How would CommonAccord deal with a privacy policy that incorporated Automattic by reference without repeating the specific clauses?
On Fri, Mar 11, 2016 at 10:29 PM, Adrian Gropper <agropper@healthurl.com> wrote:Thanks, for sharing this. From my strictly consumer perspective, here's what I would do with this:
- Start a Standard Privacy Notice workgroup in Kantara with a narrow charter to classify and label privacy notices.
- Make the Automattic Policy the first label and post it the way we would a CC or OSI license.
- Publish a DRY Privacy Notice Best Practice that would incorporate a labeled privacy notice BY REFERENCE and list only the exceptions, if any to the referenced policy.
- Add CommonAccord to this as an option for describing only the exceptions.
- Suggest standardized formatting for the exceptions right down to the fonts and colors.
My guess is that the world can get by with only 5 or so of these baseline privacy notice labels to serve, for example:
- blogs, (Automattic)
- merchants, (Vendor)
- things, (Robot)
- medical services, (HIPAA)
- directories (Dating)
In addition, I would classify each privacy notice into one of three classes depending on the kind of API they provide:
Class 1: Service will not see your data. You are in sole control of the API.
Class 2: Service will see your data but the API you control has all of the data available in reral-time.
Class 3: Service will see your data but there's limited or no API access.
I've described these three classes in http://thehealthcareblog.com/blog/2016/02/22/apple-and-the-3-kinds-of-privacy-policies/
The result would be that Kantara privacy notices would look like: Automattic_2 or HIPAA_3 and people would mostly pay attention only to the exceptions.
Adrian
On Fri, Mar 11, 2016 at 12:31 PM, Eve Maler <eve@xmlgrrl.com> wrote:On today's call, I mentioned a cool privacy policy I ran across when I downloaded this app:The app costs $4.99, and I carefully looked at the policy and decided I was very willing to pay money -- and they were making the tradeoff very worthwhile. They based the policy closely on this (both are CC-licensed -- hooray for DRY content!):BTW, the app is awesome too.
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--@commonaccord