Although that report avoids making suggestions, the only solution I can imagine is adoption of GDPR-like regulations. Privacy policies may play a role, but unless these are structured and standardized to some extent, either voluntarily or by regulation, they will not promote the kind of broad voluntary adoption that we need in health, IoT, and beyond.<div><br></div><div>Right now, the only company with a simple, voluntary structure to its privacy policy is Apple Health that simply says: &quot;Apple will not see your data.&quot;. I can imagine support for a user-specified UMA authorization server as another dimension of a structured privacy policy. </div><div><br></div><div>To Eve&#39;s point, there was a time when &quot;free&quot;email services did not support a standard API but those days are long gone. The UMA AS needs to be next.</div><div><br></div><div>Adrian<br><br>On Saturday, July 30, 2016, Eve Maler &lt;<a href="mailto:eve@xmlgrrl.com">eve@xmlgrrl.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>(Note: Those without posting privileges to one or the other list won&#39;t be able to reply to both, as I am replying here.)</div><div><br></div>This is where it&#39;s interesting to examine examples of where it&#39;s being done. Some services, apps, SDKs, OSes, and other types of platforms do it. Some do it in response to having been caught out by the media in a problem (so, public pressure can work in some circumstances, even if there&#39;s no direct compliance pressure). As my analyst friend likes to point out, the US doesn&#39;t force dairy products to avoid rBST, but ~75% of dairy products are rBST free anyway because of consumer demand...<div><br></div><div>As you&#39;ve no doubt gotten tired of my pointing out :-), the &quot;Alice-to-Bob&quot; delegation features in Google Apps, TripIt, and Flicker weren&#39;t put there in response to a risk management need: They were added as value-add app functionality.</div><div><br></div><div>Each has different reasons for doing so. I tend to choose mobile apps that let me pay in money instead of personal data, as they tend to have &quot;superior&quot; (from my perspective) privacy notices that are more respectful of my data (I shared one of those on these lists a while back).</div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><span style="font-size:12.8px;line-height:normal"><br></span></div><div dir="ltr"><b style="font-size:12.8px;line-height:normal">Eve Maler<br></b><span style="font-size:12.8px;line-height:normal">Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl</span><br></div><div dir="ltr"><span style="font-size:12.8px;line-height:normal"><br></span></div></div></div></div></div>
<br><div class="gmail_quote">On Sat, Jul 30, 2016 at 4:00 AM, John Wunderlich <span dir="ltr">&lt;<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;john@wunderlich.ca&#39;);" target="_blank">john@wunderlich.ca</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>The predecessor and marketing problem before UMA or CISWG is how to get entities that aren&#39;t required to give users control over their own data to do so.  </div><div><br></div><div><a href="https://www.healthit.gov/sites/default/files/non-covered_entities_report_june_17_2016.pdf" target="_blank">https://www.healthit.gov/sites/default/files/non-covered_entities_report_june_17_2016.pdf</a><br><br><br><br><div>Thanks, John<br>4giv spellin errurz from mobile devize</div><br></div>
<br>
<div style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><br></div><div><font face="Arial, Helvetica, sans-serif" size="1">This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</font></div><br>_______________________________________________<br>
WG-UMA mailing list<br>
<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;WG-UMA@kantarainitiative.org&#39;);" target="_blank">WG-UMA@kantarainitiative.org</a><br>
<a href="http://kantarainitiative.org/mailman/listinfo/wg-uma" rel="noreferrer" target="_blank">http://kantarainitiative.org/mailman/listinfo/wg-uma</a><br>
<br></blockquote></div><br></div>
</blockquote></div>