14D/ Privacy Broadcasting for Privacy Awareness & Assurance
Privacy Broadcasting for Privacy Awareness and Assurance
Convener: Mark Lizar & Salvatore D’Agostino
Notes-taker(s): Scott Mace
Tags for the session - technology discussed/ideas considered:
@rights @individualrights @privacyagreements @legalterms @privacycontracts @privacyasexpected
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Sal: The browser could automate that process.
How can a person capture the privacy controller information and create their own cookie?
This can be made easy by the creation of a privacy controller credential which is publicly available and can be used as a basis to create receipts that can form a privacy agreement.
Making this information available (discoverable) and operational is the key to privacy broadcasting.
Consent by default is needed for privacy by design.
Clearly we need a new flow.
One that creates a record of your preferences.
Use ISO 29100 (a free standard) as a privacy framework
A Consent Gateway with a Notary service can provide proof of notice as evidence of consent
This is distinct from a contract agreement.
Receipts are compared over time to see if there are changes.
Notices of changes are broadcast
Centralized control of preferences and decentralized governance
What does it take to make this privacy state machine and how to make it available and public?
Trying the elevator pitch ….
Providing controller information and consent by default is consistent with the 1st and 4th amendment.
For example its imp
Prefix to the consent receipt is the anchor record which is your own cookie about the nature of surveillance and then move onto the creation of a receipt/proof of notice, these two factors (notice of risk and proof of notice) establish conditions for decentralized governance of online interactions.
Gaps are regional (interregional).
Don’t conflate consent and permissions.
Data vs. Information
Reference to Rothman…
We need to be able to negotiate.
Consent is a sorry second to negotiation, battle of the forms..
Who controi the terrms - offer and acceptance
Privacy Agreement - to put forward privacy framework for contracts
Accept our terms
4 tortts on privacy
Peeping tom - intrusion
public ation of public facts - false light
Defamation - reputational harm -
mis-appropriation (publicity) - a right of publicity -
1906 NY - flour of the south
Convert a tort to a contract - or to a code of practice -- >>
Unconscionable Conrtact -- too bundled -
Cant be understoond - which means you go back to tort
First Amendment - Only to gov - not companies
Right to access info --
Freedom of association
Individual rights vs. privacy rights
Bob Gellman - Fair information practices a basic history
Self-regulatory entity of individuals needs to ride along on other rights questions to deliver
Control the record, you can use multiple tools to enact rights preferences
Contact for a bank account for information, and the responsibilities of anyone else in possession. Transferring the warehousing and duty to the data holder <- in front of the receipt.
Privacy is the human facing component of a contract
Interoperability is equality of duty in this case
FROM ZOOM CHAT:
From Mark Lizar2 to Everyone: 05:49 PM
From Mark Lizar2 to Everyone: 06:16 PM
From Scott David to Everyone: 06:40 PM
The Right of Publicity - Jennifer Rothman
From dsearls to Everyone: 06:42 PM
From dsearls to Everyone: 06:48 PM
Scott, given the problems with "privacy," how would you change the mission wording for IEEE P7012? It currently says, "The standard identifies/addresses the manner in which personal privacy terms are proffered and how they can be read and agreed to by machines."
From windley to Everyone: 06:49 PM
Very quaint thing: legislators saw a harm and addressed it!
Idea to map rights to contract - so that provider of rights can provide contract upstream on services - b2b