How websites can declare their data practices in a machine-readable format The idea Most websites have a privacy policy. Most people don't read them. What if a website could declare its data practices in a machine-readable format that a browser extension could read, display, and compare against the user's preferences? That's what .well-known/protoconsent.json does. It follows the same pattern as security.txt ( RFC 9116 ) and .well-known/change-password : a static file at a standard path that tools can discover and consume automatically. What it looks like A minimal declaration for a blog that uses privacy-friendly analytics: { "protoconsent" : "0.2" , "purposes" : { "functional" : { "used" : true , "legal_basis" : "legitimate_interest" }, "analytics" : { "used" : true , "legal_basis" : "consent" , "providers" : [ "Privacy-friendly Analytics" ], "retention" : { "type" : "fixed" , "value" : 30 , "unit" : "days" } } } } Enter fullscreen mode Exit fullscreen mode The file declares which of ProtoConsent's six…