I'm at VRM Day before IIW, and the morning's primary topic is MyTerms, the newly published IEEE 7012 standard. MyTerms specifies a protocol for machine-readable personal privacy terms—terms that individuals proffer to websites and services, not the other way around. Both sides keep records of the agreement. The individual is the first party, rather than the second. That inversion matters more than it might seem at first glance; it is first person identity made operational in protocol.

What caught my attention is how naturally MyTerms connects to the duty of loyalty requirement in SEDI. The SEDI legislation places a fiduciary obligation on institutions that use or rely on a state-endorsed digital identity: they owe a duty of loyalty to the person whose identity they are using. That is a powerful legal principle, but it needs a mechanism. How does an individual express what loyalty looks like in a specific interaction? How does the institution know what it has agreed to? MyTerms can answer both questions. The individual's machine-readable terms define the boundaries of the relationship, and both parties hold a record of the agreement. The duty of loyalty gets teeth when there is a concrete, auditable expression of what the individual expected.

There may be details that need to shift to make this work cleanly—MyTerms was not designed with SEDI in mind, and SEDI's duty of loyalty was not written with a specific protocol in view. But the conceptual fit is striking. SEDI provides the legal foundation that gives people standing as first parties; MyTerms gives those first parties a language for saying what they want. One without the other is incomplete. Together, they start to look like the infrastructure for digital relationships where people are not merely data subjects but participants with enforceable expectations.

Photo Credit: MyTerms Exchange from DALL-E (public domain)