« Request for Business Plans | Main | Facebook owns my Social Graph... It shouldn't »
July 24, 2008
Social Media Standards - Privacy & TOS- Initial Thoughts 
I just realized that I should make public the quick listing on the Social Media Standards Privacy & Initial Thoughts that I've been floating around since May. ( corrected: I thought it was June, just checked some emails and its been floating since Mid May )
( The formatting on this may be off. It is a ReST document being shown in Markdown )
======================================================================================================
The Problem
TOS and privacy policies are insane.
- Startups and Agencies spend tens of thousands of dollars codifying custom policies.
- User's don't know what they're clicking on ; dense legal text often has consumer unfriendly content hidden behind unintelligible legal banter.
Confusion
- If a user knew what 1/10 of the things in their agreements meant, they'd never sign.
- Networks are often in the dark about what their own policies allow and prohibit
Pointlessness
- Different companies have different policies, based on what they think they need to do with data as they please.
- Tons of highly specific legal contracts that are expensive to write, and tough to manage.
The Solution
Social Media Standards
- inspired by Creative Commons, Trust-E, IAB
- simple, easy to use, consumer & corporate friendly legal policies
Dual Model for Flexibility
Layer 1 - A La Carte (Discouraged)
- AKA 'The Stripe' or 'The Rainbow'
- Iconic and simple to understand options across a range of privacy concerns
- Sites create their own 'stack' out of the options, and can graphically display the contract to users, which leads back to simple-to-understand text on the Social Media Standards site
Layer 2 - Iconic (Encouraged)
- Icons created and marketed for ~6 common-use stacks
Enforcement
Two contracts exist through this system
- The website and the user.
- The website and Social Media Standards. By displaying / using the Iconic, Layer, and textual contracts provided by Social Media Standards, the website enters a contract with the Social Media Standards group. Misuse of the contracts renders the website liable for breech of contract with the Social Media Standards group in addition to users.
Actual License or Guarantee ?
Continuing debate
Should the usage of icons constitute an actual usage of the license, or a guarantee to meet the qualifications for the icon/license.
Actual Usage
Simpler to manage, though most corporations will need additional terms of service to handle their needs, Displaying the SMS icons means using the corresponding SMS contract verbatim.
Guarantee
Harder to manage, but allows users to view long EULAs as with an iconic 'cliff notes'. This allows corporations more freedom in customizing their uses. Displaying the SMS icons means guaranteeing the corporate contract meets the qualifications / compatibility of the SMS contract.
Content vs Activity
Content and Activity have been separated
Content
Content is entering in text or saying "I am friends with 'PersonA@Email.com'".
Activity
Activity is the button/relation that says "uid2 is friends with uid3 on this system". ie: click-to-define friendships, favoriting, music tracking.
Summary
The rationale is that owning a 'friendslist' and an 'addressbook' are two entirely different things.
In spirit: If you are entering in the addressbook, it is your content. If you are favoriting someone, or incorporating a link to their content, it wasn't yours to begin with - its just an action, no data is uploaded.
In practice: Most of kinds of data we're talking about aren't copyrightable. They're just collections of data. Some of them are curated lists that would fall under copyrightable information, but others are just raw data.
Goals
Clear Licensing & Implementation
Flickr's use of CC is a shining example of clear and simple licensing.
Fairness to Users
MySpace is a great example of privacy fairness: Closing an account kills postings / history. Facebook claims too much ownership over entered data.
Fairness to Community
Replies are meaningless on bulletin boards, or sites like Twitter if the original posting disappears. Data ownership/licensing/use must take that into account.
Fairness to Company
In order to have standards adopted, we need companies to join in. If policies are too lax, no one will embrace them.
The Spec
Working
Terms of Service : Data Portability
Access-Content
- The site guarantees a full portability API - All information entered can be exported.
- The site guarantees a limited API - Most information entered can be exported.
- The site makes no guarantee of an API
- Automated connections are not allowed.
Access-Activity
Same options as Access-Content
Privacy Policy
Personal Information
- Site can / not use for anything internal
- Site can / not rent to third parties (without explicit approval)
- Site can / not sell to third parties(without explicit approval)
- Site does not collect or utilize information
Aggregate/Anonymous Information
- Site can / not use for anything internal
- Site can / not rent to third parties (without explicit approval)
- Site can / not sell to third parties (without explicit approval)
- Site does not collect or utilize information
Content Rights - Ownership & Licensing
The content I enter is...
- copyright by me, and released under a specific CC license [A,B,C]
- copyright by me, may be revoked from the network at any time
- copyright me, the network has an irrevocable license to use it as I originally intended (this is compatible with also having a CC license)
- copyright me, the network has an irrevocable license to use it however they see fit
- has the copyright / ownsership assiged to the network on-network
The activity I enter / the network moderates is...
- the network makes a promise to make ALL of this information freely available to the user
- the network makes a promise to make SOME of this information freely available to the user
- the network makes no promise to make any of this information freely available to the user
Content Rights - Ownership & Licensing In practice ( examples of above )
When I stop using this service
- the service must destroy my content
- the service may continue to publish my content unless I explicitly ask them to destroy it
- the service has a irrevocable right to continue publishing my content
Content Rights - Portability, Distribution & Sharing
My content can be viewable / made portable
- to no one ie: privately published
- to anyone requesting it with an auth mechanism that limits/expands their scope as I see fit
- to anyone requesting it
Third Party APIs may access/index my content
- at their leisure
- if I explicitly allow
- unless I explicitly block
- under no conditions
Recommended Configurations
Gazelle
A sample of the the selected Privacy and TOS points designed to be flexible for both users and networks
Access-Content
- Most information entered can be exported
Access-Activity
- Most information entered can be exported
Personal Information
- Site can use for anything internal
- Site can not rent to third parties
- Site can not sell to third parties
Aggregate/Anonymous
- Site can use for anything internal
- Site can rent to third parties
- Site can sell to third parties
Content Rights - Ownership & Licensing
- The content I enter is:
- copyright me, the network has an irrevocable license to use it as I originally intended
The activity I enter is...
- the network makes a promise to make SOME of this information freely available to the user
When I stop using this service
- the service has a irrevocable right to continue publishing my content
My content can be viewable / made portable
- to anyone requesting it with an auth mechanism that limits/expands their scope as I see fit
Third Party APIs may access/index my content
- if I explicitly allow
Posted by Jonathan at July 24, 2008 4:19 PM
Comments
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)