- From: Mark Lizar <info@smartspecies.com>
- Date: Thu, 28 Apr 2011 12:28:09 +0100
- To: David Singer <singer@apple.com>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-Id: <F000CE69-EE0D-4951-9C92-EF35FC4588E6@smartspecies.com>
I firmly believe that a standard for a common policy notice location should be looked as the first step towards developing transparency. Although in the absences of such an effort clarity of consent (and consensual terms) would definitely be a positive activity that would inevitably lead to an increase of individual control over information. On 25 Apr 2011, at 17:32, David Singer wrote: > So, I am still interested (personally) in the decidedly unsexy > unglamorous routs of improving the status of consensual definitions > of policy terms (the ITU list is not terrifically helpful, IMHO, and > at the same time surprisingly long) and 'policy fragments'. I don't > think we need technology to bring better clarity and something > closer to commonality of approach. For instance in lieu of a common server location and a common name for a notice text file, the second most fundamental principle (consent) could provide an excellent bridge to accountability and information control. While Regulators and Enterprise come to an understanding of what forms of regulation should be in place perhaps an open effort that aims to provide a mechanism for people to independently track consent provision is a way to dramatically increase accountability in policy practices online, like that of Do-Not-Track. Consent and informed consent are arguably the most important controls online yet consent is a closed Enterprise control structure. People are unable to track and manage consent online centrally. Currently there are the common Enterprise Consent Models for Identity Management: . Consumer Consent Options for Electronic Health Information Exchange: Policy Considerations and Analysis * Implied Consent (I added this as I though it was missing) * Opt-IN * Opt-IN with restrictions * Opt-Out * Opt Out with exceptions These static Enterprise consent models have developed over time in accordance with regulation and consumer demand. The current consent models (like policy notices) are applied in an ad-hoc manner and are limited in their ability to manage informed consent. Increase in management for Users greatly increases friction and limits informed consent. Perhaps a simple solution would be a standard for users to track and aggregate consent provisions in order to centrally manage consent. This way an individual will be able to revoke consent when security or risk becomes an issue. With such a standard people can drive accountability by removing their consent for data to be used or for data to be deleted. In such a case I wholeheartedly agree that we need to improve the status of consensual definitions of policy terms. At this time there seems to be no effort enabling the control of informed consent. I find it remarkable that there is no way for people to drive on mass a user- centric consent and control architecture for the internet. Best Regards / Mark Lizar
Received on Thursday, 28 April 2011 11:29:38 UTC