Time for THEM to agree to OUR terms

We can do for customers what Creative Commons does for artists: give them terms they can offer — and be can read and agreed to by lawyers, ordinary folks, and their machines. And then we can watch “free market” come to mean what it says, and not just “your choice of captor.”

Try to guess how many times, in the course of your life in the digital world, you have “agreed” to terms like these:

Hundreds? Thousands? (Feels like) millions?

Look at the number of login/password combinations remembered by your browser. Whatever it is (dozens? hundreds?), it’s a fraction of the true total.

Now, what will happen if we turn this thing around, so sites and services agree to our terms and conditions, and our privacy policies?

That way each of us would be the first party, and those sites and services would be the second parties.

And, because we would be parties of roughly equal power, we’d have real agreements, and real relationships, freely established, between parties of equal power who both have an interest in each others’ success.

We’d also have genuine (or at least better) trust, and better signaling of intentions between both parties. We’d have better exchanges of information and better control over what gets done with that information. And the information would be better too, because we wouldn’t have to lie or hide to protect our identities or our data.

We’d finally have the only basis on which the Seven Laws of Identity, issued by Kim Cameron in 2005, would actually work. Check ’em out:

Kim Cameron’s Laws of Identity not only guide identity work by his employer (Microsoft), but have guided discussion and development of digital identity since Kim issued them in 2005.

Think about it. None of those laws work unless individuals are in charge of themselves and their relationships in the digital world. And they can’t work as long as only one side is in charge — which is what we have today: limited user control, coerced consent, maximum disclosure for unconstrained use, unjustified parties, misdirected identity, silo’d operators and technologies, inhuman integration, and inconsistent experiences across contexts of all kinds.

Can we fix this problem, more than a decade after Kim came down from the mountain (well, Canada) with those laws?

No, we can’t. Not without leverage.

And we have that now, with the General Data Protection Regulation, or GDPR, in the EU. Simply put, the GDPR makes harvesting personal data without express permission by the individual illegal. More importantly, it provides the legal cover we need to assert full agency, as individuals in the online marketplace.

At Customer Commons we’ve been working on those kinds of terms for the last several years. Helping us have been law school students and teachers, geeks, and ordinary folks. Last we published a straw man version of those terms, they looked like this:

What those say (in the green circles) is “You (the second party) alone can use data you get from me, for as long as you want, just for your site or app, and will obey the Do Not Track request from my browser.”

This can be read easily by lawyers, ordinary folks and machines on both sides, just the way the graphic at the top of this post, borrowed from Creative Commons (our model for this), describes.

We’re also not alone.

Joining us (Customer Commons) in this effort are the Identity Ecosystem Working Group, the Personal Data Ecosystem Consortium, the Consent and Information Sharing Working Group (which is working on a Consent Receipt to give agreements a way to be recorded by both parties), Mozilla and others on the ProjectVRM Development Work list.

Many people from those groups will be at IIW, the Internet Identity Workshop, at the Computer History Museum in Silicon Valley, on the last week of next month, April 26–28. It’s an unconference. No panels, no keynotes, no plenaries. It’s all breakouts, on topics chosen by participants.

The day before, at the same location, will be VRM Day. The main topic there will be terms, and how we plan to get working versions of them in the next three days at IIW.

This is a huge opportunity. I am sure we have enough code, and enough done work on standards and the rest of it, to post at Customer C0mmons exactly the terms we can offer and publishers online can accept, and will start to end the war (that really isn’t) between publishers and their readers.

Once we have those terms in place, others can follow, opening up the market to much better signaling between supply and demand, because both sides will be equals.

So this is an open invitation to everybody already working in this space, especially browser makers (and not just Mozilla) and the ad and tracking blockers. IIW is a perfect place to show what we’ve got, to work together, and to move things forward.

Let’s do it.

Originally published at CustomerCommons on March 29, 2016.