Attributes of Respectful Me2B Commitments
The Me2B Alliance has identified ten (10) attributes that Me2B Commitments should have in order to be considered respectful and ethical. The Respectful Tech Specification measures technology behavior against these 10 attributes, which are:
- Clear Data Processing Notice
- Viable Permission
- Identification Minimization
- Data Collection Minimization
- Private by Default
- Reasonable Data Use & Sharing / Me2B Deal in Action
- Data Processing Behavior Complies with Data Subject’s Permissions and Preferences
- Data Processing Behavior Complies with Policies
- Reasonableness of Commitment Duration
- Commitment Termination or Change Behavior
The “B” in Me2B represents the businesses, vendors and service providers that individuals interact with, both online and offline. In GDPR terms, this is the Data Controller.
From GDPR, Chapter 1, Article 4 (7) Art. 4 GDPR – Definitions | General Data Protection Regulation (GDPR) (gdpr-info.eu):
“‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;”
The Me2B Alliance uses this definition for clarity in identifying regulatory duties of B-s. In the Me2B relationship, the B is synonymous with the Data Controller, which is also sometimes known as the “first party”. Note, however, that there may be multiple co-data controllers in effect.
From GDPR, Chapter 1, Article 4 (2) Art. 4 GDPR – Definitions | General Data Protection Regulation (GDPR) (gdpr-info.eu):
“‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;”
The Me2B Alliance uses this definition; when “data processing” appears in the specification, it refers to all the operations noted above, including collection.
GDPR, Chapter 1, Article 4 (8) Art. 4 GDPR – Definitions | General Data Protection Regulation (GDPR) (gdpr-info.eu):
“‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;”
The Me2B Alliance uses this definition for clarity in identifying regulatory duties of B-s who behave as Data Processors, which are also sometimes referred to as “third parties”, or “Hidden B2B Affiliates” in the layered Me2B Relationship. Data Processors may also be understood as downstream.
From GDPR, Chapter 1, Article 4 (1) Art. 4 GDPR – Definitions | General Data Protection Regulation (GDPR) (gdpr-info.eu):
“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”
The Data Subject is the “Me” in Me2B vernacular. We use Data Subject interchangeably with “Me” or “individual”, in order to add more regulatory precision and align with GDPR language.
Any interaction pattern in the user interface that creates potential risk or harm to the individual. Originally called “dark patterns”, there are numerous categories of harmful user interaction patterns that reduce individual agency and safety while using technology. We choose “harmful pattern” in a deliberate attempt to not propagate implicit bias correlating “dark” with “bad”.
Hidden B2B Affiliates
Hidden B2B Affiliates are the third-party technologies which are integrated into the digital services and products that we use. These entities are often difficult to identify and may have significant personal data access. In GDPR terminology, the Hidden B2B Affiliates are Data Processors.
Invisible Parallel Dataverse
Invisible Parallel Dataverse describes the hidden and massive world of data sharing that occurs as soon as we open an app or website. The Respectful Tech Specification v1.0 is largely focused on identifying and testing for these hidden data flows.
The “Me” in Me2B represents the individual actor – the “Data Subject” in GDPR terms.
Me2B Commitments are the specific commitments or bargains – such as agreeing to cookies or signing up for a newsletter – that Me’s enter into with a vendor or service provider over the course of most Me2B relationships. These commitments represent inflection points in the relationship trajectory. The hallmark of a Me2B Commitment is a Me2B Deal – the two-way agreement that defines the terms of the commitment.
The level of Me2B Commitment is a unique context that factors into how respectfulness is measured over the course of the Me2B Relationship. For example, the individual has different expectations while in a Loyalty program commitment state versus having just opened the website for the first time.
There are several different types of Me2B commitments in a typical digital Me2B Relationship. Each of these commitments creates a state which has a unique level of context, trust, and behavioral expectations by the Data Subject/Me. Each commitment also carries a unique quid pro quo (I.e., Me2B Deal). On the B-side, each of these commitments entails varying levels of respectful “recognizing, remembering, responding” to the Data Subject/Me.
We have identified the following typical commitment types:
- First Open – No Commitment: this is the “no commitment of any kind” state; it’s when the individual/Data Subject opens the website or app for the first time ever on the device. (Note that there are other ways to reset to this state.)
- Local Storage Commitment: people most often experience this as Cookie Consent, but we’ve renamed the commitment to reflect all data—not just cookies—that are being stored locally by the website or app. Most of the data being stored locally is not currently well-communicated to individuals, nor is there any consent or permission granted.
- Location Commitment: location permission has been granted (or blocked) in order to receive location-specific information from the website or app.
- Contact Us Commitment: individual provides information to have additional contact with the B.
- Notifications Commitment: notifications to the device or browser have been granted.
- Promotional Commitment: Data Subject has signed up for promotional communications.
- One-off Transaction: Data Subject has performed a one-off transaction.
- Loyalty Commitment: Data Subject has signed up for the loyalty program.
- Me2B Marriage: Data Subject has created an account (credentials) with a service provider.
- ‘Remember Me’ Commitment: Data Subject has ticked a “Remember Me” box.
- ‘Keep Me Signed In’ Commitment: Data Subject has ticked a “Keep Me Signed In” box.
The Me2B Respectful Tech Spec is organized by Me2B Commitment, listing the spectrum of tests appropriate for each commitment state (i.e., the tests for each Attributes of a Respectful Commitment).
A Me2B Deal is the value exchange that occurs between an individual Me and the business (B). The Me2B Deal defines the terms of a Me2B Commitment, describing what the individual (Me/Data Subject) gives to the business (B/Data Controller) and what they receive from the B in return. Me2B Deals are expected to be transparent, fair and proportional to the context of the Me2B Relationship.
Me2B Legal Relationships
Me2B Lifecycle Model
The Me2B Lifecycle Model is a framework developed by the Me2B Alliance that illustrates the dynamics of the evolving relationship between an individual (Me) and a business or service provider (B). Each stage in the lifecycle represents a unique context with its own associated behavioral norms, especially regarding identity.
The Me2B Marriage is the pinnacle of the Me2B Relationship. It reflects the legal binding between the individual Me and the specific business or service (B) via the terms of service agreement. In a Me2B Marriage, the individual freely signals that they wish to be known – remembered, recognized, and personally responded to while using the service. In this state, the individual can reasonably expect to share the most amount of personal data with the B (Data Controller), and the Hidden B2B Affiliates (Data Processors). Similarly, there should be a good reason and value received for engaging in this highest level of reciprocity and Me2B Relationship.
Me2B Relationship refers to the relationship an individual (Me) forms with a business (B) and with the products and services that businesses provide. The Me2B Relationship is layered and includes:
- Me2B Legal Relationships,
- Me2P Relationships,
- Me2T Relationships, and
- Hidden B2B Affiliates.
Me2B Rules of Engagement
The Me2B Rules of Engagement are eight principles for safe and respectful technology behavior:
- Respect of Boundaries,
- Respectful Defaults,
- Fairness and Non-Exploitation,
- Good Communication,
- Non-Harming, and
- Respectful Dispute Resolution.
All requirements and tests in the Me2B Respectful Tech Specification map to one or more of the Me2B Rules of Engagement.
The Me2P Relationship represents the experiential relationship an individual Me has with a product or brand that they are directly interacting with. For instance, one’s relationship with a specific app or website they are using is a Me2P Relationship.
The Me2T Relationship represents the relationship between an individual Me and an enabling technology or service. For instance, one may have an enabling Me2T Relationship with a mobile phone, and a direct, experiential Me2P Relationship with the phone’s browser or other app.
Respectful Tech Specification
The Me2B Respectful Tech Specification is a collection of tests that provide an objective measure of technology behavior. The tests are designed to measure how ethically or respectfully a service or product is behaving. The specification is produced by the Me2B Alliance’s Respectful Tech Specification Working Group.