These are my views and my extended version of the Portability Policy questions, not yet approved by the DPP. As posted to Skype Journal. Wednesday, January 27, 2010. http://skypejournal.com/2010/01/icons-for-data-portability-policy-few.html
Phil Wolff - Icons for a Data Portability Policy – a few thoughts <http://skypejournal.com/2010/01/icons-for-data-portability-policy-few.html> *I sat down with the **DataPortability Project*<http://www.dataportability.org/> *'s **Elias Bizannes* <http://eliasbizannes.com/blog/> a few months ago to organize the elements of a model portability policy<http://wiki.dataportability.org/pages/viewpage.action?pageId=4490392>. Your site's portability policy will be part of your Terms of Service or End User License Agreement. Your portability policy should help your sites and services communicate the data portability parts of your relationship with the people who use them and your business partners. I'm heading down to an all day privacy forum co-hosted by Lauren Gelman and Mozilla<http://www.azarask.in/blog/post/is-a-creative-commons-for-privacy-possible/>this morning to discuss what browsers might do with a "privacy" icon. *The Clusters* We clustered portability policy questions<http://wiki.dataportability.org/display/work/Questions+for+Product+Owners+with+Optional+Explanations>into five stacks: Start, Sync, Access, Share, and End. I sketched five icons<http://www.flickr.com/photos/philwolff/sets/72157622619174831/> : [image: DataPortability Portability Policy Icons]<http://www.flickr.com/photos/philwolff/4040913140/> I cleaned them up a bit, but they are still rough: [image: Slide07] <http://www.flickr.com/photos/philwolff/4308422556/> Between the five, you'll see questions about the *lifecycle *of your relationship with a site, from its start to its finish. You'll also see questions about the power to manage your portability through * interoperability*. [image: Slide08] <http://www.flickr.com/photos/philwolff/4308422598/> *The questions* We mapped these questions for your portability policy to the icons. The questions can be answered by choosing Yes/No or from a short multiple choice list. Policy explanations, links, and actionable information are optional. These questions are the work of the DataPortability Projects ToS/EULA Working Group over 2008 and 2009. *[image: portability policy - start logo]<http://www.flickr.com/photos/philwolff/4308422656/> * *Start.* *How well do you welcome me, my history, my friends?** * *Are your import and export APIs and formats documented?* - *Yes* - *No* - *Suggested:* If Yes,where are they documented? *Do people need to create a new identity for this site, or can they use an existing one?* - *New Identity* - The person is expected to create a fresh identity that is used on this site. This site does not trust a third party to authenticate identity. - *Existing Identity* - The person can register an account that is accessed using an identity authenticated by some third party. This product assumes that, by selecting a third party to authenticate their identity, the person accepts that third party as trustworthy. - *Suggested:* If Existing Identity, what identity services will you support? *[image: Portability Policy Icon - Draft]<http://www.flickr.com/photos/philwolff/4078829827/> *** *Sync. * *How do you keep my data fresh?* *Must people import things into this product, or can the product refer to things stored someplace else?* Can this product work with objects and information whose "authoritative home" is another product, or can this product only work with things that it hosts directly? - *Must Host* - In order for this product to work with a thing, it must be hosted directly. - *Can Refer* - This product has the ability to access and work with things that are hosted by third parties, assuming that the third party allows this. - *Suggested:* If Can Refer, what items can be stored elsewhere and under what conditions? *Can this site accept updates that users make on other sites?* In cases where the product tracks or manages things that the person has stored on some third party product, can this product watch the third party for updates? - *One Time Import* - This product only sees the remote thing at import time, and does not watch for changes. - *Watch For Updates* - This product watches the third party for changes, and updates its own view of the remote thing to match. - *Suggested:* If Yes, what types of items and under what conditions? *[image: portability policy - access logo]Access. * *How well do you help me use and manage my information?* *Can the person allow other sites to use the things they've created or updated here?* Does this product provide a way for third parties to authenticate a person and read or write? - *No Access* - The person must use this product to read or access whatever it manages. - *Third Parties Can Read* - The person can provide the third party with authentication credentials, and can read data managed by this product. - *Third Parties Can Write* - The person can provide the third party with authentication credentials, and can write data managed by this product. - *Suggested:* If Yes, what technical protocols are supported and how can users manage the authority they give other sites? *Can the person download or remotely access a copy of everything they've provided to this service?* As part of their standard use of most products, people import or create things. Does this product provide an open, DRM-free way for people to retrieve or access via third party all of the things they've created or provided? - *No Access* - This product does not offer the person the ability to download the things they've provided. - *Remote Access* - The product provides an open, DRM-free way for people to download all of the things they've provided to the product, or remotely access it using a third party product. - *Suggested:* If Yes, how and in what forms? *Do you disclose where my data is being kept in the real world?* - *Yes* - *No* - *Suggested:* If Yes, where can I learn where my data is kept? *Can I control where my data is kept in the real world?* - *Yes* - *No* - *Suggested:* If Yes, how can I exercise those controls? *[image: Portability Policy Icon - Draft]<http://www.flickr.com/photos/philwolff/4078829717/> Share. * *How well do you help me share well with others? * *If person updates something here, is that change stored only by this product or can the person ask this product to store it elsewhere?* Can this product accept some other site as being the authoritative home of a thing it knows about? - *Must Be Authoritative* - This product assumes that it is the authoritative home of all things it manages, and does not update third parties. - *Can Update Remote* - This product can work with a third party that is assumed to be authoritative. All updates made by the person using this product are also forwarded to the third party. - *Suggested:* If Yes, how does it work in practice? *Can the person download or remotely access information that others have provided to the product?* In cases where the product allows download or remote access, can the person export or access all of the data to which they have access, or only data which they have directly created? - *Provider Only* - This person may only export or access data which they have directly provided. - *Full Access* - The person may export or download any data to which they have access on this product, subject to reasonable usage and abuse rules. - *Suggested:* If Yes, how and in what forms and with what other services or protocols? *[image: Finish or End] <http://www.flickr.com/photos/philwolff/4087239607/> End. * *How well do you support a graceful exit from our relationship?* *Will this site delete an account and all associated data upon a user's request?* If the user creates a password or account for use with this product, does the product provide a way to cancel the account and erase all data associated with it? - *Immortal Accounts* - Accounts or passwords, once created, are assumed to live for as long as the product is available. Desktop applications and other stand-alone products that do not have host services may have no way to remotely revoke accounts or passwords. - *Data Expires* - If this product acts as a hub, the data it copies from other sites will expire in a set amount of time. This product must be linked to a place where it can refresh or synchronize data in order to stay current. - *Accounts Deleted Upon Request* - This product has the ability to remove a person's account and all relevant data, and will do so when requested by the person or third party with appropriate legal standing. - *Suggested:* If Yes, where can I find the procedure to request deletion. *Do you give notice before terminating the account? * - *Yes* - *No* - *Suggested:* If Yes, how much notice do you give and in what forms? *Can you recover a terminated account?* - *Yes* - *No* - *Suggested:* If Yes, how thoroughly, under what conditions, how quickly, and how is recovery triggered? *Do you have a posted appeals process or dispute resolution procedure?* - *Yes* - *No* - *Suggested:* If Yes, where are the procedures posted? *Going Forward. * The questions and the clusters are works in progress. We're open to better questions, clusters, and definitely better labels and designs. These are just placeholders for better, official art. I hope they serve a few common goals. 1. Make it easier to learn and understand the overall scope of a portability policy. 2. Make it easier to find the parts of a policy you care about. 3. Provide the visual part of semantic encoding that browsers and search engines can use to discover and understand where and what a site's policies are stored. Things to do with the icons: - Confirm the policy asks the right questions - Prioritize and boil down for the Goldilocks Test: Not too much, not too little, just right - Design an icon for the whole portability policy - Design UI/UX behavior for what happens when you click on the portability policy icon - Make the icons work better everywhere (cultures, visual impairments, sizes) and vet for semiotic conflict and mark infringement - Semantic encoding (microformats <http://microformats.org/>, anyone?) that works across access methods - Write the legal layer, creating plain language boilerplate that works for the business, for their lawyers, for site partners, and for users. Vary for world legal systems. Translate. Join DataPortability.org's general mailing list<http://groups.google.com/group/dataportability-public>to help or the low-volume announcements only mailing list<http://groups.google.com/group/dataportabilitygeneralannounce>for updates. -- You received this message because you are subscribed to the Google Groups "DataPortability.Public.General" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/dataportability-public?hl=en For additional information, please visit: http://www.dataportability.org/
