Social Media Standards - Privacy & TOS- Initial Thoughts

Author: Jonathan Vanasco
Contact: jonathan@findmeon.com
Date: 2008-06-09
Copyright: © 2008 Jonathan Vanasco
Version: 0.1 Working Preview (will change)

The Problem

TOS and privacy policies are insane.

  • Startups and Agencies spend tens of thousands of dollars codifying custom policies.
  • User's don't know what they're clicking on ; dense legal text often has consumer unfriendly content hidden behind unintelligible legal banter.

Confusion

  • If a user knew what 1/10 of the things in their agreements meant, they'd never sign.
  • Networks are often in the dark about what their own policies allow and prohibit

Pointlessness

  • Different companies have different policies, based on what they think they need to do with data as they please.
  • Tons of highly specific legal contracts that are expensive to write, and tough to manage.

The Solution

Social Media Standards

  • inspired by Creative Commons, Trust-E, IAB
  • simple, easy to use, consumer & corporate friendly legal policies

Dual Model for Flexibility

Layer 1 - A La Carte (Discouraged)

  • AKA 'The Stripe' or 'The Rainbow'
  • Iconic and simple to understand options across a range of privacy concerns
  • Sites create their own 'stack' out of the options, and can graphically display the contract to users, which leads back to simple-to-understand text on the Social Media Standards site

Layer 2 - Iconic (Encouraged)

  • Icons created and marketed for ~6 common-use stacks

Enforcement

Two contracts exist through this system

  • The website and the user.
  • The website and Social Media Standards. By displaying / using the Iconic, Layer, and textual contracts provided by Social Media Standards, the website enters a contract with the Social Media Standards group. Misuse of the contracts renders the website liable for breech of contract with the Social Media Standards group in addition to users.

Actual License or Guarantee ?

Continuing debate

Should the usage of icons constitute an actual usage of the license, or a guarantee to meet the qualifications for the icon/license.

Actual Usage

Simpler to manage, though most corporations will need additional terms of service to handle their needs, Displaying the SMS icons means using the corresponding SMS contract verbatim.

Guarantee

Harder to manage, but allows users to view long EULAs as with an iconic 'cliff notes'. This allows corporations more freedom in customizing their uses. Displaying the SMS icons means guaranteeing the corporate contract meets the qualifications / compatibility of the SMS contract.

Content vs Activity

Content and Activity have been separated

Content

Content is entering in text or saying "I am friends with 'PersonA@Email.com'".

Activity

Activity is the button/relation that says "uid2 is friends with uid3 on this system". ie: click-to-define friendships, favoriting, music tracking.

Summary

The rationale is that owning a 'friendslist' and an 'addressbook' are two entirely different things.

In spirit: If you are entering in the addressbook, it is your content. If you are favoriting someone, or incorporating a link to their content, it wasn't yours to begin with - its just an action, no data is uploaded.

In practice: Most of kinds of data we're talking about aren't copyrightable. They're just collections of data. Some of them are curated lists that would fall under copyrightable information, but others are just raw data.

Goals

Clear Licensing & Implementation

Flickr's use of CC is a shining example of clear and simple licensing.

Fairness to Users

MySpace is a great example of privacy fairness: Closing an account kills postings / history. Facebook claims too much ownership over entered data.

Fairness to Community

Replies are meaningless on bulletin boards, or sites like Twitter if the original posting disappears. Data ownership/licensing/use must take that into account.

Fairness to Company

In order to have standards adopted, we need companies to join in. If policies are too lax, no one will embrace them.

The Spec

Working

Terms of Service : Data Portability

Access-Content

  • The site guarantees a full portability API - All information entered can be exported.
  • The site guarantees a limited API - Most information entered can be exported.
  • The site makes no guarantee of an API
  • Automated connections are not allowed.

Access-Activity

Same options as Access-Content

Privacy Policy

Personal Information

  • Site can / not use for anything internal
  • Site can / not rent to third parties (without explicit approval)
  • Site can / not sell to third parties(without explicit approval)
  • Site does not collect or utilize information

Aggregate/Anonymous Information

  • Site can / not use for anything internal
  • Site can / not rent to third parties (without explicit approval)
  • Site can / not sell to third parties (without explicit approval)
  • Site does not collect or utilize information

Content Rights - Ownership & Licensing

The content I enter is...

  • copyright by me, and released under a specific CC license [A,B,C]
  • copyright by me, may be revoked from the network at any time
  • copyright me, the network has an irrevocable license to use it as I originally intended (this is compatible with also having a CC license)
  • copyright me, the network has an irrevocable license to use it however they see fit
  • has the copyright / ownsership assiged to the network on-network

The activity I enter / the network moderates is...

  • the network makes a promise to make ALL of this information freely available to the user
  • the network makes a promise to make SOME of this information freely available to the user
  • the network makes no promise to make any of this information freely available to the user

Content Rights - Ownership & Licensing In practice ( examples of above )

When I stop using this service

  • the service must destroy my content
  • the service may continue to publish my content unless I explicitly ask them to destroy it
  • the service has a irrevocable right to continue publishing my content

Content Rights - Portability, Distribution & Sharing

My content can be viewable / made portable

  • to no one ie: privately published
  • to anyone requesting it with an auth mechanism that limits/expands their scope as I see fit
  • to anyone requesting it

Third Party APIs may access/index my content

  • at their leisure
  • if I explicitly allow
  • unless I explicitly block
  • under no conditions

Recommended Configurations

Gazelle

A sample of the the selected Privacy and TOS points designed to be flexible for both users and networks

Access-Content

  • Most information entered can be exported

Access-Activity

  • Most information entered can be exported

Personal Information

  • Site can use for anything internal
  • Site can not rent to third parties
  • Site can not sell to third parties

Aggregate/Anonymous

  • Site can use for anything internal
  • Site can rent to third parties
  • Site can sell to third parties

Content Rights - Ownership & Licensing

  • The content I enter is:
  • copyright me, the network has an irrevocable license to use it as I originally intended

The activity I enter is...

  • the network makes a promise to make SOME of this information freely available to the user

When I stop using this service

  • the service has a irrevocable right to continue publishing my content

My content can be viewable / made portable

  • to anyone requesting it with an auth mechanism that limits/expands their scope as I see fit

Copyright & Licensing

Copyright 2008 Jonathan Vanasco

This essay is released under the Creative Commons Attribution-No Derivative Works 3.0 United States License.

SPECIAL THANKS to Toby Boudreaux @ The Barbarian Group. Toby constantly belittled the idea of the striped licensing as it would cause extreme confusoion throug too many permutations, mandating simple iconic options that users will remember, and advances won't be lost on through needless customization.


This Document was authored in reStructuredText