The ACCESS Act could be called the UMA Act
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bi... Especially Section 5: Delegation. (There's a link <https://www.scribd.com/document/431507476/ACCESS-Act-Section-by-Section-FINAL> to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees. -- Adrian
Here’s my analysis of the ACCESS Act http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-... Adrian On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper <agropper@healthurl.com> wrote:
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bi...
Especially Section 5: Delegation. (There's a link <https://www.scribd.com/document/431507476/ACCESS-Act-Section-by-Section-FINAL> to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.
-- Adrian
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/
Thanks Adrian! Tim, I wonder how this compares to RUFADAA. I suppose this would be a single federal law, for one. Any comments? (See "SEC. 5. DELEGATABILITY") *Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Thu, Oct 24, 2019 at 2:33 PM Adrian Gropper <agropper@healthurl.com> wrote:
Here’s my analysis of the ACCESS Act
http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-...
Adrian
On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper <agropper@healthurl.com> wrote:
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bi...
Especially Section 5: Delegation. (There's a link <https://www.scribd.com/document/431507476/ACCESS-Act-Section-by-Section-FINAL> to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.
-- Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
Wait, Adrian, are you thinking of the UMA authorization server as being the custodial agent, or a separate person? I think I'm confused. We have collected a variety of use cases that are more like the RUFADAA ones, and I was reading this delegatability provision more in that fashion. *Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Thu, Oct 24, 2019 at 3:13 PM Eve Maler <eve@xmlgrrl.com> wrote:
Thanks Adrian! Tim, I wonder how this compares to RUFADAA. I suppose this would be a single federal law, for one. Any comments? (See "SEC. 5. DELEGATABILITY")
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Thu, Oct 24, 2019 at 2:33 PM Adrian Gropper <agropper@healthurl.com> wrote:
Here’s my analysis of the ACCESS Act
http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-...
Adrian
On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper <agropper@healthurl.com> wrote:
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bi...
Especially Section 5: Delegation. (There's a link <https://www.scribd.com/document/431507476/ACCESS-Act-Section-by-Section-FINAL> to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.
-- Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
I am not talking about RUFADAA although there may be some alignment. Delegation to a family member or another individual doesn’t scale in the sense of empowering groups to influence the world. It doesn’t change the asymmetric relationship in who owns and controls technology and who can benefit form ML / AI on personal data. This kind of delegation doesn’t reduce the power of the resource server to manipulate data uses by wearing down the individual subject or their proxy - the so-called dark patterns. Delegation to authorization server *technology* that is specified by the data subject *reduces* the control of the resource server because they no longer control and cannot manipulate the user interface and the user experience. They don’t control the UI. They don’t control the domain because the subject can use the same AS across healthcare and social media, etc... The resource server does benefit from reduced privacy liability, however, not to mention goodwill for their brand. Adrian On Thu, Oct 24, 2019 at 4:42 PM Eve Maler <eve@xmlgrrl.com> wrote:
Wait, Adrian, are you thinking of the UMA authorization server as being the custodial agent, or a separate person? I think I'm confused. We have collected a variety of use cases that are more like the RUFADAA ones, and I was reading this delegatability provision more in that fashion.
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Thu, Oct 24, 2019 at 3:13 PM Eve Maler <eve@xmlgrrl.com> wrote:
Thanks Adrian! Tim, I wonder how this compares to RUFADAA. I suppose this would be a single federal law, for one. Any comments? (See "SEC. 5. DELEGATABILITY")
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Thu, Oct 24, 2019 at 2:33 PM Adrian Gropper <agropper@healthurl.com> wrote:
Here’s my analysis of the ACCESS Act
http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-...
Adrian
On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper <agropper@healthurl.com> wrote:
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bi...
Especially Section 5: Delegation. (There's a link <https://www.scribd.com/document/431507476/ACCESS-Act-Section-by-Section-FINAL> to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.
-- Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
--
Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/
Eve, The two laws are conceptually similar in that they give legal standing to third-party custodial agents in information governance --- great developments for UMA!. But RUFADAA and the Access Act involve different agent qualifications and oversight (for example, the Access Act positions the FTC as the regulatory body while RUFADAA custodians are unregulated). The two laws also deal with different use cases. (In other words, the Access Act doesn't encompass or even overlap the RUFADAA.) Tim On Thu, Oct 24, 2019 at 4:13 PM Eve Maler <eve@xmlgrrl.com> wrote:
Thanks Adrian! Tim, I wonder how this compares to RUFADAA. I suppose this would be a single federal law, for one. Any comments? (See "SEC. 5. DELEGATABILITY")
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Thu, Oct 24, 2019 at 2:33 PM Adrian Gropper <agropper@healthurl.com> wrote:
Here’s my analysis of the ACCESS Act
http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-...
Adrian
On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper <agropper@healthurl.com> wrote:
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bi...
Especially Section 5: Delegation. (There's a link <https://www.scribd.com/document/431507476/ACCESS-Act-Section-by-Section-FINAL> to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.
-- Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
Thanks, Tim. I think the difference is like the difference between the chicken and the pig when it comes to ham and eggs. The chicken is involved but the pig is committed. By this I mean that UMA might be involved in RUFADAA but it is not essential. Each resource server can implement delegation in many ways that don't involve UMA. I see no major secondary economic benefits arising from this. On the other hand, implementing the ACCESS delegation mandate, including the relative safe harbor for standards, can only be done with UMA or oauth.xyz or other standard protocol for delegation. The economic impact for such a mandate across the full range of personal data transfers would be immense. Adrian On Thu, Oct 24, 2019 at 6:40 PM Tim Reiniger <tsreiniger@gmail.com> wrote:
Eve,
The two laws are conceptually similar in that they give legal standing to third-party custodial agents in information governance --- great developments for UMA!. But RUFADAA and the Access Act involve different agent qualifications and oversight (for example, the Access Act positions the FTC as the regulatory body while RUFADAA custodians are unregulated). The two laws also deal with different use cases. (In other words, the Access Act doesn't encompass or even overlap the RUFADAA.)
Tim
On Thu, Oct 24, 2019 at 4:13 PM Eve Maler <eve@xmlgrrl.com> wrote:
Thanks Adrian! Tim, I wonder how this compares to RUFADAA. I suppose this would be a single federal law, for one. Any comments? (See "SEC. 5. DELEGATABILITY")
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Thu, Oct 24, 2019 at 2:33 PM Adrian Gropper <agropper@healthurl.com> wrote:
Here’s my analysis of the ACCESS Act
http://blog.petrieflom.law.harvard.edu/2019/10/24/access-act-points-the-way-...
Adrian
On Tue, Oct 22, 2019 at 11:02 PM Adrian Gropper <agropper@healthurl.com> wrote:
Check out https://www.warner.senate.gov/public/index.cfm/2019/10/senators-introduce-bi...
Especially Section 5: Delegation. (There's a link <https://www.scribd.com/document/431507476/ACCESS-Act-Section-by-Section-FINAL> to a nice summary at the very end of the page.) It calls for a right to specify a fiduciary agent, hopefully one that I can compile and own myself. I can imagine a law like this applying to all of our service providers above a certain size, like say 50 employees.
-- Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/
participants (3)
-
Adrian Gropper -
Eve Maler -
Tim Reiniger