Making personal EULA's work
Christian Hauck (who I met a long time ago at one of David Gurteen's early events) raises some interesting points in respect of my last post about EULA's for our information:
EULA contracts, in a way, are like patents: they are not useful if they can't be enforced at reasonable cost and effort. So in a way you enter legal terrain, which differs very much by country.
I think the utility flows two ways. By clarifying the rights given to the end user you can make it easier for them to do (or decide not to do) certain things in a simple way. If I've seen that you give me the right to use your personal information for commercial purposes then I'm in the clear. Well almost in the clear, I need proof which is another good point that you raise.
On the other hand if I deny rights to use information for some purpose then at least it's clearly understood. If a company chooses to go ahead and use the data for that purpose anyway then I have tools with may help me to gain redress. We've got some more tricks along this line but I'll keep that powder dry for now.
Just make sure to have a good (legally water-tight) system to track the versions.
One of the things which PAOGAperson does is maintain an audit trail of all activity on each persons account. The audit trail is individually encrypted (so, for example, we can't read it without permission) and is designed, so my CTO tells me, with the aim of eventually supporting CFR part 11 standards.
So, for example, we can imagine a situation in which a PAOGAbusiness requests some information from a PAOGAperson and accepts that persons EULA. The individuals audit trail tracks the data that was released, who it was released to, when it was released, the license terms under which it was accepted, and so on. The business has an audit trail tracking the license accepted, the data received, and so on.
Our first versions of the PAOGAperson interface don't achieve anything like this level of sophistication but the underlying platform (which we have invested several years of development in) does because we started in a B2B context where this kind of thing is very important.
On the subject of enforcement we're not looking to get into that business. Our aim is to be a fair broker who represents the best interests of individuals and best opportunity for business. What we will do is enable those who want control (and responsibility) to take it and give all parties better tools to manage their interactions.
A business that abuses your trust is going to get cut off from your information flow. We contend that obtaining information direct from the source (you) is ultimately superior to gathering it from 3rd parties so cutting a business off has impact on them because it puts them at a disadvantage with respect to competitors you trust. Further we think that, over time, you will share more and deeper information with the businesses that you trust building a closer relationship that will deliver more lifetime value than they could obtain by exploiting you.
In the end we think the advantages will so outweigh the disadvantages that business will see it's in their interests to comply with your wishes. They don't believe this today, but if enough people agree with us, they will believe it soon.
At that point business will have changed forever.