Privacy Icons: Difference between revisions

From i4bi wiki
Jump to navigation Jump to search
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
<big>'''Privacy Icons'''</big>
<big>'''Privacy Icons'''</big>


== The Problem ==
== The Problem ==


We begin with one major problem about privacy policies (and privacy communications in general): the language in this space is so complicated that users can't understand it. As a result they've generally stopped caring, and when they do take time to think about privacy, they feel duped. Sites make it too complicated to understand, and besides, users have little choice: sometimes there's only one game in town, so to speak, and the price of admission is personal data. And so users don't bother trying to understand or differentiate among the privacy practices of most online sites and services. Businesses, in turn, have trouble conveying to users that they ''do'' care about privacy, and this affects their ability to differentiate ''themselves'' from competitors based on privacy.  
We begin with one major problem about privacy policies (and privacy communications in general): the language in this space is so complicated that users can't understand it. As a result they've generally stopped caring, and when they do take time to think about privacy, they feel duped. Sites make it too complicated to understand, and besides, users have little choice: sometimes there's only one game in town, so to speak, and the price of admission is personal data. And so users don't bother trying to understand or differentiate among the privacy practices of most online sites and services. Businesses, in turn, have trouble conveying to users that they ''do'' care about privacy, and this affects their ability to differentiate themselves from competitors based on privacy.
 
We began our problem-solving process, then, with two points of view (POVs). The first is the POV of the consumer who wants to make better choices about privacy but has become inured to the current landscape and, moreover, has little time to research and process things. The second POV is that of the business that wants to do a better job of communicating its privacy practices.


We began our problem-solving process, then, with two points of view. The first is the consumer who, to some degree, "wants" to make better choices about privacy but has become inured to the current landscape and, moreover, has little time to research and process things. The second point of view is that of the business that--however rare this is--wants to do better at communicating its privacy practices.
As the first step of our prototyping and brainstorming sessions, we settled on the business POV—specifically, that of the smaller, less-established startup—because we determined that it's easier to find a platform and gain leverage from the business side. From there, good privacy practices can spread to other businesses, and the benefits will redound to users.


== The Idea ==
== The Idea ==


We're aiming for the golden vector where consumer needs, defined both by consumers' demonstrated frustration with the length and density of privacy policies and by the importance of being able to make quick judgments about whether to consent to a privacy practice, meet businesses' desire to make their privacy practices clearer.
We're to find the point where consumer needs—defined both by consumers' demonstrated frustration with the length and density of privacy policies and by the importance of being able to make quick judgments about whether to consent to a privacy practice—meet businesses' desires to make their privacy practices clearer.
 
To that end we want to give consumers and businesses alike a simple, easy-to-use way to convey and process privacy practices. But we don't mean just to translate websites' privacy policies into simpler icons, or to provide a granular, machine-readable language for mapping privacy practices. We think the solution has to be as simple as it can be. That way users don't get frustrated with learning curves and legalese, and businesses feel comfortable adopting a product that doesn't demand legal nitpicking and constant reconfiguration.
 
To do this, we're trying to develop some baseline statements or pledges that that consumers find helpful in making the threshold decision of whether to use a site or service, and businesses likewise find useful for communicating that same baseline principle. We plan to craft these statements with input from an ample set of Silicon Valley startups and privacy-interested users. Then we will find a group of startups willing to adopt a pledge or pledges, and publicize this adoption to gain public currency.
 
We will be partnering with the [http://disconnect.me/db/icons Disconnect]. team to implement a version of the pledge we describe below, complete with icons and a rating system. Eventually we think these pledges could interact with existing or developing icon systems, and could eventually be made machine-readable and integrated into user-facing privacy tools. We will also be working to establish a "bucket brigade" of privacy policy raters, hopefully situated around legal clinics and research centers at universities like Stanford and Harvard.


To that end we want to give consumers and businesses alike a simple, clear, easy-to-use tool for conveying and processing privacy practices. But we don't mean just to translate websites' privacy policies into simpler icons, or to provide a granular, machine-readable language for mapping privacy practices. We think the solution has to be as simple as it can be. That way users don't get frustrated with learning curves and legalese, and businesses feel comfortable adopting a product that doesn't demand legal nitpicking and constant reconfiguration.
== Pledge Ideas ==
''The following is draft language. It is not final.
''
We know that privacy is important to you. That’s why we’re making a pledge to you, based on trusted independent privacy group Disconnect, Inc.’s system for evaluating website privacy policies. Disconnect’s users gave our privacy practices the best possible rating under each category. We pledge to continue to abide by those ratings:
* We use your data only as you allow or expect.  
* We don’t sell your data, and we don’t share it except per your permission or reasonable expectation.
* We won’t disclose your data without proper legal procedure.
* And we won’t keep your data forever.


To this end we're trying to develop a baseline statement about privacy practices--possibly even two or three statements, pending some user testing--that consumers find helpful in making the threshold decision of whether to use a site or service, and businesses likewise find useful for communicating that same baseline principle. We think we can use such a statement or set of basic statements to develop a tool that uses icons, integrated into a browser or mobile device, to inform users on the most basic level about whether a site or service they're using comports with this baseline privacy practice. Eventually businesses might find it useful, on their ends, either to use this simple system as a way to advertise their privacy policies, or even to adopt a "Privacy Pledge" that could integrate with the consumer-facing tool.
== Related Projects ==
* [http://identityproject.lse.ac.uk/mary.pdf Mary Rundle's International Data Protection and Digital Identity Management Tools]
* [http://www.slideshare.net/maxsenges/modularized-human-readable-privacy-policies-2060205 Max Senges: (Modularized) Human-Readable Privacy Policies]
* [https://wiki.mozilla.org/Privacy_Icons_v0.2 Mozilla Privacy Icons]
* [http://knowprivacy.org/index.html Know Privacy]
* [http://disconnect.me/db/icons Disconnect]

Latest revision as of 14:33, 6 January 2012

Privacy Icons


The Problem

We begin with one major problem about privacy policies (and privacy communications in general): the language in this space is so complicated that users can't understand it. As a result they've generally stopped caring, and when they do take time to think about privacy, they feel duped. Sites make it too complicated to understand, and besides, users have little choice: sometimes there's only one game in town, so to speak, and the price of admission is personal data. And so users don't bother trying to understand or differentiate among the privacy practices of most online sites and services. Businesses, in turn, have trouble conveying to users that they do care about privacy, and this affects their ability to differentiate themselves from competitors based on privacy.

We began our problem-solving process, then, with two points of view (POVs). The first is the POV of the consumer who wants to make better choices about privacy but has become inured to the current landscape and, moreover, has little time to research and process things. The second POV is that of the business that wants to do a better job of communicating its privacy practices.

As the first step of our prototyping and brainstorming sessions, we settled on the business POV—specifically, that of the smaller, less-established startup—because we determined that it's easier to find a platform and gain leverage from the business side. From there, good privacy practices can spread to other businesses, and the benefits will redound to users.

The Idea

We're to find the point where consumer needs—defined both by consumers' demonstrated frustration with the length and density of privacy policies and by the importance of being able to make quick judgments about whether to consent to a privacy practice—meet businesses' desires to make their privacy practices clearer.

To that end we want to give consumers and businesses alike a simple, easy-to-use way to convey and process privacy practices. But we don't mean just to translate websites' privacy policies into simpler icons, or to provide a granular, machine-readable language for mapping privacy practices. We think the solution has to be as simple as it can be. That way users don't get frustrated with learning curves and legalese, and businesses feel comfortable adopting a product that doesn't demand legal nitpicking and constant reconfiguration.

To do this, we're trying to develop some baseline statements or pledges that that consumers find helpful in making the threshold decision of whether to use a site or service, and businesses likewise find useful for communicating that same baseline principle. We plan to craft these statements with input from an ample set of Silicon Valley startups and privacy-interested users. Then we will find a group of startups willing to adopt a pledge or pledges, and publicize this adoption to gain public currency.

We will be partnering with the Disconnect. team to implement a version of the pledge we describe below, complete with icons and a rating system. Eventually we think these pledges could interact with existing or developing icon systems, and could eventually be made machine-readable and integrated into user-facing privacy tools. We will also be working to establish a "bucket brigade" of privacy policy raters, hopefully situated around legal clinics and research centers at universities like Stanford and Harvard.

Pledge Ideas

The following is draft language. It is not final. We know that privacy is important to you. That’s why we’re making a pledge to you, based on trusted independent privacy group Disconnect, Inc.’s system for evaluating website privacy policies. Disconnect’s users gave our privacy practices the best possible rating under each category. We pledge to continue to abide by those ratings:

  • We use your data only as you allow or expect.
  • We don’t sell your data, and we don’t share it except per your permission or reasonable expectation.
  • We won’t disclose your data without proper legal procedure.
  • And we won’t keep your data forever.

Related Projects