I am not talking about RUFADAA although there may be some alignment.

Delegation to a family member or another individual doesn’t scale in the sense of empowering groups to influence the world. It doesn’t change the asymmetric relationship in who owns and controls technology and who can benefit form ML / AI on personal data. This kind of delegation doesn’t reduce the power of the resource server to manipulate data uses by wearing down the individual subject or their proxy - the so-called dark patterns.

Delegation to authorization server *technology* that is specified by the data subject *reduces* the control of the resource server because they no longer control and cannot manipulate the user interface and the user experience. They don’t control the UI. They don’t control the domain because the subject can use the same AS across healthcare and social media, etc... The resource server does benefit from reduced privacy liability, however, not to mention goodwill for their brand.

On Thu, Oct 24, 2019 at 4:42 PM Eve Maler <eve@xmlgrrl.com> wrote:

Wait, Adrian, are you thinking of the UMA authorization server as being the custodial agent, or a separate person? I think I'm confused. We have collected a variety of use cases that are more like the RUFADAA ones, and I was reading this delegatability provision more in that fashion.

Eve Maler
Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Thu, Oct 24, 2019 at 3:13 PM Eve Maler <eve@xmlgrrl.com> wrote:
Thanks Adrian! Tim, I wonder how this compares to RUFADAA. I suppose this would be a single federal law, for one. Any comments? (See "SEC. 5. DELEGATABILITY")

Eve Maler
Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Thu, Oct 24, 2019 at 2:33 PM Adrian Gropper <agropper@healthurl.com> wrote:
Here’s my analysis of the ACCESS Act
http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-to-a-post-hipaa-world/#more-28136

Adrian

On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper <agropper@healthurl.com> wrote:
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bipartisan-bill-to-encourage-competition-in-social-media

Especially Section 5: Delegation. (There's a link to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.

--
Adrian

--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: https://patientprivacyrights.org/donate-3/
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma