[Wg-p3] Privacy and consent: patterns and anti-patterns

Paul Madsen paulmadsen at rogers.com
Fri Oct 9 14:47:40 EDT 2009


I expect the 'conflation of consent' category will be well populated

Iain Henderson wrote:
> Here's one for starters - see attached Starbucks/ wifi/ BT experience 
> with its forced acceptance of e-mail communications from BT Group 
> Companies.
>
> Given the context, one could assume that this customer wants a) wifi 
> access as offered in the terms of the relationship between him and 
> Starbucks (the detail of which he has not read), and b) probably a 
> coffee or some other drink.
>
> He does NOT want e-mail marketing from BT Group Companies (as if I 
> have time to figure out what this means in terms of where my personal 
> data is going.....), not least because the information BT have 
> available to their e-mail marketing systems offers then about zero 
> chance of sending this customer anything of any relevance, and thus 
> presume to waste his time and their own.
>
> The wider point being that many individuals now typically have fairly 
> complex telecommunications requirements, spreading across multiple 
> devices, and multiple service providers. It is virtually impossible to 
> guess (aka real time data analytics) the individuals context, their 
> existing supply relationships and the status of each, and thus what 
> solution might be relevant to offer to the individual. The VRM/ VPI 
> approach would build the tools that enable an individual to articulate 
> their telecomunications requirements, and share that with an 
> intelligent vendor platform that was able to interpret and react with 
> relevant messaging.
>
> That's all a much longer story, but BT just wound me up enough to 
> start thinking about it.....
>
> Iain
>
>
>
> On 9 Oct 2009, at 10:59, Robin Wilton wrote:
>
>> Folks,
>>
>> Paul Madsen and Jeff Stollman have both made suggestions which I 
>> think are worthy in their own right... but even better combined.
>>
>> Paul's is that we 'collect' examples of consent anti-patterns... i.e. 
>> if you see instances of poor practice in the collection of user data, 
>> or presumed consent, or making service provision conditional on 
>> acceptance of privacy-hostile terms. You know the kind of thing; when 
>> I tried to book an eye exam online recently, the web page would not 
>> let me proceed until I had consented for the (commercial) service 
>> provider to disclose my data to public healthcare bodies (who, in the 
>> UK these days, have long since disowned any responsibility for my 
>> eye-care...). I gave up and fixed the appointment by phone...
>>
>> Jeff's is that we compile a model privacy policy, with simple options 
>> the implementer can choose from as appropriate.
>>
>> As I say, I think these are both excellent ideas and commend them to 
>> you for contribution (via the P3WG wiki, here). However, I tink we 
>> will add even more value if we're even-handed across the two themes. 
>> When you spot an anti-pattern, give some thought to how it could be 
>> done better... and then see if that could be built into the model 
>> policy proposal. For instance, in the eye-care case, if the web page 
>> is for booking an appointment, why not just collect the information 
>> necessary to make the appointment...... (sigh)
>>
>> This should be fun...
>>
>> Yrs.,
>>
>> Robin
>>
>> From: j stollman <stollman.j at gmail.com>
>> Date: 7 October 2009 20:30:58 BST
>> To: Paul Madsen <paulmadsen at rogers.com>
>> Cc: wg-p3 at kantarainitiative.org
>> Subject: Re: [Wg-p3] Consent anti-patterns
>>
>>
>> Paul,
>>
>> Please add your suggestion to the wiki at: 
>> http://kantarainitiative.org/confluence/display/p3wg/Workstream+Foci
>>
>> We will use this site to collect ideas for P3wg's strategic focus and 
>> then vote on prioritizing our ideas from the group of collected 
>> suggestions.  Be sure to provide enough detail to make a compelling 
>> case to "sell" your idea to our membership, so that it garners 
>> sufficient interest to take forward as a P3wg focus area.
>>
>> Thank you.
>>
>> Jeff
>>
>> On Wed, Oct 7, 2009 at 3:06 PM, Paul Madsen<paulmadsen at rogers.com> 
>> wrote:
>> The Oauth community likes to refer to the 'password anti-pattern', ie 
>> the existing model of requiring users provide their non-local 
>> passwords to a site that then requests identity attributes of another.
>>
>> I wonder if a relevant piece of work for P3 would be to collect 
>> 'consent anti-patterns', i.e. ill-advised UI mechanisms and sequences 
>> for collecting/managing consent that are seen in the wild.
>>
>> Off-hand, I can think of
>>
>> - providing insufficient granularity
>> - providing insufficient justification
>> - providing no graceful fallback
>> - providing insufficient support for management
>> - etc
>>
>> Collecting the many ways in which consent is 'done' poorly might help 
>> define guidelines for doing it well. Collecting instances might be 
>> cathartic as well....
>>
>> Regards
>>
>> Paul
>>
>> -- 
>> Paul Madsen
>> e:paulmadsen @ ntt-at.com
>> m:613-282-8647
>> web:connectid.blogspot.com
>> <gMwy.1.gif>
>>
>> _______________________________________________
>> Wg-p3 mailing list
>> Wg-p3 at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-p3
>>
>>
>>
>>
>> -- 
>> Jeff Stollman
>> stollman.j at gmail.com
>> 1 202.683.8699
>> _______________________________________________
>> Wg-p3 mailing list
>> Wg-p3 at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-p3
>>
>>
>> <futureidentity.vcf>_______________________________________________
>> Wg-p3 mailing list
>> Wg-p3 at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-p3
>
> Iain Henderson
> iain.henderson at mydex.org
>
> This email and any attachment contains information which is private 
> and confidential and is intended for the addressee only. If you are 
> not an addressee, you are not authorised to read, copy or use the 
> e-mail or any attachment. If you have received this e-mail in error, 
> please notify the sender by return e-mail and then destroy it.
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20091009/3b8e8640/attachment.html 


More information about the Wg-p3 mailing list