Latest draft of the No Stalking for Advertising Term V.2

UX and INTERFACE

Revised  DRAFT  of a singular, comprehensive term:

 
Draft Icon for inclusion in MVCR and other uses:

USER TERMS: Human language and {{ legal language }} below.

PREAMBLE:  The User submitted term shown here creates an opportunity for individuals to share their single term with entities about how they wish to be treated. This effort is meant to describe human, legal and machine readable versions of a comprehensive term along with additional information for agents who might implement this term for individuals as well as for entities who might see, accept or refuse the term.  {{ Information is defined as personal information provided by the individual about themselves. Data + Meaning = Information. The observer creates meaning (or observer is “informed by” the data), and then can be assigned duties. Information not collected from a person does not by definition constitute personal data. }}

TERMS AGREEMENT:  {{ Information can only be shared with those parties who first agree to abide by these terms.  Any sharing of information with a party that has not first agreed to these terms is a violation of these terms. }}

SHARE: describes the terms for sharing information with entities by individuals.

Choice: 2nd

1st-2nd Party:   My information shared and what I do will be kept between me and the entity.

{{Information shared by an individual (the “1st party”) and their activities are not permitted to be shared by the 2nd party with any other parties.}}

DURATION: describes the terms for retaining information by entities about individuals. {{ Add language referring to laws or contracts, defining 3rd party jurisdiction, to limit this from abuse. }}

QUESTION: should this be just for the session? or for as long as the person still has a relationship and agrees to sharing?

Choice: Session

Session:  My information shared or about what I do will only be kept for the session, unless required by law or contractual obligation.

{{ Information about an individual must be destroyed by the 2nd party immediately after the completion of the transaction for which it was collected or otherwise generated, unless otherwise required by law or contract obligation. }} [NOTE: What about records for audit?  What about hashed storage, e.g., in blockchain or other ledger system?]

OR ?

Choice: Infinity

Unlimited until further notice:  My information will be kept as long as I continue to choose this term, unless required by law or contractual obligation. If I change to another lesser term, my new term will be followed.

{{ Information about an individual can be retained indefinitely by the 2nd party, unless and until the 1st party notifies the 2nd party they have made an alternate selection for duration. }}

PURPOSE: describes the purpose for use of individual’s information provided or about actions they take

Choice: Site / App Use

Site and App UseMy information will be used for providing and / or enhancing the site or service, but not other purposes without my permission.

{{ Information about an individual may be used beyond the transaction for which it was collected or generated, but only with respect to the operation [or further development?] of the site or app over which such original transaction occurred and not for any other secondary uses by the 2nd party or other parties. }}

TRACKING

Choice: Tracking

Tracking: I will allow myself to be tracked by 3rd parties.

{{ Tracking of individual and their activities by any 3rd parties is authorized. }}

Latest Draft of Terms, V .7

This version of terms can also be found here at Kantara, Consent and Information Sharing Working Group, User Terms.

It is version .7 and includes a draft of human readable language after each term choice, followed by legal readable language in double brackets like this: {{ }}.

User Terms v. 7 Draft Icons
User Terms Draft 2 Icons

USER TERMS: Human language and {{ legal language }} below.
PREAMBLE: User submitted terms create an opportunity for individuals to share their own terms with entities about how they wish to be treated. This effort is meant to describe human, legal and machine readable versions of each possible term along with additional information for agents who might implement terms for individuals as well as for entities who might see, accept or refuse the terms. {{ Information is defined as personal information provided by the individual about themselves. Data + Meaning = Information. The observer creates meaning (or observer is “informed by” the data), and then can be assigned duties. Information not collected from a person does not by definition constitute personal data. }}
TERMS AGREEMENT: {{ Information can only be shared with those parties who first agree to abide by these terms. Any sharing of information with a party that has not first agreed to these terms is a violation of these terms. }}

SHARE: describes the terms for sharing information with entities by individuals.
Choice: 2nd

    1st-2nd Party: My information shared and what I do will be kept between me and the entity.
    {{Information shared by an individual (the “1st party”) and their activities are not permitted to be shared by the 2nd party with any other parties.}}

Choice: 3rd

    3rd Party: I will allow sharing of my information or information about what I do with 3rd parties I approve of.
    {{ Information about an individual and their activities can be shared by the 2nd party with mutually approved 3rd parties, including the public, subject to 1st Party’s purpose choices, including but not limited to advertising and data brokering. }}

DURATION: describes the terms for retaining information by entities about individuals. {{ Add language referring to laws or contracts, defining 3rd party jurisdiction, to limit this from abuse. }}
Choice: Session

    Session: My information shared or about what I do will only be kept for the session, unless required by law or contractual obligation.
    {{ Information about an individual must be destroyed by the 2nd party immediately after the completion of the transaction for which it was collected or otherwise generated, unless otherwise required by law or contract obligation. }} [NOTE: What about records for audit? What about hashed storage, e.g., in blockchain or other ledger system?]

Choice: 3

    3 months: My information will be kept for up to 90 days after I share it or take an action, unless required by law or contractual obligation.
    {{ Information about an individual must be destroyed on or before the date that is 90 days after its collection or other generation by the 2nd party, unless otherwise required by law or contract obligation. }}

Choice: Infinity

    Unlimited until further notice: My information will be kept as long as I continue to choose this term, unless required by law or contractual obligation. If I change to another lesser term, my new term will be followed.
    {{ Information about an individual can be retained indefinitely by the 2nd party, unless and until the 1st party notifies the 2nd party they have made an alternate selection for duration. }}

PURPOSE: describes the purpose for use of individual’s information provided or about actions they take
Choice: Transaction

    Transaction: My information will be used only for the purposes I share it for or implied from my actions taken on the site/app.
    {{ Information about an individual may be used only for the purpose of the transaction for which it was collected or generated. }}

Choice: Site / App Use

    Site and App Use: My information will be used for providing and / or enhancing the site or service, but not other purposes without my permission.
    {{ Information about an individual may be used beyond the transaction for which it was collected or generated, but only with respect to the operation [or further development?] of the site or app over which such original transaction occurred and not for any other secondary uses by the 2nd party or other parties. }}

Choice: Partner – 3rd use

    Partner and 3rd Party use: My information or activities may be used by 3rd parties I approve of, for purposes I approve of.
    {{ Partners: Subject to the limitations of the 1st party’s “sharing” preferences, information about an individual can be used for 3rd party purposes. }}

TRACKING
Choice: Tracking

    Tracking: I will allow myself to be tracked by 3rd parties.
    {{ Tracking of individual and their activities by any 3rd parties is authorized. }}

Choice: Do Not Track

    Do Not Track: I do not want to be tracked off the site or app by the 2nd party, or by any other parties on the site or app.
    {{ Tracking by 3rd parties is not authorized by individual. 2nd parties will not track activities by 1st party that occur on another service or site.
    NEED to add: definition of tracking that will describe exceeding authority by an unauthorized party. }}

Terms: What are They and Why Should You Care?

User Terms Draft 2 Icons
User Terms Draft 2 Icons

Terms are choices you make to ask that your data and activities be treated a certain way. Customer Commons is developing terms with Kantara and the Consent and Information Sharing Working Group so that we have a standardized set of terms, which can commonly be used through browsers, apps and other forms.

It is our intention that Terms will come in Human, Legal and Engineering forms so that people can read them, they can be legally binding, and apis and code will convey and negotiate your chosen terms. The idea isn’t that you would constantly be choosing these things, but rather have your agent take your choices and negotiate for you. We also envision being able to copy someone else’s terms you trust, if you don’t understand what these choices will mean for you.

Terms may also be created that fit with various contexts, like how to handle your health data, or what to do about data you share for a purchase, verses data you share for social activity. Those will come later after the initial set is developed. What you see in the picture above are draft icons. We intend to develop prettier versions with a designer, and work with engineers to develop sample or open source code for both choosing terms, as well as responding to those term requests from individuals.

If you are interested in helping with this project, you can join CISWG UX Kantara, by getting on the mail list, signing the IP agreement (so that all contributions can be used in the project) and getting on our calls.  We hope to see you there. Or comment here with questions!

April 6th Customer Commons and PDEC Salon

Join us for a joint PDEC and Customer Commons salon dinner April 6th, Monday night, 6-9pm in Mountain View. This is the night before IIW’s, and at the end of the VRM day, where we will have an opportunity to talk about Banking, Credit and Personal Data with LaVonne Reimer. Sign up at Eventbrite for the Salon Dinner.

About LaVonne: She is a lawyer-turned-entrepreneur with over 15 years experience deploying technologies in markets with data privacy and regulatory sensitivities. Most recently, she engaged an expert user community to streamline ethical data-sharing practices in the commercial credit ecosystem.

http://blog.lumeno.us/
https://www.linkedin.com/in/lavonnereimer
www.lumenous.net

Also, join us for VRM day here, on April 6, 9-5pm, Computer History Museum. Sign ups at Eventbrite.

For dinner, the PDEC / Customer Commons Salon, is 6-9pm at Fu Lam Mum in Mountain View.

NOTE:  Those who want to arrive earlier thank 6pm for socializing, please do, and we have a no host bar at Fu Lam Mum. For those coming at 6pm, we’ll start dinner about 6:30pm and for those just coming for discussion that will start about 7:30pm. However discussion people are welcome earlier for socializing too.

Sign up at Eventbrite for the Salon Dinner.

Thanks for Attending the Customer Commons Salon Last Night

Thanks to everyone who attended the Customer Commons Salon last night. It was a nice night to socialize, and talk.  Doc Searls gave us a quick report on Omie, the Customer Commons project that will be made for Android, and later we hope, other platrforms. Omie is meant to make the device yours, instead of having you captive to all those taking your data and experience.

We had a great night at MINGs in Palo Alto, and want to thank them for the delicious food and accommodations!

We look forward to our next salon, the Monday night before IIW, as always!

Join the Customer Commons’ Salon May 5, 2014 Ming’s Palo Alto

We are holding a salon dinner May 5, Monday night, 6-9pm in Palo Alto.  As we have, the night before the past 4 IIW’s, and at the end of the VRM day, we have an event for Customer Commons.

Join us for VRM day here, on May 5, 9-5pm, Computer History Museum. Sign ups at Eventbrite.

And for dinner, the Customer Commons Salon, 6-9pm at Ming’s in Palo Alto.

NOTE:  Those who want to arrive earlier for socializing, can do so, and we have a no host bar at Ming’s.  For those coming at 7pm, we’ll serve dinner after 7pm.

Sign up at Eventbrite for the Salon Dinner.

We’ll be discussing Omie, Customer Commons work, and we’d love to see you there.

Mozilla has a cute video on the open, privacy protecting web

Check it out here at The Web We Want: An Open Letter:

And the note Mozilla posted with the video:

Our right to a free and open Internets has been under threat lately. The NSA — btw, that stands for the National Security Agency, which has the fancy responsibility of analyzing and acting upon security data — has gotten into the habit of spying on Americans with no justification (including 12 spies who were using NSA tools to spy on their significant others). No, I’m not kidding.

The FCC — btw, that stands for the Federal Communications Commission, which is supposed to regulate and protect our communications channels — just made it easier for big companies to control the speed at which you are allowed to access particular websites. For example, your Internet company (i.e., Comcast or Verizon) could turn into a tiered pay system. So instead of being like a public utility where everyone gets the same amount of water or electricity, Verizon could give Netflix faster access for a fee, but then the smaller start-up that wants to compete and couldn’t afford it would get slower access.

The Internet has become one of the most important resources in our lives. It’s a shared resource that all of us take part in. Government spying on it and corporate interference in it are probably not things we want for the future. So Mozilla had some children voice concern for their own future. Because it’s important. What kind of web do you want?

Data Privacy Legal Hack-A-thon

Customer Commons is supporting, and board member, Mary Hodder, is hosting the Bay Area event. Additionally, there are NYC and London locations. Please join us if you are interested:

Data Privacy Legal Hackathon 2014
Data Privacy Legal Hackathon 2014

This is an unprecedented year documenting our loss of Privacy. Never before have we needed to stand up and team up to do something about it. In honour of Privacy Day, the Legal Hackers are leading the charge to do something about it, inspiring a two-day international Data Privacy Legal Hackathon. This is no ordinary event. Instead of talking about creating privacy tools in theory, the Data Privacy Legal Hackathon is about action! A call to action for tech & legal innovators who want to make a difference!

We are happy to announce a Data Privacy Legal Hackathon and invite the Kantara Community to get involved and participate. We are involved in not only hosting a Pre-Hackathon Project to create a Legal Map for consent laws across jurisdictions, but the CISWG will also be posting a project for the Consent Receipt Scenario that is posted in on the ISWG wiki.

The intention is to hack Open Notice with a Common Legal Map to create consent receipts that enable ‘customisers’ to control personal information If you would like to get involved in the hackathon, show your support, or help build the consent receipt infrastructure please get involved right away — you can get intouch with Mark (dot) Lizar (at)gmail (dot) com, Hodder (at) gmail (dot) com, or join the group pages that are in links below.

Across three locations on February 8th & 9th, 2014, get your Eventbrite Tickets Here:

* New York City * London, UK * San Francisco *

http://legalhackers.org/privacyhack2014/

This two-day event aims to mix the tech and legal scenes with people and companies that want to champion personal data privacy. Connecting entrepreneurs, developers, product makers, legal scholars, lawyers, and investors.

Each location will host a two-day “judged” hacking competition with a prize awarding finale, followed by an after-party to celebrate the event.

The Main Themes to The Hackathon Are:

  • Crossing the Pond Hack
  • Do Not Track Hack
  • Surveillance & Anti-Surveillance
  • Transparency Hacks
  • Privacy Policy Hack
  • Revenge Porn Hack

Prizes will be awarded:

  • 1st Prize:  $1,000
  • 2nd Prize:  $500
  • 3rd Prize: $250

There are pre-hackathon projects and activities. Join the Hackerleague to participate in these efforts and list your hack:

Sponsorship Is Available & Needed

Any organization or company seeking to show active support for data privacy and privacy technologies is invited to get involved.

  • Sponsor: prizes, food and event costs by becoming a Platinum, Gold or Silver Sponsor
  • Participate: at the event by leading or joining a hack project
  • Mentor: projects or topics that arise for teams, and share your expertise.

 

Contact NYC sponsorship: Phil Weiss email or @philwdjjd

Contact Bay Area sponsorship: Mary Hodder – Hodder (at) gmail (dot) com – Phone: 510 701 1975

Contact London sponsorship: Mark Lizar – Mark (dot) Lizar (at)gmail (dot) com – Phone: +44 02081237426 – @smarthart

Customer Commons Research: 92% of People Engage in Some Strategy to Hide Personal Data

We launched our first research paper today:  Lying and Hiding in the Name of Privacy (PDF here) by Mary Hodder and Elizabeth Churchill.

Our data supporting the paper is here:  Addendum Q&A and shortly we’ll upload a .xls of the data for those who want to do a deep dive into the results.

We all know that many people hide or submit incorrect data, click away from sites or refuse to install an app on a phone. We’ve all mostly done it.  But how many?  How much is this happening?

We’re at IIW today and of course, the age old dilemma is happening in sessions where one guy in the room says: “People will click through anything; they don’t care about privacy.”  And the next guy will say, “People are angry and frustrated and they don’t like what’s happening.”  But what’s real?  What’s right?

We conducted this survey to get a baseline about what people do now as they engage in strategies to create privacy for themselves, to try to control their personal data.

The amazing thing is.. 92 % hide, lie, refuse to install or click, some of the time. We surveyed 1704 people, and had an astonishing 95% completion rate for this survey. We also had 35% of these people writing comments in the “comment more” boxes at the bottom of the multiple choice answers. Also astonishingly high.

People expressed anger, cynicism, frustration. And they said overwhelmingly that the sites and services that ask for data DON’T NEED it.  Unless they have to get something shipped from a seller. But people don’t believe the sites. There is distrust.  The services have failed to enroll the people they want using their services that something necessary is happening, and the people who use the services are mad.

We know the numbers are high, and that it’s likely due to many not having a way to give feedback on this topic. So when we offered the survey, people did vent.

But we think it also indicates the need for qualitative and quantitative research on what is true now for people online. We want more nuanced information about what people believe, and how we might fix this problem.  Many sites only look at user logs to figure out what is happening on a site or with an app, and therefore, they miss this problem and the user feelings behind them. We want to see this studied much more seriously so that people no longer make the conflicting statements at conferences, so that developers say the user’s don’t care, so that business models are developed that think different than we do now, where sites and services just take personal data.  We want to get beyond the dispute over whether people care, to real solutions that involve customers and individuals in ways that respect them and their desires when they interact with companies.