User Controlled GDPR Real Consent Hack Day

The EU’s General Data Protection Regulation (GDPR), which was made inevitable by adtech’s abuses, will have its “Sunrise Day” on May 25, and has companies everywhere shaking in their boots. All hell will surely break loose, especially after people all over the world—not just in Europe—will find “gauntlet doors” in front of familiar websites asking for clicks signaling a vistor’s consent to being tracked. (That’s just a bet, but it’s a good one. Nobody will know until Sunrise Day.)

This prospect has adrenalized hackers and their friends to come up with ways to create the clothing and shelter we need, and to signal what’s okay and what’s not as well. At Linux Journal, for example, we are readying ourselves to agree as a second party to a first party term readers can proffer called #DoNotByte. In plain English it says “Just show me ads not based on tracking me.”

The term, its expression in legalese and the machine readable form of it will all live at Customer Commons. The legalese is being written with help from Customer Commons’ counsel, Harvard Law School’s Cyberlaw Clinic. The idea here is for Linux Journal to model for publishers everywhere a take the high ground behavior that could save their bacon. This was explained to readers in an editorial titled Help Us Cure Online Publishing of Its Addiction to Personal Data.

On Thursday, April 26, a group of us will gather for a GDPR-prep Hack Day at MIT. The purpose is to give individual browsers ways to take control of interaction with websites that put up those “gauntlet doors,” expressing consent not to be tracked—and to do it in a way that persists across all the websites the browser visits.

Work toward this solution started in a session at the Internet Identity Workshop last week. Here are notes on the session wiki and here’s the whiteboard.

Full agenda here. https://mitmedialab.github.io/Consent-HackDay/

RSVP and let me know if you want to help. It’ll be fun, as well as potentially very leveraged.

Doc Searls