IEEE 7012-2025 introduces MyTerms, a groundbreaking standard that flips the privacy paradigm by giving users control over their data through machine-readable contracts, potentially replacing cookie notices and enabling agentic commerce.
The internet's privacy landscape is about to undergo a fundamental transformation with the introduction of MyTerms, a new IEEE standard that reimagines how personal data is exchanged between individuals and online service providers. Nicknamed MyTerms, the IEEE 7012-2025 standard represents a complete paradigm shift from the current cookie-based consent model to a user-controlled contract system.
A "Complete Script Flip" in Digital Privacy
According to Doc Searles, editor-in-chief of Linux Journal and one of the original proponents of MyTerms, this standard represents "a complete script flip" in how online interactions work. Instead of websites dictating terms through lengthy privacy policies and cookie notices, users become the first party, controlling their interactions by selecting from a "roster of terms" or using a default agreement that travels with them across sites.
This approach fundamentally changes the power dynamic. Users can specify ongoing relationship terms like "service delivery only" or "service delivery only with data portability," as well as one-time data contributions such as "AI training and operations" or "sharing intent data." Once accepted by the service provider, these terms become legally binding contracts.
Machine-Readable Privacy in Action
MyTerms agreements are defined in machine-readable format and can be transmitted via HTTP headers or other mechanisms. Both parties maintain identical records of the agreement, creating a transparent and enforceable framework for data exchange. This mechanism, Searles explains, "obsolesces cookie notice, and establishes much more solid grounds for relationships between people and organizations, customers and companies, demand and supply."
The AI Agent Revolution
Jamie Smith, founder of Customer Futures Ltd., emphasizes that MyTerms becomes even more critical as AI agents increasingly automate internet activity on our behalf. "We're reaching the limit of what is acceptable online. We are clicking terms and conditions without reading them. [...] They are not doing what they need to do."
In the emerging world of agentic commerce, where AI agents handle shopping, reservations, complaints, and institutional interactions, cookies become obsolete. Instead, each agent will have its own identity and publish its own terms—contracts that define how businesses can interact with them. "I really believe that as agents become the new customer channel, MyTerms is going to be a cornerstone of how we can trust those agents and how businesses are going to interact with them," Smith notes.
Real-World Applications
Dan Leninger, head of experimental engineering at Consumer Reports, presented a compelling future scenario where a customer uses an online recommendation system to purchase an appliance. The customer specifies their own terms along with additional conditions such as maximum price and latest delivery date. The recommendation system then presents stores that have accepted the customer's terms, enabling a seamless purchase process.
John Abbott, chief commercial officer at age verification platform Yoti, highlighted the standard's potential impact on children's privacy. MyTerms provides a more appropriate way for individuals to specify how their data should be used based on their age, helping companies meet growing regulatory requirements worldwide.
Eight Years in the Making
The development of the MyTerms standard represents eight years of work since its Project Authorization Request (PAR) was proposed and approved in December 2017. This extensive development period reflects the complexity of creating a universal framework that balances user privacy, business needs, and technical feasibility.
The End of Cookie Consent Fatigue
The current cookie consent model has become a source of frustration for users worldwide. Studies show that the vast majority of users simply click "accept" without reading the terms, defeating the purpose of informed consent. MyTerms addresses this by making privacy preferences persistent and portable, eliminating the need for repetitive consent dialogs.
Technical Implementation
While specific technical details are still emerging, the standard's use of machine-readable formats and HTTP headers suggests a relatively straightforward implementation path for websites and applications. The bidirectional record-keeping requirement ensures transparency and provides a foundation for dispute resolution.
Looking Forward
As we move toward an internet increasingly mediated by AI agents and automated systems, the need for robust, user-controlled privacy frameworks becomes paramount. MyTerms represents a significant step toward realizing the vision of user sovereignty in the digital age, where individuals have genuine control over their personal data and how it's used.
For developers and businesses, MyTerms presents both challenges and opportunities. While implementing the standard requires technical changes, it also opens new possibilities for building trust-based relationships with customers and creating more personalized, privacy-respecting experiences.
The full implications of MyTerms will unfold over the coming years as the standard gains adoption and evolves. However, one thing is clear: the era of passive cookie consent is coming to an end, and a new era of active, user-controlled privacy is beginning.
For a deeper dive into MyTerms, you can read Searles' extensive writing on the topic, which provides additional context and technical details about this groundbreaking standard.
Comments
Please log in or register to join the discussion