There's personal data contribution for AI. So I wish to train or enable my
data to be used to train models and deploy models. which I wish to
contribute my data to a data for good project or PDC intent which is about
intent casting for those of us in VRM world it's about sharing intent
related data so that's type one of agreement and type two is about
relationships i.e

Iain Henderson: relationships between an individual and an organization, an
ongoing relationship. whatever it is, eight of those, the most important
ones are absolutely SDB base service delivery base just says just give me
the basics, right? Do what you're supposed to do already, which is don't
ask for more data than you need. Don't do more with it than you need. And
be transparent about what you're doing. So SD base I think will be easily
become the dominant start point. That will be the default proposal from an
individual that just says just give me the basics don't do any fancy stuff.
SDB DP is the same but I want a copy of the data.

Iain Henderson: So that's essentially the data portability piece which
makes it far more difficult for organizations to avoid data portability if
my terms is that one. You then have these additional capabilities that the
individual can grant to the organization that I call this ladder of trust
that says, "Okay, we've been working in base mode, right, for 3 six months,
and it's all going fine. I'll let you do analytics if you come up with a
good reason why I should do or I'll let you do app tracking or I'll let you
do profiling or I'll let you do anonymize sharing."

Iain Henderson: So you have this escalating trust that builds up as it does
in the real world which is basically over time and only when you've proven
that you're worthy of it. So that was a very quick caner through.

Iain Henderson: Does that make sense questions? And I would like the hard
questions because that's what we need at this point in time.

Will Abramson: Yeah, great.

Will Abramson: So, yeah, jump on the queue if you have any questions. Jeff,…

Iain Henderson: I mean,…

Iain Henderson: I know that's a lot to take on,…

Will Abramson: go for it.

Iain Henderson: Yeah.

JeffO - HumanOS: Hey I hope this is working all right. Can you hear me?
Ian, I was wondering, are you finding that this is very digestible for
folks? I know that you're dealing with a very technical community. Do they
also sort of feel the sensibility of this approach,…

JeffO - HumanOS: from that high tower of awareness all the way down to the
ground where people will be standing? It seems really clear and really well
phrased. I like the way you presented it. Thank you.

Iain Henderson: Thanks Jeff.

Iain Henderson: I think we present to different audiences very senior
policy people and so by which I mean kind of EU policy folks house a lords
in the UK policy folks that are worried at country scale AI things that's
one part of the audience and they tend to say you wouldn't be coming here
tell me about this if you hadn't worked out the technical bit so it seems
to make sense and we

Iain Henderson: We know full the current model is utterly broken and up
until now we've never had an alternative to the current model. It might not
be the one but it seems to be credible. So I think we get decent buy in so
far at that level. Obviously that needs to turn into you thumbs up go ahead
some kind of Adoption is not really possible until kind of mid January
onwards. anything we do now and where we spend a lot of time at VRM day and
I IW and probably the Gentic workshop talking about the practical side. the
good news for some of you will know my data organization. They've agreed to
be the first one worldwide to accept my terms. On the one hand you could
say they would do right because they're not doing anything bad and they're
kind of in this space.
00:25:00

Iain Henderson: But that makes the whole thing for those of us working in a
project very tangible because that's an organization that's got 4,000
members all over the world. Clearly can't do anything bad with data, can't
make any mistakes,**, can't have any problems, but they're saying we'll
give it a try. And that allows us to work out like the journey with a real
example that's no longer a hypothetical agent on person hypothetical agent
on organization side. it's a real one. What does that actually mean? For
their newsletters, for the subscription, for the payment services, for
their Slack channel, for all that stuff. So, that's what we'll be doing
over the next three months. I don't know if that answers your question or
Jeff. I think multiple audiences. The ones that are most push back at the
moment is actually the technical ones.

Iain Henderson: Technical ones. when doc posted about it somewhere all the
feedback was that kind of thing has been tried before by GTC and a bit of
an echo somewhere so there's a fair amount of technical push back rightly
so…

Will Abramson: Yeah, Jeff,…

Will Abramson: I think you got

JeffO - HumanOS: Yeah. Yeah.

JeffO - HumanOS: Thank you, Ann.

Iain Henderson: because people are saying not that particular thing has
been tried before but things like that have been tried before to protect
people online so far it's not worked I think this one's got a chance
because actually it's not a technical project. It's mainly a policy
project. So our real audience is the policy makers that have to say
actually consent is no longer the top bar.

JeffO - HumanOS: Good.

Iain Henderson: Contract is a better bar if the contract is being written
by individual

Will Abramson: Bill. I can't hear.

Iain Henderson: No, I can't hear him.

Will Abramson: I can't hear at maybe Greg, you want to go first and…

Will Abramson: if Phil

Greg Bernstein: My question was more about when you've talked to policy
makers or…

Greg Bernstein: discuss these things have you put together or demonstrated
to people how much tracking is going on with current cell phone apps and
things like that. It's like every app that, uses an SDK that includes a
bunch of tracking mechanisms and…

Greg Bernstein: things like that. I've been working on privacy enhancing
cryptography, but it's like every place else in the world there's tracking
going on and I was curious what you have done to help motivate, convince
people how badly we need this functionality. I'm very in favor of this.

Iain Henderson: Yeah. Yeah.

Iain Henderson: Yeah. I think that's a good question,…

Greg Bernstein: I didn't know about it.

Iain Henderson:

Iain Henderson: a good point, I think the reality is we are a small group
working on a very big thing that have not had time to do all that other
stuff. We have to rely on other folks in the community and there are lots
of people who are banging the drum for all the bad stuff that's going on. I
don't think we could realistically resource and clearly we'll point to all
the things that we can point to but I think we're basically saying look
right current model utterly broken. We're going to build a new world over
there, And in that world,…

Greg Bernstein: Nothing.

Iain Henderson: there's no tracking. That's one thing I forgot to say about
the contracts, The one thing that is specifically not allowed in any of the
contracts is third party tracking. So, we plan to build a world over there
in which there is no third party tracking. If you want to come and join us
over there, great. Right. The water's nice. we don't expect the big guys to
come over there or big tech is not going to come over there anytime I
suspect big brands will be going hang on a minute we've got this tension
between we want to build good relationships with our customers and yet we
put them through this ceremony that's completely broken so I think we're
running a webinar on the 5th of November and John Havens is leading that
and John if you've ever met him is a great guy I mean

Iain Henderson: He's an ex actor. So he's been part of the Screen Actors
Guild contract negotiation with the big tech companies. That mean actors if
their name, image, and likenesses and voice is getting hoovered up by big
tech, they now get paid for it because there's a Everyone understands
contract. Yeah, we wish to do something together or we are going to do
something together. Here's the deal. So I think that fifth of November
webinar is for the very senior stakeholders and we'll be going in with that
we want to build a new world over there.
00:30:00

Iain Henderson: I think they all kind of know all the bad stuff that's
going on. Maybe they choose to ignore it because there's no alternative.
But I think what we'll be saying when I know jumping ahead for VRM day and
IWA, Doc is basically going to say we need help on this, Because basically
there's about 10 of us and the closer it gets to reality. We spent eight
years working through frankly TDSI AAA processes and now that we're almost
at the end of it, I've turned around to the rest of them and said, "By the
way, we're only 50% of the way there, right? Because having the standard is
a good thing.

Iain Henderson: Deploying the standard is an entirely different thing." So,
we're definitely going to be on the outreach for who wants to get involved,
how can they help.

Will Abramson: Thanks. …

Will Abramson: Phil, did you fix your mic? Do you still have a question or…

Phillip Long: I'm not sure if I have or not. Can you hear me?

Will Abramson: I can hear you now? Yes.

Iain Henderson: Yep. Good.

Phillip Long: Thank an, I'm really really like the approach you've taken
particularly with a way of trying to build some sort of scaled trust in
this process. I mean the question that we've been talking about has been
around how do we get the larger platforms that many people use to feel that
they're not effectively losing the opportunity to use the data that they
collect however they wish and the incentive to consider a change that is
effectively lowering or equalizing the power distribution amongst the
parties. And I was wondering if there is any pilot group of users that you
might convince them to engage with so that they could try the scaling up of
the trust before they would consider going full boore into doing it for all
their customers.

Iain Henderson: Yeah. Yeah. I think you're absolutely right, Phil. And I
mean I am inevitably UK focused because that's where I am and that's where
most of my network and I think we're in good shape in the UK for this
particular thing because of various things because of Brexit because of
we're somewhere in the middle and we get to plow our own poo so to speak
and move relatively fast.

Iain Henderson: So there's multiple parts of government are now saying,
"Hang on a minute, that looks quite interesting." So we're standing up what
we call the market innovation lab, which is basically a sandbox where
organizations, whether they be private sector, or consumer advocates can
play with this stuff and see how it goes. So that's the plan. And I would
like to have an equivalent elsewhere,…

Will Abramson: No. Cool.

Iain Henderson: US, whatever. I see here. Hang on a minute. Somebody's come
to fix my car. Just give me two seconds. Right. The car broke down this
morning. So that's taken them about nine hours to come in and restart it.
Hopefully they can do that. So I hope that answered your question, Phil. So
there will be what we'll call the market innovation lab that allows people
to play and experiment. There's another back to your original point about
the big tech so to speak.

Iain Henderson: There's a subtlety in the standard which basically says
when an individual proposes my terms whichever one and the organization
says yes that's great that's clearly recorded but if they say no that's
also recorded and that essentially will build up a score of some kind that
just says look we've asked Instagram three million times in the last week
and they've always said no. So that's probably not going to change their
approach, but that kind of thing will be there. We're also talking to some
of the big what they call consent management providers like one trust. So
ultimately they're the ones that do a lot of the plumbing for the current
model and they're definitely sniffing around this current model as to how
they can make a lot of money by my terms enabling organizations.

Iain Henderson: And needs to be ways to play around with it without going
to full deployment. The other thing that might happen on a deployment side,
there's things like WordPress plug-in. So, the people at WordPress are
actively aware of what we're doing and they're saying, "Right, 50% of the
world's websites run on WordPress. We can build plugins that deal with the
server agent or…
00:35:00

Iain Henderson: the organization agent side. That means anyone who's in
WordPress could essentially accept this model relatively easily.

Phillip Long: That's helpful. Thank you very much. And I think that the
dissemination of those different labs or test beds in different lo
localities or different jurisdictions is probably an essential component.

Iain Henderson: Yeah. Yeah. Spin them up. Yeah. Yeah.

Phillip Long:

Phillip Long: Yeah. No,…

Iain Henderson: I think so.

Phillip Long:

Phillip Long: great work. Thank you very much.

Iain Henderson: Thank you.

Will Abramson: So I have a question about enforcement so to get this this
is a technical standard right…

Will Abramson: which describes machine readable I guess eventually contract
but who's checking that these contracts are going to be followed and…

Will Abramson: who's following up on that making sure

Iain Henderson: I think that's a good question.

Iain Henderson: I'd expect no less. I was over at my data conference the
week before last and I ran the first time I've been allowed to really talk
about this stuff. It was two weeks ago because I e effectively prefer us to
wait until it's published, but they now accept we need to be out there
talking about it. Hence this kind of conversation and the four challenges
that came up from the 35 or so people in that workshop were right you've
got implementation challenges you've got user experience challenges you've
got adoption challenges and you've got enforcement challenges all within
the con construct of it's a bloody good idea what you're doing but you
still got these four challenges which is why I was going back and saying to
the doc and the rest of the team we need to scale

Iain Henderson: I mean, we've always known that these challenges existed.
When you're in the final stages of that standards process, I'm sure you
guys know, it gets a bit down in the weeds and you kind of forget about
that. Let's focus on get this thing published and worry about what comes
later. the penny has now dropped that we need to start to think about what
comes next. Obviously, we'll have a view on implementation, user
experience, adoption, and…

Iain Henderson: u enforcement, but it's not all specified yet would be the
short version.

Will Abramson: Yeah. I mean,…

Will Abramson: it sounds like you have a good Sure.

Iain Henderson: I think if you have a recorded agree, you have a recorded
contract, you've got a better chance than if you don't.

Will Abramson: Yeah. I was saying it just sounds like you have a good path
for I'm a small business and…

Iain Henderson: Sorry, you've been asking.

Will Abramson: at the moment I have to think about my privacy policy anyway
right I have to do that work or really I should be doing that work and…

Will Abramson: so you're just kind of making it easier for them or not any
more complicated but to choose some terms that are standard compliant like
I'm going to use this SD base for example just accept that it's good from
the individual side right…

Iain Henderson: Yeah. Yeah.

Will Abramson: because then they can just get used to these

Will Abramson: are the standard things and I can understand those rather
than having every single site show me this big thing that I have to read
and understand and I don't understand it. So yeah, so I like

Iain Henderson: I think that's part of it. you need an influencer type, So,
in the US, you'll get Opera Winfrey to say, "Look, you're just buying a
washing machine. That should be SD base, right?" So, that's part of the
direction that it needs to go in. I think SD Base is the one that just
says, "Look, just give me the basics, none of that fancy stuff." That's the
one for an awful lot of organizations. If we get that out into the consent
management providers, into the legal community, anyone who's building
websites that gets to that messy bit about terms,…

Iain Henderson: if we make it easy for them just to say, "Plug that one in.

Will Abramson: So, I'm not seeing anyone else on the queue.

Will Abramson: I can keep asking questions, but do jump on the queue if you
have more. in the meantime, I was interested in …

Will Abramson: how about the implementation challenges for getting
individual agents in people's hands or wallets or website? part of this
works if I do have this agent that is actually recording all the things
that I've signed up for, that's a big part of it because then I can go back
and say, "Look, this site has misused my data, but I've got proof that they
signed off on you this contract.

Iain Henderson: Yeah. Yeah.

Iain Henderson: That's a very good point. How do you get agents in the
hands of people? And I think there's a bit of a judo move that many people
when we're talking about this kind of stuff now they say could that get rid
of cookie banners right so that I never have to see another one of those
again and the answer is if you can figure it you will never see another one
again and everyone's going great where they sign up so I suspect we'll go
in that kind of direction that says I never want I mean I know for a fact
the EU are making a decision about where they're going to with cookie
banners in November. Hopefully we can get that in. It just says if a person
says blanket approach,…
00:40:00

Will Abramson: Would you imagine these agents might be integrated into a
browser or…

Iain Henderson: I do not want all that stuff going on. Never show me a
cookie banner. They would all go away. So that judo move for you give
people an agent because there's something that helps them do that that they
like the sound of yeah that is a deployment challenge.

Will Abramson: or are they something that runs external to a browser? if
I'm just browsing the web, I'm going on a website on my computer, where
does the agent live?

Will Abramson: Good. Uh-huh.

Iain Henderson: I mean, we've got discussions in the group at the moment
that says anywhere from a single mobile my terms app that just runs the
same everywhere. That's clearly one option. That's your most governed best
user experience At the other end of the spectrum, it's just put it out
there, right? And Doc and the rest of us just say we've done our bit. It's
over to the market. or there's bits in the middle where you build a
reference agent or a reference whatever and we've not yet decided where
we're going to go on that spectrum. A lot of that will pan out at IW I
suspect but I don't think it'll be browsers. I think we need to get into
browsers eventually. I don't think that will be soon because I don't think
they do anything that quickly. I think it will come from the fiduciary
operators.

Iain Henderson: If you look at what Richard Wit is doing with the Gleonet,
he's essentially building a category of organizations that are data
fiduciaries. So acting on behalf of the individual. they would be perfectly
good places for an agent to show up. There's none of them running at any
particular scale at the moment,…

Iain Henderson: but it would be a decent start point. Okay, there's no more
questions.

Will Abramson: Thanks. …

Will Abramson: any more questions?

Iain Henderson: Thanks for that. I will drop off if you don't mind. I'll go
and get my car fixed.

Will Abramson: Yeah, good luck with that. Thanks, Ian.

Iain Henderson: Yeah. Yeah, that should be okay.

Will Abramson: Thanks for coming on.

Iain Henderson: So, I'll send the slides over and…

Will Abramson: Right. Yeah.

Iain Henderson: then if anyone's got any questions or suggestions
afterwards, just feel free. That's the mode we're in.

Will Abramson: Much appreciated.

Iain Henderson: Thanks all.

Will Abramson: Yeah. Thank you.

Iain Henderson: We'll see some of your IIW in a couple of weeks.

Will Abramson: Cheers everyone. Have a good week. Bye.
Meeting ended after 00:43:25 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Tuesday, 7 October 2025 22:11:18 UTC