Opening Up Consent Re: Opening UP Notice: A structure to apply policy infrastructure from Mark Lizar on 2011-04-28 (public-privacy@w3.org from April to June 2011)

From: Mark Lizar <info@smartspecies.com>
Date: Thu, 28 Apr 2011 12:28:09 +0100
To: David Singer <singer@apple.com>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <F000CE69-EE0D-4951-9C92-EF35FC4588E6@smartspecies.com>

I firmly believe that a standard for a common policy notice location  
should be looked as the first step towards developing transparency.  
Although in the absences of such an effort clarity of consent (and  
consensual terms) would definitely be a positive activity that would  
inevitably lead to an increase of individual control over information.

On 25 Apr 2011, at 17:32, David Singer wrote:

> So, I am still interested (personally) in the decidedly unsexy  
> unglamorous routs of improving the status of consensual definitions  
> of policy terms (the ITU list is not terrifically helpful, IMHO, and  
> at the same time surprisingly long) and 'policy fragments'.  I don't  
> think we need technology to bring better clarity and something  
> closer to commonality of approach.

For instance in lieu of a common server location and a common name for  
a notice text file, the second most fundamental principle (consent)  
could provide an excellent bridge to accountability and information  
control.

While Regulators and Enterprise come to an understanding of what forms  
of regulation should be in place perhaps an open effort that aims to  
provide a mechanism for people to independently track consent  
provision is a way to dramatically increase accountability in policy  
practices online, like that of Do-Not-Track.

Consent and informed consent are arguably the most important controls  
online yet consent is a closed Enterprise control structure.   People  
are unable to track and manage consent online centrally.

Currently there are the common Enterprise Consent Models for Identity  
Management: .  Consumer Consent Options for Electronic Health  
Information Exchange: Policy Considerations and Analysis
     * Implied Consent (I added this as I though it was missing)
    * Opt-IN
    * Opt-IN with restrictions
    * Opt-Out
    * Opt Out with exceptions
These static Enterprise consent models have developed over time in  
accordance with regulation and consumer demand. The current consent  
models (like policy notices) are applied in an ad-hoc manner and are  
limited in their ability to manage informed consent. Increase in  
management for Users greatly increases friction and limits informed  
consent.

Perhaps a simple solution would be a standard for users to track and  
aggregate consent provisions in order to centrally manage consent.   
This way an individual will be able to revoke consent when security or  
risk becomes an issue.  With such a standard people can drive  
accountability by removing their consent for data to be used or for  
data to be deleted.

In such a case I wholeheartedly agree that we need to improve the  
status of consensual definitions of policy terms.  At this time there  
seems to be no effort enabling the control of informed consent. I find  
it remarkable that there is no way for people to drive on mass a  user- 
centric consent and control architecture for the internet.

Best Regards / Mark Lizar

Received on Thursday, 28 April 2011 11:29:38 UTC