
Ask HN: “We got permission” has become meaningless; Can we invent a better term? - cobbzilla
The word &quot;permission&quot; is construed very loosely by some internet companies, with regards to what is considered &quot;consent&quot; to collect personal data.<p>Because of this extremely broad usage, I assert that the word &quot;permission&quot; no longer has any meaningful use in this context.<p>I suggest a new term that encapsulates a strict definition. The rules are:<p>* The request for permission(s) should stand alone, consuming all the visible screen area, without any other distracting content.<p>* All of the data to be collected must be described in detail.<p>* All anticipated uses for the data must be described in detail, including any sharing of the data both within the company and to other companies.<p>* The user must answer yes or no before continuing. If the user does not respond or somehow closes the modal, the assumption is that the answer was NO.<p>* The permission granted is ALWAYS time limited to a maximum of 90 days, and must then be renewed.<p>* The user can easily revoke the permission at any time.<p>* A one-click link to revoke permissions must be provided to the user when permissions are granted.<p>* When attempting to renew a permission, lack of a response from the user is understood as a revocation of permissions.<p>If consent is acquired according to these rules, let&#x27;s call this Continuous Affirmative Consent, or CAC for short.<p>When a company says that &quot;users opted in via Continuous Affirmative Consent&quot;, it gives a strong signal that users were not deceived, and that they genuinely did grant their fully informed consent to share their data, and that they have the power to revoke that consent at any time.<p>Can we do something like this? If enough companies support a standardized form of explicit &amp; renewable consent, it could create positive pressure for even the worst offenders to improve their behavior, or even commit to using the standard.
======
cobbzilla
A couple additions to the proposed standard that would be worthwhile --

* Certification is done by some non-profit industry group that has no ties to or influence from the advertising/data industry.

* No "dark patterns" or deception of any kind is allowed in the permission workflow.

