Share this content

Opinion: Click my EULA!

6th Jul 2006
Share this content

* EULA - End User License Agreement

By Graham Sadd, Founder and CEO of PAOGA

I was recently contradicted when addressing the eema European e-Identity Conference - - by Dr David-Olivier Jaquet-Chiffelle, Head of Virtual Identity and Privacy research centre - My identity is NOT held on an average of 700 disparate enterprise silo databases, as Privacy International claim – it is now up to 1,000.

The daily press is increasingly reporting attacks on these databases with personal identity and financial details being stolen or openly traded. 40 million identities and their financial data stolen from MasterCard, DVLA sells your details to criminals for £2.50 etc. It is therefore self evident that my data has value and someone, somewhere is making a profit – it certainly isn't me. Indeed, it could cost me dearly in time, money and reputation.

Hang on! I'm the customer; I'm paying them money AND giving them valuable information which is being sold on! This isn't right – where is the 'Customer Relationship' (CRM) that they have been going on about? This is the wrong way round, to their benefit not mine.

I don't recall signing any Agreement permitting such a cavalier attitude to my information. I have no option other than to provide appropriate information to establish a relationship with an organisation with whom I want to transact or interact. I sometimes click on their End User License Agreement (EULA), that tells me what I can or cannot do with their product or service, and I might even look at their Privacy Policy. I certainly never check the boxes giving permission for them to share the information I have provided with others.

So, as a consumer, citizen, employee etc, I have a problem and 'I'm mad as hell and don’t want to put up with it anymore!' What can I do about it? What is the solution?
Flipping CRM! I want Supplier Relationship Management (SRM) with my EULA stating clearly that a supplier will comply with the Data Protection Act and only use the relevant information provided in order to provide the product or service I am interested in and will amend or delete it when I no longer wish to do business with them. I wonder how many of the 1,000 data controllers will click on my EULA and be recorded on MY database. If not, why not?

I believe that my identity should only be revealed 'under my control, with my consent and for my benefit.' I want:

  • a free global web service to record and maintain my personal identity details in a single secure digital ‘safe deposit box’ and share it with those with whom I want to transact or interact.
  • to maintain, in one place, the various 'persona' relevant to my multifaceted life – personal, business, social, local, professional, etc.
  • access to a number of additional services, to make my existence in my digital world more convenient as well as more secure, such as; In Case of Emergency (ICE) data, anonymous emailing, automated form filling, data certification, secure records of important documents and data.
  • to access my information at any time, from anywhere and share it with anyone I choose.
  • to be able to make enquiries, for example – request a quote, without revealing my identity until such time as I accept that I want a relationship, under my conditions, with an organization to be able to subscribe to the growing number of feature rich lifestyle SaaS (Software as a Service) 3rd party applications, including property management, recruitment, healthcare records, financial details etc.
  • to be able to keep track of who, what, when and why I revealed my information

In return, I will not only relieve the organisations with whom I interact from the substantial costs and onerous legal responsibilities of 'holding' MY data but:

  • I will keep it up to date and accurate.
  • I will use ‘trusted third parties’ to certify important information such as my identity (government, bank?), academic qualifications (university), financial data (experian)
  • I will allow organizations to ‘write back’ to my database (employer, NHS, GP).
  • I will accept that my details will still be on a number of databases (public and private), for good legal reasons, but
  • I will always know where, what, when and why my data is held.
  • I also would be pleased, for example, to make my medical details available anonymously for commercial market research – for a fee (which I could choose to collect or have paid to an appropriate charity) or for clinical research by an NFP organization, probably for free.

To achieve this I will subscribe to a Personal Identity Exchange which will act as the marketplace and escrow for the exchange of this valuable commodity under strict controls for not only participating organisations but also registered individuals.

Just like a Stock Exchange in our physical world, a Personal Identity Exchange in our digital world can apply sensible, enforceable rules and standards to be trusted.

So, we have a serious problem which is recognised as being detrimental to the rapidly growing internet society and we have a solution which could reinstate and maintain a level of trust and confidence to a significant percentage of the population. Time to act.

Graham Sadd is Chairman & CEO of PAOGA Ltd, which provide the global technology platform that enables Web Service Operators to deliver secure Personal Knowledge Banks for an individual’s data. Graham can be contacted on Tel: +44 (0)1628 510 777 or email [email protected]

Related reading


Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.