SD-BASE is a contract you might proffer that means service delivery only. It makes explicit the tacit understanding we have when we go into a store for the first time: that the store’s service is what you came for, and nothing more. Other terms from a roster of MyTerms choices might allow, for example, anonymous use of personal data for AI training. Or for intentcast signaling*.

In the natural world, privacy is a social contract: a tacit agreement that we respect others’ private spaces. We guard those spaces with the privacy tech we call clothing and shelter. We also signal what’s okay and what’s not using language and gestures. “Manners” are as formal as the social contract for privacy gets, but those manners are a stratum in the bedrock on which we have built civilization for thousands of years.

We don’t have it online. The owner of a store who would never think of planting tracking beacons inside the clothes of visiting customers does exactly that on the company website. Tracking people is business-as-usual online.

The reason we can’t have the same social contract for privacy in the online world as we do in the offline one is that the online world isn’t tacit. It can’t be. Everything here is digital: ones, zeroes, bits, bytes, and program logic. If we want privacy in the online world, we need to make it an explicit requirement.

Policy won’t do it. The GDPR, CCPA, DMA, the ePrivacy Directive, and other regulations are all inconveniences for the $trillion-plus adtech (tracking-based advertising) fecosystem.

“Consent” through cookie notices doesn’t work, because you have no way of knowing if “your choices”are followed. Neither does the website, which has jobbed that work out to OneTrust, Admiral, or some other CMP (consent management platform), which we presume also doesn’t know or much care. Nearly all of those “choices” are also biased toward getting your okay to being tracked.

Polite requests also don’t work. We tried that with Do Not Track, and by the time it finished failing, the adtech lobby had turned it into Tracking Preference Expression. Like we wanted to be tracked after all.

What we need are contracts—ones you proffer and sites and services agree to. Contracts are explicit, which is what we need to make privacy work in the online world. Again, there is no tacit here, beyond the adtech fecosystem’s understanding that every person on the Web is naked, and perfect for exploitation.

This is why we’ve been working for eight years on IEEE P7012 Draft Standard for Machine Readable Personal Privacy Terms, aka MyTerms. With MyTerms, you are the first party, and the site or service is the second party. You present an agreement chosen from a limited roster posted on the public website of a disinterested nonprofit, such as Customer Commons, which was built foro exactly this purpose. When the other side agrees, you both keep an identical record. (The idea is for Customer Commons to be for privacy contracts what Creative Commons is for copyright licenses.)

MyTerms might look scary to business-as-usual. But so did the PC, the Internet, and the smartphone. All did far more for business than the incumbent systems they obsolesced. When customers and companies start relating as partners who fully respect each other, the range of what’s possible in business widens much farther than what the old tracking-based fecosystem will allow.

We can explore those frontiers in other posts. Right now, I just want to make clear that contract is the only way to personal privacy online. And MyTerms will get us started.

*Intentasting is where you let a market of qualified sellers know what you’re looking for, in ways that preserve your privacy.