The news
IEE just released standard 7012-2025 for machine readable personal privacy terms, nicknamed MyTerms. MyTerms covers interactions and agreements between individuals and service providers they interact with on a network. It defines a way for personal privacy requirements to be expressed as standard-form contractual agreements.
MyTerms is intended to replace today’s “notice and consent” pattern with a standardized, machine-readable contract handshake between an individual and a service provider. The standard considers individuals true first parties who can proffer privacy terms as contractual terms, typically through an automated agent acting on their behalf.
The system relies on a neutral, non-business entity that hosts a bounded set of standard-form privacy agreements. These agreements are designed to be understandable and usable in practice by humans and by machines. They must be available in plain-language human-readable form, maintain legally meaningful wording, and also exist in machine-readable structured formats with stable identifiers so software agents can select and process them reliably.
When an individual, or their agent, proposes one of these agreements to a service provider, this service provider has a deliberately constrained set of responses to allow model scalability. The service provider may accept the proposed agreement, offer one alternative agreement from the same bounded roster, or reject the proposed agreement. The standard does not expect open-ended negotiation beyond that single alternative choice.
If the service provider accepts, the agreement is recorded so that both sides retain matching, immutable copies, including contextual metadata such as time, date, and location, to support later retrieval, audits, and dispute resolution. In parallel, service providers are required to publicly disclose which of the standard agreements they are willing to accept, which allows agents and users to choose compatible terms upfront rather than repeating consent interactions on every visit.
The bigger picture
(Unwanted) tracking on the web is still the norm although a “consent notice” regime has been established since the EU GDPR became enforceable on May 25, 2028. MyTerms is a direct response to regime with its associated high operational cost for operators, high cognitive load for users, and weak enforcement of user intent (preference signals can be ignored).
On top of this, many website operators and service providers still manage to keep their tracking-based advertising business running, by ignoring GDPR, by hiding behind “legitimate interests” or by simply making it very hard for people to not agree to tracking and sharing personal data.
Similarly, “Do Not Track” or Global Pricacy Control largely depend on website operators not ignoring the request headers sent by browsers to them. As a result, in spite of all these good intents, the consumer is still at an a very weak position. Privacy is granted as a grace and not as a requirement. The European Union’s Digital Market Act is aimed at large providers and does not address individuals’ right to have their privacy respected by these players.
My analysis and point of view
MyTerms argues for restoring equity by letting people participate as real contracting parties online.
It addresses some of the problems mentioned above by defining a framework that provides individuals with a means to proffer their own terms in a networked world. These terms, if agreed upon by a service provider, become an enforceable contract.
In my book, this is a very good idea. It is a serious attempt to move privacy from the current one-sided, unenforceable “notice and consent” regime towards a two-party, auditable agreements that machines can execute at scale. It essentially shall make sure that negotiations about customer data are held eye to eye.
For customers, it can reduce friction and restore agency. For businesses, it can reduce compliance chaos, lower dispute risk, and enable higher-quality value exchange (especially around buying intent), but only if implementation is made cheap, the agreement roster is tightly governed, and adoption is driven with real incentives rather than moral arguments.
From a CX perspective, there are a number of clear positives for customers. The more than annoying banner/toggle circus that we see these days gets replaced by a cleaner privacy contract handshake, which means less consent fatigue and less friction overall. As terms are to be legible, there is a trust impact. The risk of a mismatch between what customers think they have agreed to and what they actually have agreed to, gets reduced. Lastly, there is accountability, an enforceable contract; it changes the game from blind trust to trust but verify. Talking about trust, this is an important conversion lever for businesses. Not all businesses have understood it yet, but trust is a very valuable currency. As Nitin Bajatia said in a recent CRMKonvo, the free customer is more valuable than the captive one. Yet again, too many businesses have not yet got this memo.
Having said all this, there are some adoption risks, the biggest one being too many businesses simply not being interested in giving away their power. Nitin maintained that a good number of businesses do not collect personal data, anyways, but then these are not the ones that need to get governed via a standard like MyTerms. It is the other ones. These need an incentive, or the risk of punishment. And then, there is the whole gamut of MarTech and AdTech companies, many of which will consider MyTerms as an attack to their business model. Another important risk is the infamous chicken-and-egg problem. It needs early influential adopters and an ecosystem. It, therefore, is of crucial importance to win landmark enterprise software vendors as well as some big e-commerce sites as lighthouses. From a an enterprise software point of view, Microsoft, Salesforce, SAP, Zoho are probably good candidates – with MyTerms actually being right down Zoho’s alley. WordPress and other major CMS, as well as e-commerce platforms need to support the standard, and ideally fast. Lastly, implementation must be simple for both sides and implementation fragmentation must be kept at bay.
All in all, MyTerms is a great initiative by IEEE that deserves full support. It will be interesting to see how it evolves, whether the rather influential voices that support it, including Doc Searls, are strong enough to make it lift off. I certainly wish so.