I agree that there will be a variety of legal frameworks for use cases - so RO could be a patient, customer, borrower, employ(er/ee), shareholder, whatever. Handling text as code allows pushing the framework into the background and channeling attention to things that matter/change. The EU-US Model Clauses are a kind of meta-use case - whatever you are doing, if it involves an EU party and a US party, you might need one of these.

It focuses attention on the arrangements (e.g. http://new.commonaccord.org/index.php?action=source&file=GHx/KantaraInitiative/EU-US/SecurityProfile/Type1/Form/Doc_v0.md). Which will have some structure. Something like:

Generally, we:

Transmit data securely
Store data securely
Discard data when no longer needed
Vet and bind our employees and suppliers
...

Implementation:

Hardware, software stack
Legal template stack
Practices
Audits ....
Reporting

Case (roles of RO):

patient
customer
borrower
employ(er/ee)
shareholder
party under NDA
parent at nursery school cooperative
...

Information availability may not be the heart of the transaction but I can't now think of a category of transaction that doesn't involve some staged access to information, so terms will cover a broad range of use cases. Terms might be expressed in conventional format - as signed agreements between parties - or might migrate to Terms of Use - a meta agreement which parties reference and adapt. Like the Model Clauses.

On Tue, Oct 13, 2015 at 2:09 AM, Eve Maler <eve@xmlgrrl.com> wrote:

In the case where UMA might be used for something other than personal data, would it make sense to have a totally different CommonAccord framework with RO = some other kind of Principal? I still have this idea that some UMA technical framework somewhere will find it valuable to build in a claims-based payment system.

Oh, and…

On 10 Oct 2015, at 8:46 AM, Neiditz, Jon <JNeiditz@kilpatricktownsend.com> wrote:

This is INCREDIBLY important work that Jim is now doing, for trans-Atlantic trade, for the future of privacy, for UMA and for VRM, and Jim, the model clauses have proven the PERFECT vehicle for Common Accord. I’m so sorry that I missed some of yesterday’s call (literally passing out due to a pretty sleepless week, but maybe the minutes don’t need to so reflect), but let me make up for it by giving a preliminary, simple, provocative response to Eve’s email of last night. Under the model clauses:

RO = Data Subject
RS = Controller, Processor AND Subprocessor (AKA Exporter/Importer)
AS = NOBODY yet, which is why the Data Subject’s rights are all third party beneficiary rights. But an AS would authorize sharing with RS’s offering model clauses or modifications thereto. Which is why UMA can now extend EU privacy to people around the world (a lot of bridges, if that was what Scott meant when I was passed out).

D’Accord?

Jon Neiditz
Kilpatrick Townsend & Stockton LLP
Suite 2800 | 1100 Peachtree Street NE | Atlanta, GA 30309-4528
office 404 815 6004 | cell 678-427-7809 | fax 770 234 6341
jneiditz@kilpatricktownsend.com | My Profile | vCard

<image005.png> <image006.png>

Eve Maler | cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl | Calendar: xmlgrrl@gmail.com