All companies and government agencies operate under multiple formal laws and regulations – employment and workplace laws, financial and accounting standards, data breach notification requirements and many more. But whether they know it or not, these organizations also operate in the informal context of their social license to operate (social license), which measures the community acceptance granted to the organization. For a government department, their community is their citizens. For a public or private company, it’s their customers.
The concept of social license originated in the study of mining and industrial companies, motivated by their potential to impact local physical environments and residents. In some cases, these businesses may have complied with all formal laws and regulations yet harmed the local environment through misunderstanding or ignoring the social license they thought the community granted them.
Social license can be measured against three criteria:
- Legitimacy: the extent to which an individual or organization meets the legal, social, cultural norms of the community, whether formal or informal
- Credibility: the organization’s capacity to provide true and clear information to the community and fulfill any commitments made
- Trust: the willingness to be vulnerable to the actions of others. Trust is a strong measure of the quality of a relationship and takes time and effort to create.
Example: How Stats NZ measured its social license
In 2018, Stats NZ, a department in the New Zealand Government, surveyed citizens to measure the organization’s social license. They asked survey respondents: ‘Does Stats NZ think about their citizens’ data the same way as they [the citizens] do?’. Their primary objective was to ensure New Zealanders had trust in the way the agency stored, processed and managed their data. Stats NZ defined its social license as ‘the permission it has to make decisions about management and use of the public’s data without sanction’.
From its report, the four pillars of Stats NZ’s social license framework were:
- We allow our personal information to be used for purposes that are positive and beneficial to society.
- We trust that Stats NZ understands the risk to us of unsafe data use and is committed to maintaining our privacy, and as such has put in place robust security processes to protect our personal information.
- We expect Stats NZ’s process for stewarding our personal information to be transparent and accountable.
- We expect Stats NZ to actively engage with us and take into account our views on how our personal information is managed and used.
Therefore, we trust Stats NZ to steward our personal information.
What is Anonyome Labs’ Social License?
We think about Anonyome Labs’ social license as we design and build MySudo for consumers and Sudo Platform for enterprises that want to provide privacy and cybersafety capabilities to their customers. We understand that social license for a privacy-first product is paramount. Here’s a summary of how we assess ourselves against the three social license criteria:
We believe that privacy and anonymity are crucial components of the modern Internet, in order for people to take control of their personal information and the impact of surveillance capitalism which is monetizing our digital exhaust. We build the tools to empower people with the necessary capabilities to protect and control their personal information. Control is the end goal, where privacy, anonymity and encryption are just some of the techniques to allow users to achieve that control.
We mandate that our users use MySudo in a lawful and respectful way. We refer to this as ‘responsible anonymity’. We provide examples of what is beyond our view of responsible anonymity in our Terms of Service.
When a user’s activity in MySudo is beyond our Terms of Service, we are committed to taking actions such as limiting or suspending use of our services and responding to proper and valid requests from law enforcement agencies. We refer to this as ‘anonymity with recourse’. As our security and privacy FAQs outline, in many cases we may not have the information that law enforcement agencies request.
We have published source code for our Sudo Platform SDKs on GitHub, with the intention to continuously publish more source code over time.
It’s worth stating again: we believe that privacy and anonymity are crucial components of the modern Internet. A demonstration of the trust we have in our users is that we do not collect personal information when a user downloads, installs and registers to use MySudo. (The sole exception is if a MySudo user chooses to use the virtual card capability, where there are regulatory requirements to verify a user’s legal identity before use.) We do not access device identifiers such as device serial number, IMEI number, because we have no need to do so. We choose very short log retention periods (usually one day or less) so we can maintain our system. When we started Anonyome Labs in 2014, we saw these as important choices for taking a different approach that embeds privacy from the very beginning of a MySudo user’s experience with us.
If you are a MySudo user, we welcome your feedback on our social license to operate. Email us at firstname.lastname@example.org.