• Skip to primary navigation
  • Skip to main content

Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

  • About
  • Services
  • Media Coverage
  • Podcast
  • Blog
  • Contact
  • Show Search
Hide Search

Identity Rights

Bills of Rights Reposted

Kaliya Young · September 7, 2017 ·

The Many Bills of Rights

This was originally published 1 August 2011
The second recommendation of the World Economic Forum report Personal Data: The Emergence of a New Asset Class after innovation around User-Centricity and Trust is the definition of global principles for using and sharing personal data.
The The Startup Circle of PDEC is forming and defining its core principles now too.
This post is an aggregation of Bills of Rights and Principles developed about data, privacy and social networks.
September 2010

Visions and Principles for the Personal Data Ecosystem

by Kaliya Hamlin, Identity Woman
The future is at stake – without control over our own personal data, having a copy of all the digital bread crumbs we are leaving behind in the digital world, we leave ourselves to be tracked, and potentially manipulated by commercial interests without our knowledge.
This presents a vision for core aspects of the emerging interoperable, open standards based ecosystem of personal data services – rooted in the core functionality of a Personal Data Store – the vault/locker/services/broker where all an individuals data is collected and stored and managed.
Dignity of the Individual is Core Human dignity must lie at the core of the Personal Data Ecosystem. People must be able to shape how they represent themselves in digital contexts. People need the freedom to shape how they present themselves and how the data they generate in their lives is collected and used.
Systems Must Respect Relationships Relationships must be respected between people, between people and groups, and between groups and groups.  The Personal Data Ecosystem must respect that people and communities have different levels of publicness.  The relationships that people have with one another must be respected and the social context in which they are formed must be honored.
Remember the Greatness of Groups Personal Data and control over it give people a core human dignity.  It also must be remembered that human social life and human identity is shaped by our participation and membership in groups. It is the core organizing form of our society. Fundamental functionality must enable people to organize in groups, and it must be abstracted from any particular service or domain space.
The Social Web is not Networked Individualism People broadcasting what they do to their friends or followers does not make a social web; communities and groups do.
Protocols that Enable Broad Possibilities are Essential Protocols matter deeply: they shape what is possible by their definition of use cases that are possible or not in a given protocol landscape.   To have a truly social and dynamic web, there is a role for protocols that are designed specifically for that purpose, not just to create web pages or send emails.
Open Standards for Data and Metadata are Essential It is vital that the personal data store ecosystem be interoperable with open standards so people are free to choose which personal data services they wish to use.  Just like people are free to pick which bank to hold their money and provide services to them in the financial realm.
Defaults Must Work for Most People Most of the Time All systems have defaults.  The paradox of choice is that more options can overwhelm people and they end up not considering the choices they have. Real people need to have input into the creation and ongoing development of systemic defaults.
Norms and Practices in the Personal Data Ecosystem Must be Backed up by Law Emerging technologies need to have legal agreements and frameworks innovated to match their functionality.  The work on the legal framework for this ecosystem is as important as the protocols and code that make it go.
Business Opportunities Abound in this New Personal Data Ecosystem The paradigm of user collection, control and management of the personal data they are creating implicitly and explicitly around the web is a huge opportunity for services and ways of doing business. Creativity is needed to think through these new possibilities.
Diversity is Key to the Success of the Personal Data Ecosystem Large companies and nimble startups are all needed for the success of this emerging ecosystem.
 
 
September 2010

PDX Principles

by Phil Windley, CTO Kynetx, Technometria Blog
Here’s a list of a few things that I think distinguish a PDX from just places where your personal data is stored:

  • user-controlled – the user needs to be in control of the data, who has access, and how it is used. Once that data is in my PDX, I make decisions about it. That doesn’t mean the data might not also be somewhere else. For example, data about my purchases from Amazon will certainly be stored at Amazon and not under my control. But I might also be emailing the receipts to a service that parses them and puts the data in my PDX for my use.
  • federated – there isn’t one place where your data is stored, but multiple places that the data needs to be able to flow between, in a permissioned way. There’s no center, just a lot of cooperating system with my PDX orchestrating the interactions. While Amazon might not give my PDX access to and control over my transactions, my phone company might provide a PDX-capable contact service where I choose to store my contact information.
  • interoperable – various PDX services and brokers have to be able to operate together according to standards to perform their roles. When I take money out of my account at Wells Fargo and deposit it at Chase, I don’t lose part of the value because Chase doesn’t know how to handle some part of the transaction. The monetary system is interoperable with standards and, sometimes, shims that connect it all together.
  • semantic – a PDX knows more about the data that it holds than existing data stores do. Consider Dropbox. I can put all kinds of things in my Dropbox, but it’s syntactic, not semantic. By that I mean that if I want to put healthcare data in Dropbox and control who uses it, I create a folder and put the data in it with specific permissions. The fact that there is a folder with a certain name located at a particular place in the folder hierarchy is purely syntactic. In a semantic world, the data itself is tagged as healthcare data and no matter where it is, it’s protected according to the policies I’ve put in place.
  • portability – a PDX doesn’t trap data in proprietary formats. If my phone company is storing my contact data in the cloud and I decide that I want to move it to my own server or another service, I can—from a technical as well as a policy standpoint. Note that this doesn’t mean we have to wait until thousands upon thousands of data format specification get hammered out. Semantic metadata can provide a means of translating from one format to another.
  • metadata management – one of the primary roles of the PDX is managing data about my data. What are the roles I’ve created? What permissions have I granted as exceptions to the defaults? What semantics surround the various data fields? What data sharing, encoding, and encrypting policies have I created? All of this has to be kept and managed in my behalf in the PDX.
  • broker services – the PDX is a place where the user manages a federated network of data stores. As an example of why this is important, consider the shortcomings of OAuth. If I use an application that needs access to four OAuth mediated APIs, I have to go through the OAuth ceremnoy with each API provider separately. Now consider that I might have dozens of apps that use a popular API. I have to go through the OAuth ceremony for each of them separately. In short a broker saves us from the N x M explosion of permissioning ceremonies. Similarly for various data services.
  • discoverable – a PDX should provide discoverability for its APIs and schemas so that any application I’m interested in knows how to interact with it. Discoverability protects users from having to completely specify addresses, mappings, and schemas to every application that comes along.
  • automatable and scriptable – a PDX without automation is worse than no PDX at all because it burdens the user rather than saving effort. A PDX will be a player in a larger ecosystem of services. I don’t see is as a mere API that allows services and applications to GET and PUT data—it’s not WEBDAV on steoids. The PDX is an active participant in the greater ecosystem of services that are cooperating on the user’s behalf.

June 18, 2010

Social Network Users’ Bill of Rights

Computers Freedom and Privacy Conference
For more background on the social network users’ bill of rights, also known as #BillOfRights, please see It’s time for a Social Network Users’ Bill of Rights,
We the users expect social network sites to provide us the following rights in their Terms of Service, Privacy Policies, and implementations of their system:

  • Honesty: Honor your privacy policy and terms of service
  • Clarity: Make sure that policies, terms of service, and settings are easy to find and understand
  • Freedom of speech: Do not delete or modify my data without a clear policy and justification
  • Empowerment : Support assistive technologies and universal accessibility
  • Self-protection: Support privacy-enhancing technologies
  • Data minimization: Minimize the information I am required to provide and share with others
  • Control: Let me control my data, and don’t facilitate sharing it unless I agree first
  • Predictability: Obtain my prior consent before significantly changing who can see my data.
  • Data portability: Make it easy for me to obtain a copy of my data
  • Protection: Treat my data as securely as your own confidential data unless I choose to share it, and notify me if it is compromised
  • Right to know: Show me how you are using my data and allow me to see who and what has access to it.
  • Right to self-define: Let me create more than one identity and use pseudonyms. Do not link them without my permission.
  • Right to appeal: Allow me to appeal punitive actions
  • Right to withdraw: Allow me to delete my account, and remove my data

 
May 19, 2010

A Bill of Privacy Rights for Social Network Users

Commentary by Kurt Opsahl, EFF
Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connections with loved ones, family, friends and colleagues. They have access to extremely sensitive information, including data gathered over time and from many different individuals.
Here at EFF, we’ve been thinking a lot recently about what specific rights a responsible social network service should provide to its users. Social network services must ensure that users have ongoing privacy and control over personal information stored with the service. Users are not just a commodity, and their rights must be respected. Innovation in social network services is important, but it must remain consistent with, rather than undermine, user privacy and control. Based on what we see today, therefore, we suggest three basic privacy-protective principles that social network users should demand:
#1: The Right to Informed Decision-Making
Users should have the right to a clear user interface that allows them to make informed choices about who sees their data and how it is used.
Users should be able to see readily who is entitled to access any particular piece of information about them, including other people, government officials, websites, applications, advertisers and advertising networks and services.
Whenever possible, a social network service should give users notice when the government or a private party uses legal or administrative processes to seek information about them, so that users have a meaningful opportunity to respond.
#2: The Right to Control
Social network services must ensure that users retain control over the use and disclosure of their data. A social network service should take only a limited license to use data for the purpose for which it was originally given to the provider. When the service wants to make a secondary use of the data, it must obtain explicit opt-in permission from the user. The right to control includes users’ right to decide whether their friends may authorize the service to disclose their personal information to third-party websites and applications.
Social network services must ask their users’ permission before making any change that could share new data about users, share users’ data with new categories of people, or use that data in a new way. Changes like this should be “opt-in” by default, not “opt-out,” meaning that users’ data is not shared unless a user makes an informed decision to share it. If a social network service is adding some functionality that its users really want, then it should not have to resort to unclear or misleading interfaces to get people to use it.
#3: The Right to Leave
Users giveth, and users should have the right to taketh away.
One of the most basic ways that users can protect their privacy is by leaving a social network service that does not sufficiently protect it. Therefore, a user should have the right to delete data or her entire account from a social network service. And we mean really delete. It is not enough for a service to disable access to data while continuing to store or use it. It should be permanently eliminated from the service’s servers.
Furthermore, if users decide to leave a social network service, they should be able to easily, efficiently and freely take their uploaded information away from that service and move it to a different one in a usable format. This concept, known as “data portability” or “data liberation,” is fundamental to promote competition and ensure that users truly maintain control over their information, even if they sever their relationship with a particular service.
 
June 22, 2009

A Declaration of Health Data Rights

endorsed by many organizations and companies
In an era when technology allows personal health information to be more easily stored, updated, accessed and exchanged, the following rights should be self-evident and inalienable. We the people:

  1. Have the right to our own health data
  2. Have the right to know the source of each health data element
  3. Have the right to take possession of a complete copy of our individual health data, without delay, at minimal or no cost; if data exist in computable form, they must be made available in that form
  4. Have the right to share our health data with others as we see fit

These principles express basic human rights as well as essential elements of health care that is participatory, appropriate and in the interests of each patient. No law or policy should abridge these rights.
 
2009

The New Deal on Data

Mobility in a Networked World The Global Information Technology Report 2008-2009,  World Economic Forum
The first step toward open information markets is to give people ownership of their data.  The simplest approach to defining what it means to “own your own data” is to go back to Old English Common Law for the three basic tenets of ownership, which are the rights of possession, use, and disposal:
1. You have a right to possess your data. Companies should adopt the role of a Swiss bank account for your data.  You open an account (anonymously, if possible), and you can remove your data whenever you’d like.
2. You, the data owner, must have full control over the use of your data. If you’re not happy with the way a company uses your data, you can remove it. All of it. Everything must be opt-in, and not only clearly explained in plain language, but with regular reminders that you have the option to opt out.
3. You have a right to dispose or distribute your data. If you want to destroy it or remove it and redeploy it elsewhere, it is your call. Ownership seems to be the minimal guideline for the “new deal on data.”  There needs to be one more principle, however—which is to adopt policies that encourage the combination of massive amounts of anonymous data to promote the Common Good.  Aggregate and anonymous location data can dramatically improve society. Patterns of how people move around can be used for early identification of infectious disease outbreaks, protection of the environment, and public safety. It can also help us measure the effectiveness of various government programs, and improve the transparency and accountability of government and nonprofit organizations.
 
March 2008

The Properties of Identity

At a Crossroads: Personhood and Digital Identity in the Information Society
articulated by Bob Blakley, Jeff Broberg, Anthony Nadalin, Dale Olds, Mary Ruddy, Mary Rundle, and Paul Trevithick.
Identity behaves according to a number of observable properties, as follows:
Identity is social. Humans are naturally social. To engage in social interactions (including commerce) people need something that persists and that can be used as a basis for recognition of others – an “identity”.
Identity is subjective. Different people have different experiences with the same individual and therefore attribute different characteristics to that individual; that is, they will construct different identities for him.
Identity is valuable. By building a history of a person’s past actions, exchange of identity information creates social capital and enables transactions that wouldn’t be possible without identity.  In other words, identity lends predictability to afford a comfortable level of confidence for people making decisions.
Identity is referential. An identity is not a person; it is only a reference to a person. Even if a person develops spin-off personas so that other people know him through those various digital identities, and even if others create profiles of a person, ultimately the collection of characteristics that signal who a person is need to point back to that person.
Identity is composite. Some information about a person arises from the person himself; he volunteers it. But other information about him is developed by others without his involvement.
Identity is consequential. Because identity tells of a person’s past actions, the decision to exchange identity information carries consequences: Disclosure of identity information in a certain context can cause harm; failure to disclose identity information in another context can create risk.
Identity is dynamic. Identity information is always changing; any particular identity dossier might be inaccurate at any given moment.
Identity is contextual. People have different identities that they may wish to keep entirely separate. Information can be harmful in the wrong context, or it can simply be irrelevant. Keeping identities separate allows a person to have more autonomy.
Identity is equivocal. The process of identification is inherently error-prone.
 
September 5, 2007

A Bill of rights for Users of the Social Web

By Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington, Open Social Web
We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:
Ownership of their own personal information, including:

  • their own profile data
  • the list of people they are connected to
  • the activity stream of content they create;

Control of whether and how such personal information is shared with others; and
Freedom to grant persistent access to their personal information to trusted external sites.
Sites supporting these rights shall:

  • Allow their users to syndicate their own profile data, their friends list, and the data that’s shared with them via the service, using a persistent URL or API token and open data formats;
  • Allow their users to syndicate their own stream of activity outside the site;
  • Allow their users to link from their profile pages to external identifiers in a public way; and
  • Allow their users to discover who else they know is also on their site, using the same external identifiers made available for lookup within the service.

 
April 25, 2007

The Data Bill of Rights

By John Battelle, The Search Blog
So, I submit for your review, editing and clarification, a new draft of what rights we, as consumers, might demand from companies making hay off the data we create as we trip across the web:

  • Data Transparency. We can identify and review the data that companies have about us. A sticky issue is whether we can also identify and review data that is made about us based on other data the company might have. (IE, based on your behavior, we at Amazon know you might also like….)
  • Data Portability. We can take copies of that data out of the company’s coffers and offer it to others or just keep copies for ourselves.
  • Data Editing. We can request deletions, editing, clarifications of our data for accuracy and privacy.
  • Data Anonymity. We can request that our data not be used, cognizant of the fact that that may mean services are unavailable to us.
  • Data Use. We have rights to know how our data is being used inside a company.
  • Data Value. The right to sell our data to the highest bidder.
  • Data Permissions. The right to set permissions as to who might use/benefit from/have access to our data.

Read more: http://battellemedia.com/archives/2007/04/the_data_bill_of_rights#ixzz1KwXPBJkN
 
July 27, 2005

AttentionTrust.org: a Declaration of Gestural Independence

By Seth Goldstein
The choruses of attention, data, privacy and identity are all converging in one giant conceptual mashup, which stretches from Web 2.0 pundits to members of Congress grappling with identity theft regulation. Lost at times are the basic rights we are fighting for, which I understand to be:

  • You have the right to yourself.
  • You have the right to your gestures.
  • You have the right to your words.
  • You have the right to your interests.
  • You have the right to your attention.
  • You have the right to your intentions.

 
May 2005

Laws of Identity

1. User Control and Consent: Digital identity systems must only reveal information identifying a user with the user’s consent.
2. Limited Disclosure for Limited Use: The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
3. The Law of Fewest Parties: Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
4. Directed Identity: A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
5. Pluralism of Operators and Technologies: A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
6. Human Integration: A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
7. Consistent Experience Across Contexts: A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.
 
January 26th, 2000

A Declaration of the Rights of Avatars

by Rolf Kosters
When a time comes that new modes and venues exist for communities, and said modes are different enough from the existing ones that question arises as to the applicability of past custom and law; and when said venues have become a forum for interaction and society for the general public regardless of the intent of the creators of said venue; and at a time when said communities and spaces are rising in popularity and are now widely exploited for commercial gain; it behooves those involved in said communities and venues to affirm and declare the inalienable rights of the members of said communities. Therefore herein have been set forth those rights which are inalienable rights of the inhabitants of virtual spaces of all sorts, in their form henceforth referred to as avatars, in order that this declaration may continually remind those who hold power over virtual spaces and the avatars contained therein of their duties and responsibilities; in order that the forms of administration of a virtual space may be at any time compared to that of other virtual spaces; and in order that the grievances of players may hereafter be judged against the explicit rights set forth, to better govern the virtual space and improve the general welfare and happiness of all.
Therefore this document holds the following truths to be self-evident: That avatars are the manifestation of actual people in an online medium, and that their utterances, actions, thoughts, and emotions should be considered to be as valid as the utterances, actions, thoughts, and emotions of people in any other forum, venue, location, or space. That the well-established rights of man approved by the National Assembly of France on August 26th of 1789 do therefore apply to avatars in full measure saving only the aspects of said rights that do not pertain in a virtual space or which must be abrogated in order to ensure the continued existence of the space in question. That by the act of affirming membership in the community within the virtual space, the avatars form a social contract with the community, forming a populace which may and must self-affirm and self-impose rights and concomitant restrictions upon their behavior. That the nature of virtual spaces is such that there must, by physical law, always be a higher power or administrator who maintains the space and has complete power over all participants, but who is undeniably part of the community formed within the space and who must therefore take action in accord with that which benefits the space as well as the participants, and who therefore also has the rights of avatars and may have other rights as well. That the ease of moving between virtual spaces and the potential transience of the community do not limit or reduce the level of emotional and social involvement that avatars may have with the community, and that therefore the ease of moving between virtual spaces and the potential transience of the community do not in any way limit, curtail, or remove these rights from avatars on the alleged grounds that avatars can always simply leave.
Articles:

  1. Avatars are created free and equal in rights. Special powers or privileges shall be founded solely on the common good, and not based on whim, favoritism, nepotism, or the caprice of those who hold power. Those who act as ordinary avatars within the space shall all have only the rights of normal avatars.
  2. The aim of virtual communities is the common good of its citizenry, from which arise the rights of avatars. Foremost among these rights is the right to be treated as people and not as disembodied, meaningless, soulless puppets. Inherent in this right are therefore the natural and inalienable rights of man. These rights are liberty, property, security, and resistance to oppression.
  3. The principle of all sovereignty in a virtual space resides in the inalterable fact that somewhere there resides an individual who controls the hardware on which the virtual space is running, and the software with which it is created, and the database which makes up its existence. However, the body populace has the right to know and demand the enforcement of the standards by which this individual uses this power over the community, as authority must proceed from the community; a community that does not know the standards by which the administrators use their power is a community which permits its administrators to have no standards, and is therefore a community abetting in tyranny.
  4. Liberty consists of the freedom to do anything which injures no one else including the weal of the community as a whole and as an entity instantiated on hardware and by software; the exercise of the natural rights of avatars are therefore limited solely by the rights of other avatars sharing the same space and participating in the same community. These limits can only be determined by a clear code of conduct.
  5. The code of conduct can only prohibit those actions and utterances that are hurtful to society, inclusive of the harm that may be done to the fabric of the virtual space via hurt done to the hardware, software, or data; and likewise inclusive of the harm that may be done to the individual who maintains said hardware, software, or data, in that harm done to this individual may result in direct harm done to the community.
  6. The code of conduct is the expression of the general will of the community and the will of the individual who maintains the hardware and software that makes up the virtual space. Every member of the community has the right to contribute either directly or via representatives in the shaping of the code of conduct as the culture of the virtual space evolves, particularly as it evolves in directions that the administrator did not predict; the ultimate right of the administrator to shape and define the code of conduct shall not be abrogated, but it is clear that the administrator therefore has the duty and responsibility to work with the community to arrive at a code of conduct that is shaped by the input of the community. As a member of the community himself, the administrator would be damaging the community itself if he failed in this responsibility, for abrogation of this right of avatars could result in the loss of population and therefore damage to the common weal.
  7. No avatar shall be accused, muzzled, toaded, jailed, banned, or otherwise punished except in the cases and according to the forms prescribed by the code of conduct. Any one soliciting, transmitting, executing, or causing to be executed, any arbitrary order, shall be punished, even if said individual is one who has been granted special powers or privileges within the virtual space. But any avatar summoned or arrested in virtue of the code of conduct shall submit without delay, as resistance constitutes an offense.
  8. The code of conduct shall provide for such punishments only as are strictly and obviously necessary, and no one shall suffer punishment except it be legally inflicted according to the provisions of a code of conduct promulgated before the commission of the offense; save in the case where the offense endangered the continued existence of the virtual space by attacking the hardware or software that provide the physical existence of the space.
  9. As all avatars are held innocent until they shall have been declared guilty, if detainment, temporary banning, jailing, gluing, freezing, or toading shall be deemed indispensable, all harshness not essential to the securing of the prisoner’s person shall be severely repressed by the code of conduct.
  10. No one shall be disquieted on account of his opinions, provided their manifestation does not disturb the public order established by the code of conduct.
  11. The free communication of ideas and opinions is one of the most precious of the rights of man. Every avatar may, accordingly, speak, write, chat, post, and print with freedom, but shall be responsible for such abuses of this freedom as shall be defined by the code of conduct, most particularly the abuse of affecting the performance of the space or the performance of a given avatar’s representation of the space.
  12. The security of the rights of avatars requires the existence of avatars with special powers and privileges, who are empowered to enforce the provisions of the code of conduct. These powers and privileges are therefore granted for the good of all and not for the personal advantage of those to whom they shall be entrusted. These powers and privileges are also therefore not an entitlement, and can and should be removed in any instance where they are no longer used for the good of all, even if the offense is merely inactivity
  13. A common contribution may, at the discretion of the individual who maintains the hardware, the software, and the data that make up the virtual space, be required in order to maintain the existence of avatars who enforce the code of conduct and to maintain the hardware and the software and the continued existence of the virtual space. Avatars have the right to know the nature and amount of the contribution in advance, and said required contribution should be equitably distributed among all the citizens without regard to their social position; special rights and privileges shall never pertain to the avatar who contributes more except insofar as the special powers and privileges require greater resources from the hardware, software, or data store, and would not be possible save for the resources obtainable with the contribution; and as long as any and all avatars are able to make this contribution and therefore gain the powers and privileges if they so choose; nor shall any articles of this declaration be contingent upon a contribution being made.
  14. The community has the right to require of every administrator or individual with special powers and privileges granted for the purpose of administration, an account of his administration.
  15. A virtual community in which the observance of the code of conduct is not assured and universal, nor the separation of powers defined, has no constitution at all.
  16. Since property is an inviolable and sacred right, and the virtual equivalent is integrity and persistence of data, no one shall be deprived thereof except where public necessity, legally determined per the code of conduct, shall clearly demand it, and then only on condition that the avatar shall have been previously and equitably indemnified, saving only cases wherein the continued existence of the space is jeopardized by the existence or integrity of said data.
  17. The administrators of the virtual space shall not abridge the freedom of assembly, save to preserve the performance and continued viability of the virtual space.
  18. Avatars have the right to be secure in their persons, communications, designated private spaces, and effects, against unreasonable snooping, eavesdropping, searching and seizures, no activity pertaining thereto shall be undertaken by administrators save with probable cause supported by affirmation, particularly describing the goal of said investigations.
  19. The enumeration in this document of rights shall not be construed to deny or disparage others retained by avatars.

 
September 23, 1980

OECD privacy guidelines, part 2: Basic Principles of National Application

Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except:
a)    with the consent of the data subject; or
b)    by the authority of law.
Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
Openness Principle: There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
Individual Participation Principle: An individual should have the right:
a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
b) to have communicated to him, data relating to him
1. within a reasonable time;
2. at a charge, if any, that is not excessive;
3. in a reasonable manner; and
4. in a form that is readily intelligible to him;
c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and
d) to challenge data relating to him and, if the challenge is  successful to have the data erased, rectified, completed or amended.
Accountability Principle: A data controller should be accountable for complying with measures which give effect to the principles stated above.

TEDx Constitution Drive: Exploring Identity

Kaliya Young · October 19, 2016 ·

After TEDxBrussels in 2011 I was invited to present at TEDx Constitution Drive. Enjoy!

Talk at TEDx Brussels

Kaliya Young · October 19, 2016 ·

I was invited to give a talk at TEDx Brussels.
I explain Identity in the context of the Future. Enjoy!

Identity and Social Justice

Kaliya Young · October 18, 2016 ·

I co-presented Identification and Social Justice with Bob Blakley who is the Global Director, Information Security Innovation at Citi as the closing keynote at the Cloud Identity Summit in Colorado.
I gave this presentation in 2012 at the Cloud Identity Summit as the Closing Keynote address. It highlights issues that surround the rich having privilege and able to manage their identities more favorably then the poor.
 

Identification and social justice from Kaliya “Identity Woman” Young

Facebook so called "real names" and Drag Queens

Kaliya Young · September 25, 2014 · Leave a Comment

So, Just when we thought the Nym Wars were over at least with Google / Google+.
Here is my post about those ending including a link to an annotated version of all the posts I wrote about my personal experience of it all unfolding.
Facebook decided to pick on the Drag Queens – and a famous group of them the Sisters of Perpetual Indulgence.  Back then I called for the people with persona’s to unite and work together to resist what Google was doing. It seems like now that Facebook has taken on the Drag Queens a real version of what I called at the time the Million Persona March will happen.
One of those affected created this graphic and posted it on Facebook by Sister Sparkle Plenty:
MyNameIs
Facebook meets with LGBT Community Over Real Name Policy  on Sophos’ Naked Security blog.
EFF covers it with Facebook’s Real Name Policy Can Cause Real World Harm in LGBT Community.
Change.org has a petition going. Facebook Allow Performers to Use Their Stage Names on their Facebook Accounts.
 
 
 
 

We "won" the NymWars? did we?

Kaliya Young · September 23, 2014 · Leave a Comment

Short answer No – I’m headed to the protest today at Facebook.
A post about the experience will be up here by tomorrow. I’ll be tweeting from my account there which is of course @identitywoman
 
______
Post from Sept 2014
Mid-July,  friend called me up out of the blue and said “we won!”
“We won what” I asked.
“Google just officially changed its policy on Real Names”
He said I had  to write a post about it. I agreed but also felt disheartened.
We won but we didn’t it took 3 years before they changed.
They also created a climate online where it was OK and legitimate for service providers to insist on real names.
For those of you not tracking the story – I along with many thousands of people had our Google+ accounts suspended – this posts is an annotated version of all of those.
This was the Google Announcement:
[Read more…] about We "won" the NymWars? did we?

Real Names vs Nyms at Quora & Unconferences

Kaliya Young · July 30, 2012 · 1 Comment

I am again in a #nymwar [wikipedia & Botgirl’s Scoop.it] situation that I actually care about. I have been denied full participation in Quora for a long long time now because my last name was listed as IdentityWoman (ironically my answer to why having control over your identity and personal data online matters did go through but then was put into suspension when they insisted on changing my name to a WASPonym).
Now there is a thread all about an unconfernece for women of Quora and they have mentioned both Unconference.net my business and She’s Geeky that I founded in the threads. I for this one important conversation bow to the “feudal lord”  of Quora as their humble “content producing servent” share my so-called real name…and help them have a good unconference and raise the issues of real name requirements within the context of real human beings who engage with the site all the time and hopefully staff as well.  Until we have the freedom to choose our names for public interactions on the web – to define our own identities based on our context and how we wish to appear where – we do not live in a free society.
 
Before they “banned” me for having the wrong color skin name. I got to write an eloquent to this question (posted below since it isn’t on their site).
Why does owning one’s own online identity and personal data matter?
and was voted to the top (with 5 votes) by others…but now that answer isn’t there cause I didn’t use my real name.
So now you can’t see it…this is akin to not letting me sit somewhere in a public space because the color of my skin is the wrong one OR I happen to sit in a wheel chair to get around and there isn’t room in our restaurant and they are in violation of American’s with Disabilities Act.
The women of Quora are talking about organizing an unconfernece and found two of my organizations/sites and are enthusiastic about them. I am totally unable to talk to them about their ideas or my sites unless I pass their “real names” test….you know like a pole tax … that Bob and I talked about in our Cloud Identity Summit closing Keynote about Identification and Social Justice (slides and videos will be online soon).
My answer to:
Why does owning one’s own online identity and personal data matter?

We own our own bodies – we have freedom and autonomy to move around the physical world.  We have rights and freedoms; If our physical lives are terminated there are consequences.
In the digital world many people are not the primary “owner” of their own identity (in digital space the equivalent of a physical body is a persistent identifier like an e-mail address or a URL or phone number).  Most people’s identity on the web is “under” terms and conditions of a private company and they can terminate people’s accounts, their identities, without recourse.
Many companies with which people have their identities “under” choose to in exchange for providing identity provisioning services and things like e-mail. They also track and aggregate user’s activities on their services and across the web via cookies and other beacons.  This profile of activity has real value and is being used by the companies to profile them and then sell abstract versions of the profile information on ad exchanges.
Some have said we live in an age of digital feudalism, where we are serfs on the lords’ manors (the large web portals).
Having the freedom and autonomy to choose who we are online and how we express ourselves is important to ensuring a free society  with rights and liberty.
Adding some more: About one’s social graph… The links in your social graph in the current architecture of the web exist within particular contexts – you have friends in Facebook or Followers on Twitter or Professional Contacts on LinkedIN. Those links, those connections in a “social graph” are ulitmately owned by the company within which you made those links. If you choose to leave any one of those networks – all your links to those people are terminated.
This is an architecture of control. You are locked into those systems if you don’t want to loose the links to others in them. To own your own identity would be to have an identity that would give you the freedom to not loose the links to your contacts, they would be peer to peer autonomous of any particular service.
The next time there is a major social revolution like in Egypt governments are not going to try and turn of the internet or mobile phone system it is likely they will simply call facebook ans ask them to terminate the accounts of dissidents.

 
 

Identity in the Contexts of the Future OR Participatory Totalitarianism

Kaliya Young · November 24, 2011 · Leave a Comment

This is the latest from Google in their “names policy”

We understand that your identity on Google+ is important to you, and our Name Policy may not be for everyone at this time.

Kinda sounds like the owners of stores in the south who said their stores were not for everyone especially black people who didn’t have skin color they liked. It is a fundamentally discriminatory policy.  If we don’t have the freedom to choose our own names in digital space and the freedom to maintain different identifiers across different social spaces we will end up in a very creepy world…Here is my TEDxBrussels talk.
[Read more…] about Identity in the Contexts of the Future OR Participatory Totalitarianism

Web Wide Sentence Level Annotation -> Hypothes.is

Kaliya Young · October 15, 2011 · Leave a Comment

I first met Dan Whaley last spring via an introduction from Jim Fournier co-founder of Planetwork.  I was inspired by the vision he was working on building Hypothes.is –  a way to have sentence level annotation of news and other articles on a web wide scale. Really a foundation for peer review on the web. The motivation for his work is to support greater discernment of the truth around climate change and other key issues facing our society and our planet.  (Another area I could see this being really useful right now is around accountability in the financial system and ways to make that real.)
He asked me to be a part of the project as an advisor particularly around identity issues and technology options for identity.  He is taking my advice and coming to IIW this coming week.  Its an honor to be amongst other distinguished advisors like Brewster Kahle,  John Perry Barlow,  Mark Surman and others..

He has been working on a development plan and has a solid on one in place.  He has launched a Kickstarter Campaign and  stars in the video that articulates the vision of the project.  If you are inspired by the vision I encourage you to contribute.

Open Letter to Google+ Profile Support

Kaliya Young · September 19, 2011 · 10 Comments

On Sep 19, 2011, at 11:25 AM, Google Profiles Support wrote:
Hi,
Thank you for contacting us with regard to our review of the name you are trying to use in your Google Profile. After review of your appeal, we have determined that the name you want to use violates our Community Standards.

I am curious what community developed the standards?  If there really is a community behind them, where can one engage in dialogue about them and have one’s needs addressed.

Please avoid the use of any unusual characters. For example, numbers,symbols, or obscure punctuation might not be allowed.

(.)’s for last names are permitted for mononym people. I am making this choice.
If you search my name “Kaliya” in Google, I am 1/2 of the links, the other 1/2 are for the Hindu mythical figure that happens to share my name.
It is my name. I claim name sovereignty.

Most users choose to use their first and last names in the common name field in order to avoid any future name violation issues.

I am not “most users”. I am unique individual with my own name.
How can a name be in violation? What is a “name violation issue” anyways? Who says?
I feel violated by this experience because I do not want to use my (soon to be ex-) husband’s (who I’ve been separated from for 3 years) last name, Hamlin, as the headline on MY profile. I am fine listing it in the “other name” field – it is an “other name” to me.
I do not want to use my old last name, Young, last used in 2004 before my professional career began. I am also fine listing this the “other name” field as some who knew me before this date will be able to find me this way. Again, it is not appropriate for the headline on my profile.
I was fine using my professional handle/title “Identity Woman” as my last name for the headline of my profile but this was rejected by your acceptable name algorithms for having a space in it and being words not commonly in last names.
I actually do often list “Identity Woman” as my last name when I attend conferences so it is on my badge prominently  on my badge because my current last name (my ex-husband’s name) isn’t relevant. My Identity Woman professional handle IS relevant to the context, being at a professional conference so I choose to use it as my last name.
I decided when I began using Google+ that I would present and put forward information relevant to and related to my work persona Identity Woman and I am sticking with this persona in this context.  My Gmail address is after all identitywoman@gmail.com.
Last week I went back to what I had before we began this name silliness back and forth a symbol in my last name field on my Google profile for the last 4 years. I have gone ahead and listed other names as “Hamlin, Young, Identity Woman”. You are refusing this option.  This seems like the best compromise position all around. A win-win.
So I am not really sure where to go with this. Is there a human being I can talk to? How do I actually move through this process. Continuing to interact with faceless, first name only people in e-mail and via ever changing rejection notes on my profile is not working for me.

You can review our name guidelines at http://www.google.com/support/+/bin/answer.py?answer=1228271
If you edit your name to comply with our policies in the future, please respond to this email so that we can re-review your profile.

I am not editing my profile. I want to talk with a human being to resolve this or alternatively we can a committee meeting with your team at Google.
This feels like I am being put on trial for my choice of name.
It feels dehumanizing and unjust.  I expect better from a company like Google.
Regards,
-Kaliya

Sincerely,
Bennett
The Google Profiles Support Team

ps. What is your real name? I am curious to know more about you by looking you up on the internet and then maybe will have a better idea about how to persuade you to let my name be.

Potential Future: Google-Zon

Kaliya Young · September 12, 2011 · 1 Comment

With the nymwars unfolding (Nym = Pseudonym , Anonymous and other varities on this theme) this video of the Google-Zon story in the year 2014 seems more prescient then ever.
Please watch the video on the Original Site the way it was done is amazing. 
EPIC in this video stands for the Electronic Personalized Information Construct
The computer writes a new story for every user (sound like the Filter Bubble?) everyone contributes and in exchange gets a cut of the revenue…
We stand for the exact oposite vision at the Personal Data Ecosystem Consortium where people have control over their own data and manage the rights to access it and shape things.

Mononym officially "not" accepted. I'm Kaliya. Google get a clue.

Kaliya Young · September 5, 2011 · 5 Comments


OK.
Let me be very frank.
Kaliya says to Google:
“Why should I have to justify my name to you?”
My name is Kaliya
Just me. That is what it was on my profile before you decided that i had to have letters in my last name.
Type me into Google nymrods, 5 of the posts on the fronte page are me…the other 5 are for a figure in Hindu mythology.
What is the top post for “me”? Its the “Identity Woman” blog, then my Fast Company blog post on  NSTIC written as Identity Woman, then my flickr photos (Kaliya), linkedIn (Kaliya), Slideshar’s (Kaliya) and finally my unconference site (Kaliya).
I chose to have Identity Woman as my last name when you rejected my choice to go with the mononym “Kaliya *”. That is how people know me. It is how I want to be known.
I am NOT putting my soon to be ex-husband’s, have been separated amicably  for 3 years, last name as “my name” as the top of my profile on Googoe+.
[TO BE CLEAR. My ex and I are on good terms and I really didn’t want to bring this up in public-public on my blog because it is not my practice to discuss personal matters on this blog and cause it is nobody’s business what my marital status is.  I made the choice to share this very real personal life situation I face to make the point I am trying to make. On another note he is also very supportive of my work on these issues for freedom on the internet.]
I am totally fine listing this last name in the “other” field along with my maiden name.  I am not particularly attached to either name. I have a an idea for a future last name and I might change it in several years in the mean time I don’t want to promote this “other” name that isn’t “mine” as the headline of my profile. Both Young and Hamlin are part of my legal name. They are my wallet names  (as Skud has so aptly put it) and in some way they are my names but they are not “my” names.
When people who don’t know me that well call me “Ms. Hamlin” I object politely and say “please just call me Kaliya – Hamlin is not “my” name”.  Everyone who I have made this request have honored it. If they didn’t I wouldn’t be their friend for very long. As Bob Blakeley from Gartner (formerly Burton Group) explains, names are social and if you don’t call people what they want to be called they won’t respond.
Google, My name is Kaliya.
If you don’t honor this request. I won’t be your friend any more. Just like Bob explained.
 
 

G-Male is a Good Listener, Maybe too good.

Kaliya Young · September 1, 2011 · 2 Comments


Ok, now we know what is wrong 🙂 Google is on the [autism] spectrum.

“The obstacles primarily exist in the realm of social interaction. The fundamental problem is akin to blindness, as the term social blindness suggests.”

They keep doing well meaning but awkward feeling things because well they know how to technically but it isn’t how human beings act or want to be treated.
[Read more…] about G-Male is a Good Listener, Maybe too good.

1 month anniversary of Goggle Gag

Kaliya Young · August 30, 2011 · 3 Comments


Its been a month now.
I have filled out the “application form” 3 times. This was my first post about it: Google+ and my “real” name: Yes, I’m Identity Woman
The most recent rejection letter when I applied to be a mononym (which I was before this all started) was from “Anonymous Nick”…

Re: [#859600835] Google Profile Name Review

[Read more…] about 1 month anniversary of Goggle Gag

Is Google+ is being lynched by out-spoken users upset by real names policy?

Kaliya Young · August 28, 2011 · 5 Comments

Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with  Tim O’Reilly and Kevin Marks, Nishant  Kaushik, Phil Hunt,  Steve Bogart and Suw Charman-Anderson.
I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing.  His response to my post was to call me self-righteous and reiterate that this was just a market issue.
I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”) 
In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people.  Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.
Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.  
I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it.  I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged.  IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome.  The agenda is created live the day of the event and all topics are welcome.
Here’s the thread… (oldest tweets first)
 Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet).  [Read more…] about Is Google+ is being lynched by out-spoken users upset by real names policy?

Google+ says your name is "Toby" NOT "Kunta Kinte"

Kaliya Young · August 27, 2011 · 21 Comments

This post is about what is going on at a deeper level when Google+ says your name is “Toby” NOT “Kunta Kinte”. The punchline video is at the bottom feel free to scroll there and watch if you don’t want to read to much.

This whole line of thought to explain to those who don’t get what is going on with Google+ names policy arose yesterday after I watched the Bradley Horwitz – Tim O’Reilly interview (they start talking about the real names issue at about minute 24).

[Read more…] about Google+ says your name is "Toby" NOT "Kunta Kinte"

Lets try going with the Mononym for Google+

Kaliya Young · August 27, 2011 · 6 Comments

Seeing that Google+ is approving mononyms for some (Original Sai, on the construction of names Additional Post) but not for others (Original Stilgherrian Post Update post ).
I decided to go in and change my profile basically back to what it was before all this started.  I put a  ( . ) dot in the last name field.  In my original version of my google proflile my last name was a * and when they said that was not acceptable I put my last name as my online handle “Identity Woman”.
[Read more…] about Lets try going with the Mononym for Google+

Google+ Suspension saga continues

Kaliya Young · August 9, 2011 · 13 Comments

I get this e-mail from them. You know, I wish they would use their “real name” when they talked to me. Being stuck inside a bureaucratic system – Kafkaesque.
On Aug 9, 2011, at 10:40 AM, Google Profiles Support wrote:

On Aug 9, 2011, at 10:40 AM, Google Profiles Support wrote:
Hi,
Thank you for your appeal. It seems that we are unable to pull up your Google Profile with this Email. Please reply back with the Email and the Profile URL associated  with your Google Profile, so that we may further continue the review of your name appeal.
Sincerely,
The Google Profiles Support Team

 
Dear Google,
[Read more…] about Google+ Suspension saga continues

Identity Woman Google+ Suspension Update

Kaliya Young · August 8, 2011 · 4 Comments

I checked in today …to see if I had been let out of Google+ prison. Was my profile free to speak with the rest of the prisoners or not?
Apparently not. Now I am being informed that “business accounts” will be available soon.

This is my personal  handle on account that is related to the professional side of my life. I only use my google gmail account to subscribe to PROFESSIONAL NEWSLETTERS.  So anyone seeing my g-mail address it’s “identitywoman@gmail.com” does so on a professional context.
[Read more…] about Identity Woman Google+ Suspension Update

Name Sovereignty Day & My.Nameis.me

Kaliya Young · August 7, 2011 · 3 Comments


[Read more…] about Name Sovereignty Day & My.Nameis.me

The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

Kaliya Young · July 31, 2011 · 3 Comments

There are many definitions of trust, and all people have their own internal perspective on what THEY trust.
As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.
I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.
However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.
When spoken of in every day conversation trust is most often social trust.
[Read more…] about The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 7
  • Go to Next Page »

     Copyright © 2023 Identity Woman  evelurie.com/web design/develop     

  • Terms of Use
  • Privacy Policy
  • Sitemap
  • Contact