June 2, 2022

Abstract

What if people had the ability to assert their own legally binding permissions for data collection, use, sharing, and retention by the technologies they use? The IEEE P7012 has been working on an interoperability specification for machine-readable personal privacy terms to support this ability since 2018. The premise behind the work of IEEE P7012 is that people need technology that works on their behalf—i.e. software agents that assert the individual’s permissions and preferences in a machine-readable format.

Thanks to a grant from the IEEE Technical Activities Board Committee on Standards (TAB CoS), we were able to explore the attitudes of people and one small business toward having the ability for people to send their own legally binding privacy terms to the business. The project entailed building a prototype “Relationship Manager” webservice called, “MyMe2BAgent”, and then performing validation testing with both types of users of the agent: individual users (“Me-s) and the business (“B”). The primary research questions for the validation research were:

For Me-s:
• Do people want the ability to send their own legally binding ISA to service providers?
• Do people want a data management dashboard for managing the personal information that gets shared with all service providers?

For the business (B):
• What was it like to integrate the ability to receive a personal privacy agreement? Is it scalable? Is it something you would want to support going forward?

Open PDF