(no title)

I've been thinking alot about the properties of viral open-source licenses and how this could be applied to other legal documents - like privacy policies.

As it becomes possible to share our medical records with caregivers and practitioners using apps, we have to trust that these apps are managing our data and respecting our privacy as we intend. But it's not only the app developers we need to care about, its also the third party services that they use (and share our data with), and the third party services that they then use.. its turtles all the way down.

What if we could create standardized "viral" privacy policy clauses, similar to the viral nature of open-source notice & attribution clauses.. which would "follow" Personally Identifiable Information (PII) and Protected Health Information (PHI).. ensuring it's used as we intend, no matter the degrees of separation?