The Right to Privacy is a brief written by Louis Brandeis and Samuel Warren and published in the Harvard Law Review in 1890. It has not been improved upon since, because what it says is so damn obvious and simple: that the right to privacy is “the right to be let alone.”
Those six words are well understood by everyone in the natural world, and have been for the history of civilized life. Hell, probably before that as well. But they are alien in the digital world.
Here’s why: Our knowledge of privacy in the natural world is tacit, meaning we know what it is but can’t easily explain it. Meanwhile, the digital world is entirely explicit. It is made of bits and code.
We don’t yet have a way to make explicit our wish to be let alone in the digital world. Or how we might not, and for what purposes.
“Consents” such as those provided by cookie notices can’t do it, because all the agency you have is what they provide, and they have little or no interest in obeying whatever “choices” you’ve made about being tracked. They might not even be able to do more than put up one of those notices. To see how total the suckage is, read this, this, this, this, or this. It’s a fecosystem, folks. 100-proof bullshit.
For real privacy, we need to make our requirements explicit, and enforceable. That’s why we now have IEEE 7012-2025 Approved Draft Standard for Machine Readable Personal Privacy Terms. Its nickname is MyTerms, much as IEEE 802.11 is nicknamed Wi-Fi. After years in the works, MyTerms will be published on 22 January of next year, a little over a month from now.
MyTerms is for privacy what TCP/IP is for the Internet and HTTP/HTTPS is for the Web: a foundation atop which an infinitude of products and services can be built—ones that can’t be built so long as privacy is a corporate grace and not a personal right, and all customer-company relationships are exclusively under company control. Simply put, if your privacy is in the hands of others alone, you don’t have any.
The way MyTerms works could hardly be more simple. (That’s one reason developing the standard took so damn long.)
- You (the person), acting as the first party, proffer a personal privacy agreement to every site or service you meet, or know.
- If they, as the second parties, agree, you both keep identical records of the agreement, so compliance can be audited or disputed (if need be) in the future. Since MyTerms are contracts, enforcement follows contract law.
- You will choose the agreement from a short list posted on the Web by a disinterested nonprofit such as Customer Commons, which was created for that purpose. (The model for this is Creative Commons. MyTerms will be for personal privacy what Creative Commons is for personal copyright. We thank them for tilling that field for us.)
- Both parties use agents. These can be as simple as a browser and Web server (e.g. WordPress or Drupal) plug-ins, or as fancy as AI agents on both sides (such as many companies use to work out B2B agreements).
- The flow looks like this:
In the sense that these are manners, this is a protocol. But it’s not a technical one. All the tech is up to developers.
To help imagine out how this goes, here is one way MyTerms might look in a browser with a MyTerms plugin that manifests a couple of buttons in the browser header (DuckDuckGo‘s in this case):
The left ⊂ is your side of a potential or actual agreement, and the right ⊃ is the website’s side. With colors, additional symbols (for example within the ⊂ and ⊃, or other UI hacks, these might show states —
- Willingness to engage by either side
- State of engagement
- Additional information (including agreements built on top of the original MyTerms one), such as VRM + CRM relationships
- Records of what’s happening within those relationships, for example market intelligence that flows both ways
The symbols might have pop-down menus with choices and links that go elsewhere. The possibilities are wide open.
I choose ProjectVRM for an example, because it’s ready to agree to a visitor’s proffered MyTerm, and a bunch of us did a lot of thinking and working on this problem (and opportunity) back in the ’00s and early ’10s. For one example, look here.
We started ProjectVRM, created Customer Commons, and developed MyTerms, all to open markets to far horizons that cannot be imagined, much less seen, from inside silos and walled gardens built to keep people captive while harvesting vast amounts of personal data just so people can be guessed at by parasites (such as what most advertisers have now become).
By starting with privacy—real privacy—we can finally civilize the digital world. We can also set countless new tables in the marketplace. These are tables across which demand and supply can converse, relate, and transact in countless ways that are simply impossible in the consent-to-surveillance fecosystem.
We can finally fulfill the prophesies I made in The Intention Economy: When Customers Take Charge (Harvard Business Review Press, 2012), and Sir Tim Berners-Lee calls for in his new book This is for Everyone: The Unfinished Story of the World Wide Web (Farrar, Straus and Giroux, 2025), specifically in Chapter 17, “Attention vs. Intention.”
Let’s finish Tim’s story.
If you want to help with that, contact the MyTerms team through the form at the bottom of every page at MyTerms.info. Thanks!
Leave a Reply