Thinking About a ‘Privacy Commons’

unclesamsurveillanceIn some privacy circles there is a vision of creating a simple method of decoding privacy policies. As it stands, privacy policies ‘exist’ in a nebulous domain of legalese. Few people read these policies, and fewer still understand what they do (and do not) say. The same has traditionally been true of many copyright agreements. To assuage this issue surrounding copyright, the creative commons were created. Privacy groups are hoping to take some of the lessons from the creative commons and apply it to privacy policies.

I need to stress that this is a ‘thinking’ piece – I’ve been bothered by some of the models and diagrams used to express the ‘privacy commons’ because I think that while they’re great academic pieces, they’re nigh useless for the public at large. When I use the term ‘public at large’ and ‘useless’ what I am driving at is this: the creative commons is so good because it put together a VERY simple system that lets people quickly understand what copyright is being asserted over particular works. A privacy commons will live (or, very possibly, die) on its ease of access and use.

So, let’s think about use-value of any mode of description. The key issue with many commons approaches is that they are trying to do way too much all at once. Is there necessarily a need for a uniform commons statement, or is privacy sufficiently complicated that we adopt a medical privacy commons, a banking privacy commons, a social networking privacy commons, and so forth? Perhaps, instead of cutting the privacy cake so granularly (i.e. by market segment) we should try to boil down key principles and then offer real-language explanations for each principle’s application in particular business environments instead. This division of the commons is a topic that researchers appreciate and struggle with.

Let’s think about a few ways that we can create an accessible, usable, icon-based privacy alert. I apologize for the text; I’m not a graphic artist in even the ‘I can draw with crayons at a third-grade level’ sense of the term. What I’ll do is suggest a term, differing ‘options’ that the term might hold, and then how it might be shown in a graphic.

Data Collection: First-party, third-party, yes, or no. First-party collection refers to identifiable personal information that the organization in question collects, third-party if an outside organization collects information. First-party collection could be denoted by something like ‘DC1st’ (with ‘1st’ being in a superscript) and third-party collection by ‘DC3rd’ (with ‘3rd’ in a subscript). Where both occur DC could be coloured green, and where no data collection takes place the DC could either be removed from the privacy commons icon set, or coloured in red.

Data Sharing: First-party, third-party, yes, or no. This is in reference to whether the customer’s data is provided to outside sources. In the case of large conglomerates who share internally, but not to those outside the corporate network, they would be classed as ‘first-party’ sharers. Third-party denotes situations where the collecting group shares/sells data with those outside their corporate structure. Yes shows when this happens in first- and third-party situations, and ‘no’ identifies where none of a customer’s data is shared. This could be displayed as DS1st (with superscript), DS3rd (with subscript), DS (green coloured), DS (red coloured)/absent from the displayed set of icons.

Data Identification: First-party, third-party, yes, or no. This refers to whether or not data that is held by the organization is associated with a particular individual’s personally identifiable information. It follows the same metric as laid out in the brief descriptors on collection and sharing. It would be displayed as DI1st (with superscript), DI3nd (with subscript), DS (green coloured), DS (red coloured)/absent from the displayed set of icons.

Data Tracking: First-party, third-party, yes, or no. This refers to whether or not data is used to survey where an individual or set of individuals move around, either on the web (e.g. cookies) or on the physical world (e.g. cell phones, GPS). First-party refers to when the vendor selling the product/corporate conglomerate does the tracking, third when a third-party is responsible for the tracking of individuals. Yes if both first and third-party tracking happens, ‘no’ if there is not an effort to track customers. Denoted by DT1st (superscript), DT3rd (subscript), DT (green coloured), DS (red coloured)/absent from the displayed set of icons.

Data Deletion: First-party, third-party, yes, or no. This refers to whether or not collected/shared/identified data is deleted after a given period of time. Whereas the first four icons would be on the same line, I see this as below it to demonstrate that it is a different kind of question or issue. This would be displayed as DD1st (superscript), DD3nd (subscript), DD (green coloured), DS (red coloured)/absent from the displayed set of icons. When hovering over this icon a note on deletion periods could be displayed, or when actually clicked on. Note that I have intentionally chosen ‘deletion’ over ‘retention’ – I think that deletion speaks to an actionable process that people would feel more secure with and that actually represents what people assume happens with data after the retention period concludes.

Aggregation: Something that I haven’t referred to here is aggregation; I quite simply don’t know where, precisely, to put it. It seems to apply to a few areas. Perhaps there could be a ‘+A’ appended to the end of the symbol in question?

In the case of each icon, hovering over it could reveal either a 10 word summary, or clicking through the icon could display a longer (maybe 50 word/icon) note on what is done with data. Something that should be obvious, at this point, is that I’m primarily talking about data – it’s where/what I think – and how it relates to privacy. A valid question might be: do we need a privacy commons, or do we need a data-commons, medical-commons, etc. I think that the points I’ve outlined offer broad categories, perhaps too broad, but if something  as simple as this can’t be developed I have real doubts that icon-based alerts can be effective.

Now the benefits of a machine-readable privacy commons are high….but only if substantial market penetration can be achieved. Ideas of a commons aren’t new – they’ve been swimming through academic literature in various iterations for the past decade and a half or so – and whenever there has been an effort to impose a machine-readable privacy system uptake is the key issue. Copyright doesn’t face the same issue, insofar as most people would (probably) be happy with a ‘regular’ copyright. Further, copyright has been around long enough that most people at last can imagine what their permissions might include where they don’t see a creative commons licensing icon. Privacy, however, isn’t as well defined in legal statutes, has deep variations around the world, and (perhaps most importantly) lacks an international advocacy group that is composed of businesses who see advancing privacy as essential to their business interests. Google fought to add the very term ‘privacy’ on their homepage, and they’re a web-savvy company. Facebook suffered through an extended investigation to have their privacy policy changed. How reasonable is it to expect large fortune 500 companies to adopt any kind of privacy commons position?

Edit: Ralf Bendrath brought his own excellent post on the status of the privacy commons from a few years ago to my attention. It’s highly worth a look, and gives visual representations of some of the icon sets floating around in the discussion about the commons.

Christopher Parsons

I’m a Postdoctoral Fellow at the Citizen Lab in the Munk School of Global Affairs at the University of Toronto and a Principal at Block G Privacy and Security Consulting. My research interests focus on how privacy (particularly informational privacy, expressive privacy and accessibility privacy) is affected by digitally mediated surveillance and the normative implications that such surveillance has in (and on) contemporary Western political systems. I’m currently attending to a particular set of technologies that facilitate digitally mediated surveillance, including Deep Packet Inspection (DPI), behavioral advertising, and mobile device security. I try to think through how these technologies influence citizens in their decisions to openly express themselves or to engage in self-censoring behavior on a regular basis.