[legal] Guaranteed privacy?

Daniel Perry dan at danielperry.com
Wed May 20 20:10:50 UTC 2009


Ian:

There is no ironclad protection through legal documentation. The only
protections is through the fiduciary relationship between the holders of
the profile data, you and your users. Of course, strong licensing or
contractual agreements can provide some protection to that data as a
result of the enforceability of those contracts.

It is quite common for data sharing or data transfer agreements to have
what is known as a liquidated damages clause (i.e., "... if you do
breach this agreement, you agree to pay us $100,000 in damages ..."

Your question raises an interesting question, though: can an identity
broker be an OpenID provider? The answer is, "Yes." But perhaps the best
identity provider is either an attorney or a CPA or someone who is
willing to sign an agreement that the identity provider will be a
fiduciary to that data, you, and your users. Most identity providers
would not want that high of a legal duty imposed upon them
contractually. I expect that we will eventually see legislation that
will impose such a high legal duty upon all identity providers -
including OpenID providers.

Daniel Perry, Attorney


> Is there any legal documentation out there that guarantees privacy of
> profile data?
> The case: I'm trying to convince my company, Salem Web Network, to
adopt
> RPXNow in handling OpenID authentication.
> 
> The concern: RPXNow appears to be the middle man between sites and 
> openid
> providers (Google, Facebook, etc.), so profile data information flows
> through them.
> 
> Is there proof that this will never be sold?  Our users are valuable
to 
> us,
> and we'd love to offer an easier way to login using OpenID.
> 
> Any help is appreciated!  Thanks.
> 



More information about the legal mailing list