Cleveland KnowledgeNet Presentation

Today I presented "Using the Privacy Management Reference Model and Methodology to Explore Do Not Track Design" at the Cleveland KnowledgeNet. Thanks to Peter's PPT, which I annotated/updated, Michael's DNT Paper, my own DNT and EU ePrivacy 'Cookie' Requirement research along with naturally the PMRM paper, I was able to assemble, with very little effort, the attached presentation and represent the model and methodology almost in it's entirety. I found I needed clarity about what a PMA is, as I do believe this is an important output.

First and foremost, the high level Model and Methodology charts and Peter's additional pictorial representations really rock. They made it easy to quickly describe the processes and the product(s).
Second, Michael's DNT Paper was really rich in US content and really helped me follow the Model and Methodology and make that critical transition from Privacy Controls to PMRM Services.
Third and MOST IMPORTANTLY, I found the topic of Do Not Track and the EU ePrivacy 'Cookie Consent' requirement(s) to be an EXCELLENT application of the PMRM. I was able to use the Model and the Methodology to define, contrast, communicate and create a dialogue around the very distinct US vs EU perspectives/approaches (and others as they will emerge). While the attached ppt does not demonstrate without my explanation and the development of additional slides the various challenges business communities face in translating the Privacy Controls into the PMRM Services and in turn, achieving, at some level, compliance with the privacy principles and laws in a number of jurisdictions, I think it creates a fresh perspective on a long term dilemma that could lead to real solutions.
I believe that the Model and Methodology when applied to Do Not Track and the EU ePrivacy 'Cookie Consent' requirements, could enable a comprehensive and productive dialogue among the Stakeholders; the creation of a superior Privacy Architecture among interested parties, which would go a long way towards the current 'stale mates' among browsers, 1st parties, 3rd parties, consumers, regulators and so on.
I think that this business issue of 'Do Not Track , Do Not Target, US Opt-Out vs EU Opt-In, et al' just might be an application of the PMRM that might indeed make an important contribution to advancing the development of the PMRM.

You will see in the ppt that I was not able, due to time constraints, to translate the specific Privacy Controls into Privacy Services and assign them to systems. My thoughts are to upgrade Michael's paper to include the ePrivacy Directive and a select/representative set of the 27 EU member implementations of the ePrivacy Directive (definitely the UK,which is the most defined and a few others). From there, there are a number of upgrades to the ppt slides that would:

Summarize the specifics of the high level Privacy Analysis and the resulting Privacy Controls
Demonstrate the translation of Privacy Controls into Privacy Services and the necessary policy and practice upgrades between the 'individuals' and the various 'corporate/gov't entities'
Package the Privacy Services into Systems for the various current solutions in the US and EU and perhaps even create a vision for a other potential solutions
Naturally perform the Risk Assessment(s) for the various solutions
Depict alternative Privacy Architecture(s), Locally and Globally for discussion
Document in a summary form the PMA (once I understand what it is intended to be)

Needless to say, this is more than likely a bigger task than can be accomplished quickly, however, you can see that I was energized by what I could accomplish in less than 16 hours following the PMRM and using the tools you all have created.

pmrm message