In some privacy circles there is a vision of creating a simple method of decoding privacy policies. As it stands, privacy policies ‘exist’ in a nebulous domain of legalese. Few people read these policies, and fewer still understand what they do (and do not) say. The same has traditionally been true of many copyright agreements. To assuage this issue surrounding copyright, the creative commons were created. Privacy groups are hoping to take some of the lessons from the creative commons and apply it to privacy policies.
I need to stress that this is a ‘thinking’ piece – I’ve been bothered by some of the models and diagrams used to express the ‘privacy commons’ because I think that while they’re great academic pieces, they’re nigh useless for the public at large. When I use the term ‘public at large’ and ‘useless’ what I am driving at is this: the creative commons is so good because it put together a VERY simple system that lets people quickly understand what copyright is being asserted over particular works. A privacy commons will live (or, very possibly, die) on its ease of access and use.
So, let’s think about use-value of any mode of description. The key issue with many commons approaches is that they are trying to do way too much all at once. Is there necessarily a need for a uniform commons statement, or is privacy sufficiently complicated that we adopt a medical privacy commons, a banking privacy commons, a social networking privacy commons, and so forth? Perhaps, instead of cutting the privacy cake so granularly (i.e. by market segment) we should try to boil down key principles and then offer real-language explanations for each principle’s application in particular business environments instead. This division of the commons is a topic that researchers appreciate and struggle with.
Let’s think about a few ways that we can create an accessible, usable, icon-based privacy alert. I apologize for the text; I’m not a graphic artist in even the ‘I can draw with crayons at a third-grade level’ sense of the term. What I’ll do is suggest a term, differing ‘options’ that the term might hold, and then how it might be shown in a graphic.
Data Collection: First-party, third-party, yes, or no. First-party collection refers to identifiable personal information that the organization in question collects, third-party if an outside organization collects information. First-party collection could be denoted by something like ‘DC1st’ (with ‘1st’ being in a superscript) and third-party collection by ‘DC3rd’ (with ‘3rd’ in a subscript). Where both occur DC could be coloured green, and where no data collection takes place the DC could either be removed from the privacy commons icon set, or coloured in red.
Data Sharing: First-party, third-party, yes, or no. This is in reference to whether the customer’s data is provided to outside sources. In the case of large conglomerates who share internally, but not to those outside the corporate network, they would be classed as ‘first-party’ sharers. Third-party denotes situations where the collecting group shares/sells data with those outside their corporate structure. Yes shows when this happens in first- and third-party situations, and ‘no’ identifies where none of a customer’s data is shared. This could be displayed as DS1st (with superscript), DS3rd (with subscript), DS (green coloured), DS (red coloured)/absent from the displayed set of icons.
Data Identification: First-party, third-party, yes, or no. This refers to whether or not data that is held by the organization is associated with a particular individual’s personally identifiable information. It follows the same metric as laid out in the brief descriptors on collection and sharing. It would be displayed as DI1st (with superscript), DI3nd (with subscript), DS (green coloured), DS (red coloured)/absent from the displayed set of icons.
Data Tracking: First-party, third-party, yes, or no. This refers to whether or not data is used to survey where an individual or set of individuals move around, either on the web (e.g. cookies) or on the physical world (e.g. cell phones, GPS). First-party refers to when the vendor selling the product/corporate conglomerate does the tracking, third when a third-party is responsible for the tracking of individuals. Yes if both first and third-party tracking happens, ‘no’ if there is not an effort to track customers. Denoted by DT1st (superscript), DT3rd (subscript), DT (green coloured), DS (red coloured)/absent from the displayed set of icons.
Data Deletion: First-party, third-party, yes, or no. This refers to whether or not collected/shared/identified data is deleted after a given period of time. Whereas the first four icons would be on the same line, I see this as below it to demonstrate that it is a different kind of question or issue. This would be displayed as DD1st (superscript), DD3nd (subscript), DD (green coloured), DS (red coloured)/absent from the displayed set of icons. When hovering over this icon a note on deletion periods could be displayed, or when actually clicked on. Note that I have intentionally chosen ‘deletion’ over ‘retention’ – I think that deletion speaks to an actionable process that people would feel more secure with and that actually represents what people assume happens with data after the retention period concludes.
Aggregation: Something that I haven’t referred to here is aggregation; I quite simply don’t know where, precisely, to put it. It seems to apply to a few areas. Perhaps there could be a ‘+A’ appended to the end of the symbol in question?
In the case of each icon, hovering over it could reveal either a 10 word summary, or clicking through the icon could display a longer (maybe 50 word/icon) note on what is done with data. Something that should be obvious, at this point, is that I’m primarily talking about data – it’s where/what I think – and how it relates to privacy. A valid question might be: do we need a privacy commons, or do we need a data-commons, medical-commons, etc. I think that the points I’ve outlined offer broad categories, perhaps too broad, but if something as simple as this can’t be developed I have real doubts that icon-based alerts can be effective.
Edit: Ralf Bendrath brought his own excellent post on the status of the privacy commons from a few years ago to my attention. It’s highly worth a look, and gives visual representations of some of the icon sets floating around in the discussion about the commons.
7 thoughts on “Thinking About a ‘Privacy Commons’”
I like the way you think. If we could break down privacy into it’s components in the same way we have say the GPL license, then a company could just maybe have a checklist like table with a tick mark for those aspects that apply.
Of course this will remove the ability of a company to quietly slip in a few disclaimers (which lets face it, most want to do) without informing their user base so I can’t really see it coming into force. It’s no coincidence that both the creative commons and the GPL were not developed by corporations!
This said, there remains a real doubt that large corporations will buy into this. They aren’t 100% needed for the system to work, but for it to be widely acknowledged some kind plan developed to spread the word (such as one putting proponents of the privacy commons into law classes). If young lawyers are aware of the PC, then maybe over a decade or so it could start to seep into corporate culture somewhat.
This debate has been going on for at least two years now, with slow progress. As far as I am aware, the Independent Center for Privacy Protection in Kiel (Germany), which is the state DPA, has been working on it all the time.
Thanks for this Ralf – I’d read your post a year or so ago but totally forgot to include it in the links at the top of the post. I do wonder about the effectiveness of very long icon sets for privacy; while they are shorter than privacy policies, they don’t seem immediately accessible to a casual surfer. If there were, say 10 icons for privacy I worry that many people would be uninterested in seeing what they were about.
This isn’t to say that what I’ve begun proposing is necessarily much better, but that if modelled to appear somewhat similar to CC it might have some uptake because of the seemingly similar projects.
Something that I didn’t address in this post, but that is in Mary Rundle’s slides, is the question of international transfers of information. In my mind, I’d like to see this as just built into the broad framework, and then when hovering over the icon maybe reveal information about international transfers. It seems that everytime I think about what could be improved in a PC model additions are required to the model, which runs counter to the KISS principle that I see as necessary for a privacy commons to reach widespread adoption. Has Mehldau’s model continued to circulate through the German blogsphere?
As usual, thanks for the article. You’ve sparked quite a few thoughts. I took some time to respond to this post on my blog (at http://www.aarontitus.net/blog/2009/12/06/my-thoughts-about-privacy-commons/). Great points.
do you know, if the idea of privacy commons is realized by now? Unfortunately, the problem still exists. Thank you for some hints! Best regards from Germany!
Sorry, I haven’t followed this at all, though to the best of my knowledge the idea has not been realized as I discussed in this post.
Comments are closed.