Update on 31 October 2025: P7012 is now nicknamed MyTerms (much as IEEE 802.11 is nicknamed Wi-Fi), and is on track for publication in January 2026.
The standard is IEEE P7012: Standard for Machine Readable Personal Privacy Terms, which “identifies/addresses the manner in which personal privacy terms are proffered and how they can be read and agreed to by machines.”
This standard will guide how companies online agree to your terms. Not how you agree to theirs. We have had the latter “system” since the invention of the cookie, and it is failing utterly, massively, and universally. Let me explain.
First, company privacy policies aren’t worth the pixels they’re printed on. They can change on a whim, and nothing is binding about them anyway.
Second, the system of “agreements” we have today does nothing more than put fig leaves over the hard-ons companies have for information about you—information you give up when you agree to consent notices.
Consent notices are those banners or pop-ups that site owners use to halt your experience and shake down consent to violations of your privacy. There’s usually a big button that says ACCEPT, and some smaller print with a link going to “settings.” Those urge you to switch on or off the “necessary,” “functional,” “performance,” and “targeting” or “marketing” cookies that the site would like to jam into your browser.
Regardless of what you “choose,” there are no simple or easy ways to discover or dispute violations of your “agreement” to anything. Worse, you have to do this with nearly every freaking website you encounter, universalizing the meaninglessness of the whole thing.
But what if sites and services agreed to your terms as soon as you show up?
We have that in the natural world, where it is impolite in the extreme to look under the personal privacy protections called clothing. Or to penetrate other personal privacy protections, such as shelter, doors, shades, and locks. Or to plant tracking beacons on people to follow them like marked animals. There are social contracts forbidding all of those. We expect that contract to be respected, and for the most part it is.
But we have no such social contracts on the Net. We have the opposite: a feeding frenzy on private information about us, made possible by our powerlessness to stop it, plus boundless corporate and regulatory rationalizations.
Yes, we do have laws meant to reduce that frenzy by making some of it illegal. Others are in the works, most notably in Europe. What these laws have done to stop the frenzy so far rounds to zero. In his latest book, ADSCAM: How Online Advertising Gave Birth to One of History’s Greatest Frauds, and Became a Threat to Democracy, Bob Hoffman has a much more sensible and effective policy suggestion than any others we’ve seen: simply ban tracking.
While we wait for that, we can use the same kind of tool that companies are using: a simple contract. Sign here. Electronically. That’s what P7012 will standardize. The terms you choose will be from a roster hosted by a neutral nonprofit. Customer Commons, a 501(c)3 nonprofit, was created for this purpose and spun out of ProjectVRM. Its role for personal privacy is modeled on the role Creative Commons plays for personal copyright licenses.
There is nothing in the architecture of the Net or the Web to prevent a company from agreeing to personal terms. In fact, at its base—in the protocol called TCP/IP—the Internet is a peer-to-peer system. It does not consign us to subordinate status as mere “users,” “consumers,” “eyeballs,” or whatever else marketers like to call us.
To perform as full peers in today’s online world, we need easy ways for company machines to agree to the same kind of personal terms we express informally in the natural world. That’s what P7012 will make possible.
And P7012 won’t just be about advertising, or privacy. It can be about what happens when the company you engage gets sold. For example, suppose the company has your financial, health, or other private information in their hands, and gets acquired by another company. In that case, your contract protecting the privacy of that information should travel across the sale.
P7012 will also be good for business.
P7012 is written by a group I chair at the IEEE (Institute of Electrical and Electronics Engineers), which is the world’s largest association of technical professionals, and serious in the extreme. The group was started in 2017 by invitation from the IEEE, and I am its chair. It should become official sometime in 2025, but there is nothing to stop it from being implemented sooner.
If you want to make that happen, talk to me.
And start thinking about what kind of standard-form and simple terms a person might proffer: ones that are agreeable to everyone. We have some in the works and can use some help.
When we get them, surveillance capitalism can finally be replaced by a much larger and friendlier economy: one based on actual customer intentions rather than manipulations based on guesswork and horrible manners.
One early prototype is #NoStalking, aka P2B1beta.* #NoStalking was developed with help from the Cyberlaw Clinic at Harvard Law School and the Berkman Klein Center, and says “Just give me ads not based on tracking me.” In other words, it does permit advertising and welcomes sites and services making money that way. (This is how the advertising business worked for many decades before it started driving drunk on personal data.)
Constructive and friendly agreements such as #NoStalking will help businesses withdraw from their addiction to tracking, and make it easier for businesses to hear what people actually want, rather than relying on surveillance-fed guesswork.
*We are moving things around on the Customer Commons website, so this one may be 404’d when you click on it.
Leave a Reply