Hi Mark, I’ll share the paper with you as well. Thanks for the comments. More below.

Eve Maler (sent from my iPad) | cell +1 425 345 6756

On Jul 9, 2019, at 2:14 PM, Mark @ OC <mark@openconsent.com> wrote:

Nice Notes Eve 

 — Regrets for not being on the call -  I wish I could make this call time more often.   

On 9 Jul 2019, at 18:11, Eve Maler <eve@xmlgrrl.com> wrote:

Eve briefly walked through the paper that she and Lisa have submitted to the IEEE ComSoc CfP. It's called Beyond Consent: A Right-to-Use Licensing Agreement for Mutual Agency. The argument made by the paper is that digital consent and Terms acceptance (perceived as consent) are failing and don't meet a strict definition of consent (Nancy Kim's Consentability framework is used), and using a Me2B lens (centering on the user of the digital services) shows that a licensing agreement is more appropriate. A taxonomy for license agreement contents is proposed, and some challenges are discussed. The paper points to the UMA report where a license is already proposed, but starts "earlier" in the personal data usage chain to be more comprehensive.


This friction of consent - definitely needs to be called out better.  Consent as an operational concept needs work to be explained relative to the context of digital identity technologies and protocols. Failing seems a bit strong (or that consent is just mis-understood)

We do take a pretty strong (provocatively so?) stance in the paper, in order to kickstart a conversation towards alternatives. But surely it’s not the first such argument? Kim’s definition in her book makes what we experience as consent in digital contexts truly seem like the farthest thing from meeting the definition, particularly the closer you get to the beginning of a service provider-user relationship.

  A big differentiator that seems obvious here, is  if a person is the one requesting or starting the 'sharing flow' (of what ever type of resource) then in the starting protocol - the UMA context -  there is no need for the awareness notice - policy - friction part of consent - as the person is aware and defining the terms and presumably the license is the artefact.

Yes, good point. UMA has this awareness generally built in (though we need to be conscious that “policy setting UX” is not dictated by the protocol). But UMA use cases are only a subset of all sharing use cases. The paper elucidates those.

 

Consent legally appears to be wielded when people need to be made aware of what the sharing is all about, the risks and their obligations.   UMA is great because, the duty of making the person aware in the framework from which they are sharing is pushed to the awareness of the identity protocol framework implementation and its client technology, which the person controls for user managed sharing (obviously).  

What a great thread (chat) 
Questions:  With Mutual Agency in the title, is this licensing method specific to a peer to peer (person to person) or person to anyone/anything? 

Most definitely person to anyone/anything, with service providers (and their affiliates beyond them) being a particular target because the power imbalance is most keenly felt there.

- Mark