Mind The Gap

Personal Data EmpowermentMyTerms
Written By Iain Henderson

How MyTerms Bridges the Trust Gap

“Mind the gap.”

It’s a familiar phrase—heard on train platforms as a warning to passengers. A small gap, perhaps. But one that, if ignored, can cause real problems.

In the digital world, there is another gap. Far larger. Far more consequential.

A gap between what organisations—and regulators—believe is acceptable behaviour when it comes to personal data…
…and what individuals actually expect.

This is the Trust Gap.

And right now, it is widening.

The Trust Gap Is Real—and Structural

There is a growing disconnect between the experience individuals have online and the standards organisations are meeting.

Organisations point to:

  • Cookie banners

  • Privacy policies

  • Consent mechanisms

  • Regulatory compliance

As evidence that they are acting responsibly.

Regulators, in turn, assess whether these mechanisms meet legal thresholds—and in many cases, they do.

But individuals see something very different.

They see:

  • Endless pop-ups designed to nudge “Accept All”

  • Policies written for lawyers, not humans

  • Repeated requests for the same data

  • News of breaches from organisations that were “fully compliant”

The result?

A system that is technically compliant—but fundamentally distrusted.

Three Gaps, Not One

To understand the scale of the issue, it helps to break the Trust Gap into three distinct layers.

The Expectation Gap

Individuals expect:

  • Transparency

  • Fairness

  • Control

  • Respect

But what they experience is:

  • Opacity

  • Friction

  • One-sided terms

  • Minimal real control

People believe they are in a digitally-enabled relationship.
Organisations behave as if they are processing a resource.

The Understanding Gap

The current system relies heavily on the concept of “informed consent.”

But in practice:

  • Privacy policies are rarely read

  • Even more rarely understood

  • And almost never actionable

All three are designed to be that way.

If no one reads it, understands it, or can meaningfully act on it—can we really call it consent?

What we have instead is an out-dated ritual.
A moment of interaction that signals compliance, but delivers little comprehension.

The Power Gap

Today, organisations define the terms of engagement.

Individuals are given a binary choice:

  • Accept

  • Or leave

That is not empowerment.
It is coercion—with a softer interface.

Even where rights exist—access, erasure, portability—they are difficult if not impossible to exercise, inconsistent in execution, and disconnected from the moment of interaction.

People become rationally dis-engaged. They don’t like what they have to do to get things done online; but they also know they have no option but to do so. It’s not as if the other services they could use behave any differently.

The Compliance Trap

At the heart of this issue is a subtle but critical shift.

Many organisations have moved from asking:

“Is this the right thing to do for our customers?”

To asking:

“Is this compliant?”

Compliance is, of course, essential.
But it is not sufficient.

Compliance is internal-facing.
It asks: Did we follow the rules?

Trust must be outward-looking.
It asks: Will you act in my best interest?

Somewhere along the way, compliance won.

And in doing so, we have created a system where:

  • Legal defensibility is prioritised over customer understanding and experience

  • Minimum viable compliance replaces meaningful engagement

  • Responsibility is demonstrated—but not necessarily felt

The Role of Regulation

It would be easy to place the blame solely on organisations. But the reality is more nuanced.

Regulators have done an enormous amount to establish rights, frameworks, and accountability.

But in doing so, they have also—perhaps unintentionally—standardised a broken interaction model.

  • Cookie banners and their underpinning frameworks have become legal theatre

  • Privacy notices have become liability shields

  • Consent has become a compliance artefact

Regulation optimises for enforceability, but then fails, in the main, to enforce.
But individuals need usability and agency.

The result is a system that works on paper—but is broken in practice.

The Human Cost: DPOs in the Middle

Nowhere is this tension more visible than in the role of the Data Protection Officer (DPO).

DPOs are tasked with protecting individuals, and enabling their rights
But they operate within organisations driven by commercial, operational, and technical realities.

They are often asked to:

  • Interpret complex regulation

  • Translate it into organisational policy

  • Ensure compliance across fragmented systems

  • And represent the interests of individuals—without direct mechanisms to do so

In effect, they sit between two worlds:

  • The expectations of individuals

  • The constraints of organisations

Without the tools to fully reconcile the two.

A System Designed for Friction

The current model doesn’t just fail to build trust—it actively erodes it.

Consider the experience:

  • Repeated consent requests across every site

  • Default settings nudging maximum data capture

  • Complex opt-out processes

  • Data held in silos across multiple organisations

We have designed a system where:

  • The safest choice is often the most inconvenient

  • The easiest choice is the least informed

Over time, this leads to:

  • Consent fatigue

  • Learned helplessness

  • Disengagement

And ultimately—distrust.

The Economic Cost of Low Trust

This isn’t just a societal or ethical issue. It’s an economic one.

Low trust creates inefficiencies across the digital economy:

  • Poor data quality (because users provide minimal or inaccurate data)

  • Higher acquisition costs (because relationships lack depth)

  • Increased regulatory overhead

  • Greater reputational risk

  • Reduced long-term loyalty

In short:

The Trust Gap is not just a moral problem.
It is a structural inefficiency.

Bridging the Gap with MyTerms

If the problem is structural, the solution must be too.

This is where MyTerms comes in.

MyTerms introduces a fundamentally different model—one that shifts the point of control from organisations to individuals.

It does this by enabling:

  • Machine-readable, standardised expressions of individual intent

  • Persistent, reusable permissions

  • Clear, explicit agreements between parties

Rather than asking individuals to navigate endless variations of organisational policies, MyTerms allows them to define their own terms—once—and use them everywhere.

We can visualise the Trust Gap and MyTerms as below.

From Consent to Agreement

The most important shift MyTerms enables is this:

From consent → to agreement

Today:

  • Organisations set the terms

  • Individuals react to them

With MyTerms:

  • Individuals express their terms

  • Organisations choose whether to engage

This creates a fundamentally different dynamic.

Today

With MyTerms

Organisation-defined policies

Individual-defined terms

One-size-fits-all

Personalised permissions

Passive consent

Active agreement

Legal text

Machine-readable signals

Creating Symmetry

Perhaps the most important outcome is symmetry.

Today’s system is deeply asymmetrical:

  • Organisations operate at scale, with structure and automation

  • Individuals operate manually, reactively, and inconsistently

MyTerms levels the playing field.

It allows individuals to:

  • Express preferences once

  • Apply them consistently

  • Enforce them automatically

In doing so, it brings individuals closer to operating with the same clarity and scale as organisations.

A Better Role for Compliance

Importantly, MyTerms does not replace compliance—it reframes it.

Compliance becomes:

  • A baseline

  • A prerequisite

  • Table stakes

But it is no longer the goal.

Instead, the focus shifts to:

  • Alignment

  • Transparency

  • Mutual agreement

In this model:

Compliance is a subset of trust—not a substitute for it.

A Glimpse of What’s Next

In a MyTerms-enabled world:

  • Cookie banners disappear

  • Permissions persist across services

  • Data flows with intent, not assumption

  • Individuals are supported by agents acting in their interest

Organisations no longer need to guess what users might accept.

They know.

Because the terms are explicit.

Closing the Gap

The Trust Gap isn’t closing on its own.

In fact, left unchecked, it will continue to widen—fuelled by increasing complexity, more data, and greater automation.

We cannot solve this with:

  • More banners

  • Longer policies

  • Additional layers of compliance

We need a different approach.

A different infrastructure.

A different contract.

Because if we want a digital economy built on trust, we need to stop asking for consent…

…and start agreeing terms.

Iain Henderson
Next

Data Quality and Ethical Data Sharing for Health and Wealth Insights