In some privacy circles there is a vision of creating a simple method of decoding privacy policies. As it stands, privacy policies ‘exist’ in a nebulous domain of legalese. Few people read these policies, and fewer still understand what they do (and do not) say. The same has traditionally been true of many copyright agreements. To assuage this issue surrounding copyright, the creative commons were created. Privacy groups are hoping to take some of the lessons from the creative commons and apply it to privacy policies.
I need to stress that this is a ‘thinking’ piece – I’ve been bothered by some of the models and diagrams used to express the ‘privacy commons’ because I think that while they’re great academic pieces, they’re nigh useless for the public at large. When I use the term ‘public at large’ and ‘useless’ what I am driving at is this: the creative commons is so good because it put together a VERY simple system that lets people quickly understand what copyright is being asserted over particular works. A privacy commons will live (or, very possibly, die) on its ease of access and use.
So, let’s think about use-value of any mode of description. The key issue with many commons approaches is that they are trying to do way too much all at once. Is there necessarily a need for a uniform commons statement, or is privacy sufficiently complicated that we adopt a medical privacy commons, a banking privacy commons, a social networking privacy commons, and so forth? Perhaps, instead of cutting the privacy cake so granularly (i.e. by market segment) we should try to boil down key principles and then offer real-language explanations for each principle’s application in particular business environments instead. This division of the commons is a topic that researchers appreciate and struggle with.
Let’s think about a few ways that we can create an accessible, usable, icon-based privacy alert. I apologize for the text; I’m not a graphic artist in even the ‘I can draw with crayons at a third-grade level’ sense of the term. What I’ll do is suggest a term, differing ‘options’ that the term might hold, and then how it might be shown in a graphic.
Data Collection: First-party, third-party, yes, or no. First-party collection refers to identifiable personal information that the organization in question collects, third-party if an outside organization collects information. First-party collection could be denoted by something like ‘DC1st’ (with ’1st’ being in a superscript) and third-party collection by ‘DC3rd’ (with ’3rd’ in a subscript). Where both occur DC could be coloured green, and where no data collection takes place the DC could either be removed from the privacy commons icon set, or coloured in red.
Data Sharing: First-party, third-party, yes, or no. This is in reference to whether the customer’s data is provided to outside sources. In the case of large conglomerates who share internally, but not to those outside the corporate network, they would be classed as ‘first-party’ sharers. Third-party denotes situations where the collecting group shares/sells data with those outside their corporate structure. Yes shows when this happens in first- and third-party situations, and ‘no’ identifies where none of a customer’s data is shared. This could be displayed as DS1st (with superscript), DS3rd (with subscript), DS (green coloured), DS (red coloured)/absent from the displayed set of icons.
Data Identification: First-party, third-party, yes, or no. This refers to whether or not data that is held by the organization is associated with a particular individual’s personally identifiable information. It follows the same metric as laid out in the brief descriptors on collection and sharing. It would be displayed as DI1st (with superscript), DI3nd (with subscript), DS (green coloured), DS (red coloured)/absent from the displayed set of icons.
Data Tracking: First-party, third-party, yes, or no. This refers to whether or not data is used to survey where an individual or set of individuals move around, either on the web (e.g. cookies) or on the physical world (e.g. cell phones, GPS). First-party refers to when the vendor selling the product/corporate conglomerate does the tracking, third when a third-party is responsible for the tracking of individuals. Yes if both first and third-party tracking happens, ‘no’ if there is not an effort to track customers. Denoted by DT1st (superscript), DT3rd (subscript), DT (green coloured), DS (red coloured)/absent from the displayed set of icons.
Data Deletion: First-party, third-party, yes, or no. This refers to whether or not collected/shared/identified data is deleted after a given period of time. Whereas the first four icons would be on the same line, I see this as below it to demonstrate that it is a different kind of question or issue. This would be displayed as DD1st (superscript), DD3nd (subscript), DD (green coloured), DS (red coloured)/absent from the displayed set of icons. When hovering over this icon a note on deletion periods could be displayed, or when actually clicked on. Note that I have intentionally chosen ‘deletion’ over ‘retention’ – I think that deletion speaks to an actionable process that people would feel more secure with and that actually represents what people assume happens with data after the retention period concludes.
Aggregation: Something that I haven’t referred to here is aggregation; I quite simply don’t know where, precisely, to put it. It seems to apply to a few areas. Perhaps there could be a ‘+A’ appended to the end of the symbol in question?
In the case of each icon, hovering over it could reveal either a 10 word summary, or clicking through the icon could display a longer (maybe 50 word/icon) note on what is done with data. Something that should be obvious, at this point, is that I’m primarily talking about data – it’s where/what I think – and how it relates to privacy. A valid question might be: do we need a privacy commons, or do we need a data-commons, medical-commons, etc. I think that the points I’ve outlined offer broad categories, perhaps too broad, but if something as simple as this can’t be developed I have real doubts that icon-based alerts can be effective.
Edit: Ralf Bendrath brought his own excellent post on the status of the privacy commons from a few years ago to my attention. It’s highly worth a look, and gives visual representations of some of the icon sets floating around in the discussion about the commons.