I was speaking with Aldo Castaneda this morning about Identity Rights Agreements. Aldo was one of the co-authors, along with Kaliya Hamlin and myself of a position paper on IRAs.

We had a good time talking and there were some good thoughts, but one in particular that I wanted to record dealt with getting business to accept IRAs. The problem, of course, is that if IRAs are seen to come from "privacy nuts" then business will perceive a lot of risk for not much reward. IRAs will be seen as creating a liability where none existed before.

There's an alternate view of IRAs as a technology that reduces risk. If IRAs are seen as a codification of a site's privacy policy and tools exist to use IRAs to allow a business to automatically assess and monitor its own site's compliance with it's IRAs, then this reduces risk. Privacy compliance now becomes an operational issue that can be monitored.

Of course, such tools would have to be built, but the pre-cursor to building tools is developing the standard and that's what IRAs are. I think Identity Commons, if it wants to champion IRAs ought to consider putting together an industry advisory board for them and getting industry players to see IRAs as a way to help them manage what is now unmanageable.


Please leave comments using the Hypothes.is sidebar.

Last modified: Thu Oct 10 12:47:18 2019.