>> law, technology, and the space between

All content by Kyle E. Mitchell, who is not your lawyer.

You can subscribe via RSS/Atom or e-mail and browse other blogs.

PANDA for Privacythe NDA for your personal information

Want to differentiate your service with privacy?

Want more credit for handling users’ information responsibly?

Offer your users The Privacy Assuring Nondisclosure Agreement, a typical, one-way nondisclosure agreement adapted to protect individual data, instead of firm data. Just as firms often sign NDAs ahead of agreements for SaaS, service providers can offer users PANDA in addition to their terms of service.

As explained on its new webite, whose source code is on GitHub, PANDA offers users the same kind of deal for their personal information that firms routinely demand for their business information. Lawyers will recognize the terms immediately as a chip off the old one-way-NDA block. In fact, the terms are based directly on the Waypoint NDA, the standard commercial NDA.

Online service providers go to great lengths to keep their legal terms out of sight and out of mind. Users, for their part, know enough that they don’t want to look. They expect that terms of service will be mostly bad for them, and they’re mostly right. They expect that privacy notices will be long, vague, and impenetrable, and they’re mostly right. They rely on watchdogs to cry foul about truly egregious outliers, and assume everyone they don’t see in the papers is running right up to the creepy line, with the rest of the pack.

PANDA turns that on its head. PANDA is good for users. I would rather sign up for a service that offers it than one that doesn’t.

PANDA can be great for service providers that respect privacy, too. For them, promising not to use personal information for undisclosed purposes or share it indiscriminately with others doesn’t cost anything, because they won’t do that anyway. But at present, explaining that they don’t do that involves a pointer to terms of service or a privacy policy. There’s no shorthand way to say “I take a strong position on user privacy” in an accountable way, with a clear sense of what that actually means.

There is now.

In the same way that standardized licenses like Creative Commons terms give creators a way to send a familiar, welcome sign to others, I hope that PANDA can become a welcome sign of a higher standard of privacy protection and respect.

Of course, it’s no silver bullet. Service providers can adopt PANDA as a ruse, just as plagiarists can slap Creative Commons terms on copies of others’ work. But by connecting privacy promises to a very stable, well understood medium and genre—contracts, and specifically NDAs, perhaps the most common business-to-business agreement—PANDA can bring and show a new level of commitment to meeting clear user expectations.

Lots of companies say “we respect privacy” and “we comply with privacy laws”, often new, undeveloped, and under continuous business-lobby assault. PANDA says “we respect privacy” and “hold us to it” in specific terms refined and understood by generations of business people.

I’d love feedback on version 1.0.0 from lawyers and especially nonlawyers. I’d love extra eyeballs on the website and its content. I’ve already reached out to a friend about a cartoon panda logo.

Your thoughts and feedback are always welcome by e-mail.

back to topedit on GitHubrevision history