My guess is that the world can get by with only 5 or so of these baseline privacy notice labels to serve, for example:
In addition, I would classify each privacy notice into one of three classes depending on the kind of API they provide:
Class 1: Service will not see your data. You are in sole control of the API.
Class 2: Service will see your data but the API you control has all of the data available in reral-time.
Class 3: Service will see your data but there's limited or no API access.
I've described these three classes in http://thehealthcareblog.com/blog/2016/02/22/apple-and-the-3-kinds-of-privacy-policies/
The result would be that Kantara privacy notices would look like: Automattic_2 or HIPAA_3 and people would mostly pay attention only to the exceptions.
Adrian
On today's call, I mentioned a cool privacy policy I ran across when I downloaded this app:The app costs $4.99, and I carefully looked at the policy and decided I was very willing to pay money -- and they were making the tradeoff very worthwhile. They based the policy closely on this (both are CC-licensed -- hooray for DRY content!):BTW, the app is awesome too.
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma