Our homework from the last meeting was to come up with the sorts of
questions a person might want to answer when they consider joining a site.
What should they know *before* they sign up?

Here are mine:

   - Do I need to create a new identity for this site, or can I use an
   existing one?
   - Do I need to import information into this product, or can I have it
   refer to information that's stored someplace else?
   - Can this site accept updates that I make on other sites?
   - If I update information, is that information stored on this site or can
   I ask this service to store it elsewhere?
   - Can I have other sites use the information that I've entered here?
   - Can I download a copy of everything I've provided to this service?
   - Can I download information that others have provided to the service?
   - Will this site delete my account and all associated data upon my
   request?

    Steve

Whoops, guess I posted mine in the wrong spot.  Awesome thoughts Steve
G!  Here's mine from the previous post:

The following is provided in response to a request from the Data
Portability EULA/TOS task force.  The intent is to provide the basis
for conversation related to identifying and quantifying the specific
elements that might make up a user’s DP “Bill of Rights.”

[There is a great related discussion entitled "A Bill of Rights for
Users of the Social Web” (http://datasharingsummit.com/dsswiki/
index.php?title=Bill_of_Rights)
originated by Joseph Smarr, Robert Scoble, and Michael Arrington; and
signed by more than two dozen leading individuals]

More specifically, to me, when I go to a web site I should have a
reasonable expectation as to what I can and cannot due with the data
that I bring, create, or reference within the site. And, I should
also
have reasonable understanding as to what the site owners can and
cannot due with this collection of data related to me.

On the on hand, it doesn’t really matter what those boundaries are –
provided they are disclosed up front and upheld throughout my
relationship with the site.  In this manner, I can make an informed
decision as to whether or not I choose to continue.  On the other
hand, there must be disclosure, transparency, and accountability for
this to work.

Ideally, I would go to a web site and there would prominently sit a
Data Portability badge that identified the points of compliance in
these areas that I am most concerned about.  Display of the badge
would provide the disclosure and transparency that I seek allowing me
to make an informed decision. Likewise, display of the badge would
also demonstrate accountability since the TOS identifying allowable
usage of the badge would require compliance.

Further, the badge would not likely simply state compliance or non-
compliance, rather “degrees” of participation. In a well structured
user bill of rights, it is not likely that every site I choose to
participate in will fully support every core tenant of Data
Portability. I should be able to quickly identify which of the core
elements that most interest me relevant to the site are in fact
supported by the site.

Some of the key elements in this matter are directly related to
privacy, usage, and control. From this we can then extrapolate a
series of compliance statements that hopefully begin to take the
shape
of a user’s “bill of rights.”  Specifically:

    Key concepts:
-       Data I bring, I have the right to take away
-       Data I create, I have the right to share
-       I have the right to choose who can and cannot access my data
-       I have the right to access my data internally and externally

    Specific questions:
-       User personal data is private (y/n)
-       Private data is secured (y/n)
-       Personal data is fully removed upon request (y/n)
-       Personal data is not sold or reused without permission (y/n)
-       User data is accessible outside of the website (y/n)
-       User data is available using industry standard formats (which
ones)

    Fringe thoughts:
-       Public posts can be retracted (y/n)
-       Public posts can be anonymous (y/n)

There is certainly more thought required in this area, both from me
and others. Love to get everyone else’s opinions on the matter.

-- Steve Repetti

(one of the other DP Steve's!)

On Feb 11, 12:52 pm, Steven Greenberg <green...@puzzlingevidence.net>
wrote:

Hi!
Here are my additions

Our homework from the last meeting was to come up with the sorts of

And what control do I have about this on a detailed level. Otherwise it
might be up to interpretation. So can I define controls for invidiual
profile fields etc.?

And how can I define what others are allowed to download from "my" data.

Another question might be what happens if data is transferred from one site
to another, what sort of license can be attached to it or is it then free
for all and they can export it elsewhere? How can I transmit e.g. certain
controls (like only family is allowed to see it where family could be define
by some URL and group protocol)?

So much for my quick thoughts.

-- Christian

--
Christian Scholz
http://mrtopf.de/blog

New Podcast: http://datawithoutborders.net

Draft minutes to the meeting (please review)

Attendees:
- Steve Greenberg
-Jessie Kanner
- Christian Scholz
- Phil Wolff
- Elias Bizannes

Other attendees
- Brett McDowell (via text chat)

- Recapped on last weeks agreement  that we need report back in what we
think are the freedoms users have
- Based discussion around Steve's submitted questions
- Elias mentioned http://opensocialweb.org/2007/09/05/bill-of-rights/ and
http://bradfitz.com/social-graph-problem/
- Elias raised that what it all comes down to is the ability to use data in
another system, nothing else.
- Discussion occured if deletion of data is a right
- Christian raised: http://www.raphkoster.com/gaming/playerrights.shtml
- it was clarified that the discussion is about questions people can say yes
or not to, not rights. Should be as short as possible. The chair made
comment that this is an optional thing for sites to support, and in no way
are expected to have to adopt it - it is about a simple set of questions a
person can ask when they sign up to a new service
- Jessie mentioned that the ability to delegate should be one of the
expectations ie, a doctor being able to access your health data on your
behalf
- Phil raised about data after your death, and whether it had scope

Output
- the following are the revised questions of the task force for
consideration
- the action item is to review, tweak, consolidate, tighten and add to them
by the next call

Questions
- Do I need to create a new identity for this site, or can I use an existing
one?
- Do I need to import information into this product, or can I have it refer
to information that's stored someplace else?
- Can this site accept updates that I make on other sites?
- If I update information, is that information stored on this site or can I
ask this service to store it elsewhere?
- Can I have other sites use the information that I've entered here?
- Can I download a copy of everything I've provided to this service?
- Can I download information that others have provided to the service?
- Will this site delete my account and all associated data upon my request?
- If I am banned, can I still download my data?
- Can I delegate permissions to other agents or people?
- Can I restrict the flow of my data (ie, control only aspects of a data
profile to flow to another system)

Elias Bizannes
http://liako.biz

Hi Elias, list!
just fyi: I copied your notes to the wiki.

And with the recent discussion of the Facebook TOS (I wrote about it here:
http://mrtopf.de/blog/en/who-owns-your-data-facebook-does-of-course-a...)
I wonder if we not need an additional question:

Does the site own my data?

"own" of course is the human readable form of:

irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide
license (with the right to sublicense) to (a) use, copy, publish, stream,
store, retain, publicly perform or display, transmit, scan, reformat,
modify, edit, frame, translate, excerpt, adapt, create derivative works and
distribute (through multiple tiers), any User Content you (i) Post on or in
connection with the Service or the promotion thereof subject only to your
privacy settings or (ii) enable a user to Post, including by offering a
Share Link on your website and (b) to use your name, likeness and image for
any purpose, including commercial or advertising, each of (a) and (b) on or
in connection with the Facebook Service or the promotion thereof.

Which I only understand half (esp. regarding the privacy settings) anyway
but at least as much as that FB has more rights to use my content than I'd
like (same of course of youtube et al. except the passage where it says that
this license also persists if I delete that content or leave the service
completely. But the latter should be covered by a question we already have).

-- Christian

On Wed, Feb 11, 2009 at 10:15 PM, Elias Bizannes
<elias.bizan...@gmail.com>wrote:

--
Christian Scholz
http://mrtopf.de/blog

New Podcast: http://datawithoutborders.net

Thanks for raising that Christian. On a related note, I raised this with a
Googler I know and apparently Google did a very similar thing for their
products, but faced a massive backlash that has had them react. Google did
it to protect themselves, as they potentially would get into trouble if
other people used derivative work that Google had agreements promising to
not redistribute.

So the reason Facebook is doing this is not because they want to own, but
because they need to cover their arse's in the event of a lawsuit from
either users or partners. The challenge, is trying to find a way to balance
the two. The office of the general counsel will always be a step behind the
developers and entrepreneurs creating new business models.

Something else relevant to our discussions

http://209.85.173.132/search?q=cache:QdB99ZVf_gUJ:highearthorbit.com/..."does+the+open+database+need+cc+license+modules"&hl=en&ct=clnk&cd=1&gl=au<http://209.85.173.132/search?q=cache:QdB99ZVf_gUJ:highearthorbit.com/...>

Elias Bizannes
http://liako.biz

On Tue, Feb 17, 2009 at 8:10 AM, Christian Scholz / Tao Takashi (SL) <

Location Disclosure Questions:

In which country/countries (and states/provinces) is this site's owner
incorporated?

-- This tells me: Accessibility of legal remedies, laws governing the
company.

In which countries is my data stored?

-- A lesson from the cloud computing community: When your data leaves
your country, the country where your data is stored may define and
apply rights that don't exist in your own. For example, libel,
privacy, copyright, and free speech laws vary wildly even with the EU,
let alone the whole world. You may not want your medical records to be
arbitrarily stored outside your own country.

What options do I have for controlling where my data is stored?

- Can I choose to keep my data within my country?
- Can I choose among countries or adherents to specific treaties?
Which ones?

Are all countries receiving the same terms of service? If not, which
ones are

-- Some countries don't recognize any right of privacy from the
government.
-- e.g. China, Burma, etc.

Who owns the company?

-- This reveals: potential for bias and conflicts of interest
-- e.g. Privately held, Subsidiary of, Publicly traded

Phil

Graceful Exit Questions (regarding eviction, survivor, and post-
closure rights)

EVICTION RIGHTS

What behavior would trigger your evicting me from this service?

Will you preserve my account and data if I am inactive?

What form does eviction take?
- Turn off the ability to add/modify data or correspond
- Block login to the account while preserving history
- Delete the user and their history from the space as if they never
existed

Once evicted, can an account and its history be restored?

Are evictions for a period of time or for the person's whole life?

What is the eviction process?
- What forms of notice do you give before eviction? email? phone call?
IM?
- How many warnings are given?
- How much notice is given?
- Does notice include details of an offense?
- Can corrective action change an eviction decision?

How can I appeal an eviction?
- What is the process once I've been warned?
- What is the process once I've been evicted?
- What arrangements do you have for third party mediation?

SURVIVOR RIGHTS

If I should die before your service closes:

What is the process for my estate to notify you?

What control of my data pass to my estate?

What rights to continue operating my account pass to my estate?

How can I pass my social capital to my family? My contacts, my
conversations and interactions with others, my public statements may
have sentimental, historic or economic value to my inheritors.

IN THE EVENT OF SITE CLOSURE OR OWNERSHIP TRANSFER

If your service closes before I die:

How much notice (days) will you give? What formats and channels will
you use to notify me?

In what formats will you make my data available?

With what agency will you make your archives available to members?

Mike Masnick posted an item on Techdirt yesterday proposing "a Creative
Commons-like standard setup for privacy policies". I think what he's talking
about is a small subset of what we're trying to accomplish.

http://techdirt.com/articles/20090216/1803373786.shtml

Gordon Rae