Joe,
Sure. Content wise we don’t disagree.
I ment for ‘access control’ (parent) to include ‘usage control’ (child).
But we might as well state that ‘control’ has two subtypes.
On the other hand the EC data directive talks about “protection & control” of personal data
One could argue that ‘usage control’ refers more to ‘protection’ and ‘access control’ more to ‘control’
Anyway we need both and the EC data directive had both included since 1995.
This year the European Commission will propose a review of the 1995 Data Protection Directive (95/46/EC).
This will result in a new general legal framework for the protection and control of personal data adapted to the Internet age, covering data processing operations in all sectors and policies of the EU.
This legal framework is envisioned to include the following topics:
1. Personal data management by users, requiring policy makers to shift their focus
2. Personal data processing by Social networks must go must go hand in hand with the necessary respect for personal data
3. Strengthen individuals' rights by giving them a high level of protection and control over their own data and about how and by whom their data is collected and processed
4. "Right to be forgotten," : the right to have your data fully removed when it is no longer needed for the purposes for which it was collected. (i.e. for deleting profiles on social networking sites the service provider can be relied upon to remove personal data completely).
5. Users’ right2know
a. how your Internet use is being monitored for the purposes of behavioural advertising.
b. when online retailers use previously viewed web sites as a basis to make product suggestions.
c. how to access, rectify or delete your data. Exercise these rights for free and without constraints.
d. when your personal data has been unlawfully accessed, altered or destroyed by unauthorised persons. (Obligation to notify personal data breaches beyond the currently covered telecommunications sector will be extended to other areas, such as the financial industry)
6. Data controllers are to implement effective policies to ensure compliance with the EU data protection rules, such as :
a. appointing Data Protection Officers
b. carrying out Privacy Impact Assessments
c. applying a “Privacy by Design” approach
7. Review of the 2006 Data Retention Directive (2006/24/EC), concerning the type and amount of data necessary for security reasons and whether the length of time that authorities can hold data is appropriate.
8. Tighten current procedures for international data transfers, including the so-called "adequacy procedure”, which verifies that a third country ensures an "adequate" level of protection of personal data.
Regards,
Luk Vervenne
CEOSynergetics NV/SA
Terlinckstraat 75 | 2600 Antwerp | Belgium
T(+32)3/239.58.13 | F(+32)3/239.59.88
M(+32)478.64.23.46 | VAT BE 0455.690.261
www.synergetics.be | " target="_blank">
---------------------------------------------
Disclaimer:
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company.
The integrity and security of this message cannot be guaranteed on the Internet.
Van: Joe Andrieu [mailto: " target="_blank"> ]
Verzonden: vrijdag 17 juni 2011 0:44
Aan: " target="_blank">
CC: 'Gon Zifroni'; 'Project VRM'
Onderwerp: Re: [projectvrm] VRM tool characteristics
Luk,
I've got to say Access Control is insufficient. It's not just about controlling who gets to see your data, it's about what they are allowed to do with it. Note that usage control--within a proper contractual or regulatory framework--also addresses data already out there.
-jJoe Andrieu" target="_blank">+1 (805) 705-8651
On 6/16/2011 2:53 PM, Luk Vervenne wrote:1 and 2 can be compressed (without losing meaning) into : you have full access control over you data.
While doing you also avoid using the data ownership issue. You don’t own many of ‘your’ data elements, but you do control who gets to see them.
Luk Vervenne
CEOSynergetics NV/SA
Terlinckstraat 75 | 2600 Antwerp | Belgium
T(+32)3/239.58.13 | F(+32)3/239.59.88
M(+32)478.64.23.46 | VAT BE 0455.690.261
www.synergetics.be | " target="_blank">
---------------------------------------------
Disclaimer:
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company.
The integrity and security of this message cannot be guaranteed on the Internet.
Van: Gon Zifroni [ " target="_blank">mailto: ]
Verzonden: donderdag 16 juni 2011 23:19
Aan: Project VRM
Onderwerp: Re: [projectvrm] VRM tool characteristics
Devon hi,
Yes and no, it seems to me like a potential leak.
Since it is a construction built on trust, if you decide to trust a second (vendor) or third (platform, right?) party with the same privileges as the fourth party then yes, but you clearly entrust it with your data. Even if it is granular typically you'll have repeat interactions (subsequent or at a later time).
i.e. By trusting the second or third party for that role of managing your identity (who you are) and data (what I do, who I know, where I am, where I go, what I like, what I buy, what I want, etc) you open up to tracking and profiling based on repeat exchanges (not just transactions I believe).
How did you see it though? I was also thinking of the PGP architecture.
Gon
On 16 Jun 2011, at 11:07, Devon Loffreto wrote:
Ill submit an edit:
First part #7 = 4th parties can be first, second and third parties, but can only authenticate one role per transaction.
Devon Loffreto
On Thu, Jun 16, 2011 at 9:18 AM, Gon Zifroni < " target="_blank"> > wrote:
Hi list, I've been following silently for the last year and took part in IIW 11 last year.
I'm not sure if I got everything right with the terminology, but from what I can synthesize it seems to me we're talking about a system like so:
In a VRM system...
1. your data is private
2. your data is yours
3. only fourth parties get only temporary access to shares of your data
4. third and second parties never get access to your data, the second trusts the third and the third trusts the fourth.
5. fourth parties of your choosing share your data for you
6. only fourth parties can be polled on your behalf
7. fourth parties can not be third parties too
Let me flesh this out a little bit further:
1. TOS, your data is your legal private property
2. You are the only one who has complete access to all of your data. Even if it is in the cloud, you are the only one authorized full access at any given time.
3. Only fourth parties are allowed to get and index only portions of your data, and you can set for how long that data is retained.
4. They can index it along with other people's data so they can be queried by third and second parties. The query is not a query for data but a query for matching people. The fourth party only returns to third parties the number of matching people not their identity nor data about them. Second parties can connect with first parties via the current fourth party.
5. In terms of data storage and indexing it is a federated system like email whereby you can choose your fourth party and have several for different kind of data if you choose for it, jsut like people have several email accounts.
6. see 4.
7. Fourth parties cannot make use of your data.
I'm not sure if this is exactly the logic but I thought, given the Google Wallet discussion (I think it'd be a mistake to let it aggregate, index and know about all of your transactions, see 7), that it is a good moment to zoom in and draft an architecture that by its nature keeps data private while maintining certain level of flexibility and performance. Disclosure: my background is in industrial design and architecture (housing). I moved to SF to start a LBS with a group of engineers.
I'm sure this can be further compressed into 3 or 4 basic rules that qualify any VRM system.
Gon
On 16 Jun 2011, at 03:29, Katherine Warman Kern wrote:
+1
Katherine Warman Kern
On Jun 15, 2011, at 4:36 PM, Doc Searls < " target="_blank"> > wrote:Thanks!
I had meant #4 to cover that, in the sense that "managing" one's data would include understanding it; but maybe that's not the case. Gotta think about it....
Doc
On Jun 15, 2011, at 3:44 PM, Jamie Smith wrote:
Thanks Doc, this is a great start.
Would you say that number 4 ('help customers manage') would include tools to analyse your own data?
Such tools might help you identify your own behavioural or commercial trends (for example by finding patterns in your travel expenses or your weekly shopping), and in doing so would help you better a) express intent (#3) and b) engage (#4).
I suspect that such VRM tools would not necessarily have to have this characteristic, but if they did, then I'd want it to be a separate and distinct characteristic from 'help customers manage' - perhaps along the lines of:
6. VRM tools help customers better understand their own data. This is helping the customer discover and expose new value in their own data sets, on their terms and for their own benefit.
Keen to hear your views.
JamieOn 15 June 2011 19:07, Doc Searls < " target="_blank"> > wrote:
@jamiedsmith tweeted a pointer to Alex Bogusky's New Conscious Consumer Bill of Rights...
... adding "needs more symmetry of power for consumers though".
Rather than critique or seek to improve Alex's Bill, I thought I'd post something we've needed for awhile: a list of characteristics shared by VRM tools. I did that here:
Here they are:
VRM tools are personal. As with hammers, wallets and mobile phones, people use them as individuals,. They are social only in secondary ways.
VRM tools help customers express intent. These include preferences, policies, terms and means of engagement, permissions, requests and anything else that’s possible in a free market (i.e. the open marketplace surrounding any one vendor’s silo or walled garden for “managing” captive customers).
VRM tools help customers engage. This can be with each other, or with any organization, including (and especially) its CRM system.
VRM tools help customers manage. This includes both their own data and systems and their relationships with other entities, and their systems.
VRM tools are substitutable. This means no vendor of VRM tools can lock users in.
Suggestions and improvements welcome.
Doc
Archive powered by MHonArc 2.6.19.