Skip to main content

Beyond GDPR: Is MyTerms the New Standard for Enforceable Personal Data Agreements?

Beyond GDPR: Is MyTerms the New Standard for Enforceable Personal Data Agreements? Picture by TW with some help from ChatGPT
The news

IEEE just released standard 7012-2025 for machine readable personal privacy terms, nicknamed MyTerms. MyTerms covers interactions and agreements between individuals and service providers they interact with on a network. It defines a way for personal privacy requirements to be expressed as standard-form contractual agreements. 

MyTerms is intended to replace today’s “notice and consent” pattern with a standardized, machine-readable contract handshake between an individual and a service provider. The standard considers individuals true first parties who can proffer privacy terms as contractual terms, typically through an automated agent acting on their behalf.

The system relies on a neutral, non-business entity that hosts a bounded set of standard-form privacy agreements. These agreements are designed to be understandable and usable in practice by humans and by machines. They must be available in plain-language human-readable form, maintain legally meaningful wording, and also exist in machine-readable structured formats with stable identifiers so software agents can select and process them reliably.

When an individual, or their agent, proposes one of these agreements to a service provider, this service provider has a deliberately constrained set of responses to allow model scalability. The service provider may accept the proposed agreement, offer one alternative agreement from the same bounded roster, or reject the proposed agreement. The standard does not expect open-ended negotiation beyond that single alternative choice.

If the service provider accepts, the agreement is recorded so that both sides retain matching, immutable copies, including contextual metadata such as time, date, and location, to support later retrieval, audits, and dispute resolution. In parallel, service providers are required to publicly disclose which of the standard agreements they are willing to accept, which allows agents and users to choose compatible terms upfront rather than repeating consent interactions on every visit.

The bigger picture

(Unwanted) tracking on the web is still the norm although a “consent notice” regime has been established since the EU GDPR became enforceable on May 25, 2028. MyTerms is a direct response to regime with its associated high operational cost for operators, high cognitive load for users, and weak enforcement of user intent (preference signals can be ignored). 

On top of this, many website operators and service providers still manage to keep their tracking-based advertising business running, by ignoring GDPR, by hiding behind “legitimate interests” or by simply making it very hard for people to not agree to tracking and sharing personal data.

Similarly, “Do Not Track” or Global Pricacy Control largely depend on website operators not ignoring the request headers sent by browsers to them. As a result, in spite of all these good intents, the consumer is still at an a very weak position. Privacy is granted as a grace and not as a requirement. The European Union’s Digital Market Act is aimed at large providers and does not address individuals’ right to have their privacy respected by these players. 

My analysis and point of view

MyTerms argues for restoring equity by letting people participate as real contracting parties online.

It addresses some of the problems mentioned above by defining a framework that provides individuals with a means to proffer their own terms in a networked world. These terms, if agreed upon by a service provider, become an enforceable contract.

In my book, this is a very good idea. It is a serious attempt to move privacy from the current one-sided, unenforceable “notice and consent” regime towards a two-party, auditable agreements that machines can execute at scale. It essentially shall make sure that negotiations about customer data are held eye to eye. 

For customers, it can reduce friction and restore agency. For businesses, it can reduce compliance chaos, lower dispute risk, and enable higher-quality value exchange (especially around buying intent), but only if implementation is made cheap, the agreement roster is tightly governed, and adoption is driven with real incentives rather than moral arguments.

From a CX perspective, there are a number of clear positives for customers. The more than annoying banner/toggle circus that we see these days gets replaced by a cleaner privacy contract handshake, which means less consent fatigue and less friction overall. As terms are to be legible, there is a trust impact. The risk of a mismatch between what customers think they have agreed to and what they actually have agreed to, gets reduced. Lastly, there is accountability, an enforceable contract; it changes the game from blind trust to trust but verify. Talking about trust, this is an important conversion lever for businesses. Not all businesses have understood it yet, but trust is a very valuable currency. As Nitin Bajatia said in a recent CRMKonvo, the free customer is more valuable than the captive one. Yet again, too many businesses have not yet got this memo.

Having said all this, there are some adoption risks, the biggest one being too many businesses simply not being interested in giving away their power. Nitin maintained that a good number of businesses do not collect personal data, anyways, but then these are not the ones that need to get governed via a standard like MyTerms. It is the other ones. These need an incentive, or the risk of punishment. And then, there is the whole gamut of MarTech and AdTech companies, many of which will consider MyTerms as an attack to their business model. Another important risk is the infamous chicken-and-egg problem. It needs early influential adopters and an ecosystem. It, therefore, is of crucial importance to win landmark enterprise software vendors as well as some big e-commerce sites as lighthouses. From a an enterprise software point of view, Microsoft, Salesforce, SAP, Zoho are probably good candidates – with MyTerms actually being right down Zoho’s alley. Wordpress and other major CMS, as well as e-commerce platforms need to support the standard, and ideally fast. Lastly, implementation must be simple for both sides and implementation fragmentation must be kept at bay.

All in all, MyTerms is a great initiative by IEEE that deserves full support. It will be interesting to see how it evolves, whether the rather influential voices that support it, including Doc Searls, are strong enough to make it lift off. I certainly wish so.
Labels:

Comments

Post a Comment

Last Year's Top 5 Popular Posts

You are only as good as your customer remembers

As you know, I am very interested in how organizations are using business applications, which problems they do address, and how they review their success. In a next instance of these customer interviews, I had the opportunity to talk with Melissa Gordon , Executive Vice President, Enterprise Solutions at Tidal Basin about their journey with Zoho. You can watch the full interview on YouTube. Tidal Basin is a government contractor that provides various services throughout the government space, including disaster response, technology and financial services, and contact centers. Tidal Basin started with Zoho CRM and was searching for a project management tool in 2019. This was prompted by mainly two drivers. First, employees were asking for tools to help them running their projects. Second, with a focus on organizational growth and bigger projects that involved more people, Tidal Basin wanted to reduce its risk exposure and increase the efficiency of project delivery. This way, the compa...
Post a Comment
Read more

Data Wars: SAP Vs. Salesforce In The AI-Driven Enterprise Future

The past weeks certainly brought a lot of news, with SAP Sapphire and Salesforce's surely strategically timed announcement of acquiring Informatica , ranging at the top. I have covered both in recent articles. The enterprise software landscape is crackling with energy, and Artificial Intelligence (AI) is certainly the star of the show. It isn't anymore about AI as a mere feature; it's about AI as the strategic core of enterprise software. Two recent announcements underscored this shift: SAP's ambitious AI-centric vision that was unveiled at its Sapphire 2025 conference, and, arriving hot on its heels, Salesforce's agreement to acquire data management titan Informatica for $8 billion. Both signal an intensified battle for AI supremacy, where trusted, enterprise-wide data is the undisputed new monarch. Of course, SAP and Salesforce are not the only ones duking this one out. SAP's Sapphire Vision: An AI-Powered, Integrated Enterprise At its Sapphire 2025 event in ...
Post a Comment
Read more

The CDP is dead – long live the CDP!

In the past few years, I have written about CDPs, what they are and what their value is – or rather can be. My definition of a CDP that I laid out in one of my column articles on CustomerThink is:  A Customer Data Platform is a software that creates persistent, unified customer records that enable business processes that have the customers’ interests and objectives in mind. It is a good thing that CDPs evolved from its origins of being a packaged software owned by marketers, serving marketers. Having looked at CDP’s as a band aid that fixes the proliferation of data silos that emerged for a number of reasons, I have ultimately come to the conclusion and am here to say that the customer data platform as an entity is increasingly becoming irrelevant – or in the typical marketing hyperbole – dead.  Why is that? There are mainly four reasons for it.  For one, many an application has its own CDP variant already embedded as part of enabling its core functionality. Any engageme...
Post a Comment
Read more

CPQ, Meet Price Optimization: Your Revenue Lifecycle Just Got Serious

The news On October 1, 2025, Conga announced its intent to acquire the B2B business of PROS , following PRO’s acquisition by Thomas Bravo . At the same time, ThomaBravo and PROS announced that PRO’s travel business segment will be run as a standalone business . The bigger picture Revenue operations, revenue management and revenue lifecycle management have become a thing in the past years, as evidenced by the number of specialized companies that solve parts of the overall problem of optimizing revenue. It also got abused to some extent (e.g., surge pricing models) when the users of the corresponding capabilities consider optimizing being the same as maximizing. Reality check: It is not. While optimizing involves a bit of identifying how much a customer is willing to pay, it also involves the thought of repeat business, or in other words customer loyalty, even without a formal loyalty program. And that involves the customer experience, part of which the speed of creating a quote with mat...
Post a Comment
Read more

Sweet Transformation: Inside SugarCRM’s New Direction

Fresh from the 2025 SugarCRM Analyst Summit, waiting for my plane home, it is time to sort my thoughts. From Monday, 1/27 evening to Wednesday 1/29 in the morning we had some time jam packed with information and good conversations with SugarCRM execs, customers, and in between analysts. The main summit started with a bang, namely the announcement that industry icon Bob Stutz joins the SugarCRM board of directors , which is something that few of us, if any, had foreseen. This is exciting news.  With David Roberts , who succeeded Craig Charlton in September 2024, SugarCRM itself has a new CEO with a long time CRM pedigree.  As with every leadership change, this promises some change. Every new CEO evaluates what they see vs. where they want their company to go and then, together with the team, establishes and executes a plan to get there. Usually, this involves some change in the structure of the executive leadership team, too.  This is what happened and happens with SugarCR...
Post a Comment
Read more