Doc,
See my most recent post.
In the physical world (e.g., cars) there is a highly developed legal
infrastructure, including contract law (warranties), statutory law
(commercial code, warranty regulations, safety recall laws &
regs), and common law (defective design lawsuits) that is the ocean
of expectations in which we customer fishes all swim in, i.e., of
which we are largely unaware.
So, as you note below, IMHO we need to do what we can with that
legal infrastructure for the online/VRM world. Of course, I'm a
lawyer, and I'm sure there's some "when all you have is a hammer,
everything looks like a nail" going on.
Chris S.
On 2/14/2013 8:09 AM, Doc Searls wrote:
"
type="cite">
On Feb 14, 2013, at 4:00 AM,
">
wrote: I'm not sure I really understand this debate.
Why should we have to read a privacy
policy in the first place? If we buy say, an automobile,
we are not presented with a long and detailed list of
its various components, their quality and functions, and
asked if we agree or disagree with the choice of
component or how it is being used. Quite rightly, we
expect the car company to address all these issues in
ways we can trust - and we expect them to be taken to
the cleaners if they fall down on quality, safety and so
on.
Right.
The reason we are presented online with a privacy policy, and
with terms to check off (which scrape all possible onus onto the
individual), is that the commercial Web is still stuck in 1995
< http://hvrd.me/yliVSX>
and needs to be brought into alignment with the physical world,
where such rudeness is unnecessary in common business
interactions.
The mere fact of introducing an 'agreement' between the
buyer and the car company on the quality/functionality of
its components would open up a huge temptation for the car
company to blind the buyer with science, cut corners, take
advantage --- all now with the defence 'but you agreed to
it'. That's exactly what has happened with so-called
'privacy'.
I do not see why I should have to read
anything, tick anything to agree to anything when I
share my data with a company for commercial purposes. I
should 'just know' that I am only sharing data that is
100% related to the task in hand, that any data I share
will only be used for the purposes of providing the
service and facilitating the transaction, that it will
not be passed on to anyone else, and that it will be
kept by the seller only for as long as service provision
is necessary.
I shouldn't have to read small print or
tick boxes about this. It should be the standard,
default norm - just taken for granted - and any company
transgressing on this norm should be taken to the
cleaners (by regulators and public opinion), just as a
car company transgressing on quality and safety should
be taken to the cleaners. I blogged about this recently
here.
As soon as we start arguing about
whether the small print is readable or not, we have
already ceded the principle and the argument to the data
landgrab industry.
Alan M
That's why we shouldn't argue about the small print we are
presented with today, but instead come up with new terms and
mechanisms that are in alignment with common manners in the
physical world and obviate the need for human action (e.g.
checking "accept") when machine processes can handle things in
the background.
This is why, by the way, the Cyberlaw Clinic at the Berkman
Center has taken on Customer Commons as a client, and a number
of us on this list are involved with that work. We're going
to fix this sucker.
It won't happen all at once, but it will happen, and it
will be fun to make it happen.
Doc
-----Original Message-----
From: Mary Hodder <
">
>
To: Phil Wolff, PDEC <
">
>
CC: Sean Bohan <
">
>;
J Clark <
">
>;
ProjectVRM list <
">
>
Sent: Tue, 12 Feb 2013 17:25
Subject: Re: [projectvrm] Fwd: [ PFIR ] Proposed
California law requires site privacy polices not to
exceed 8th grade language and 100 words
I don't think the proscribed reading level is the
problem with the bill.. that would probably work out
fine.
It's the length and the fact that it's customary
to have multiple policies.. 2-4.. that would cause
this bill to be toothless.
And I'm not sure you can tell people not to speak
(or companies that == people).
What if just the list of collected data, in the
slimmed down 100 word privacy policy, were more than
100 words?
Then what? For facebook, this list is all
possible
Ip Address
IP location
Name
Address
City
State
Zip Code
Country
Birth date
Browser Type
OS Type
Pages visited within site
Pages clicked upon within site
"likes"
"comments"
Pages arrived from (offsite)
Pages going to (offsite)
Location checkins
contact's list
friend types
friends recommended to others
friend requests sent
friend requests received
Pages visited (offsite, with "like" or "comments"
Status updates
Shared from others
Payment information (for promoted posts and
gifts)
Pages promoted
Gift and recipient
Ads clicked
photos uploaded
videos uploaded
links shared
searched within FB
searched outside FB
messages and IMs
promoted
job history
job years
quotes
liked items for profile
relationship status
schools attended
school years
history and year
privacy settings
login settings
I'm sure I've missed a bunch.. but that list is
116 words..
Even at 200 words, which Adrian's white paper on
consent dialogs suggests, there's not a lot left for
the rest of the dialog and privacy information.
mary
On Feb 12, 2013, at 4:14 AM, Phil Wolff, PDEC
wrote:
A few examples
come to mind in
support of this
attempt.
Readers' Digest
targeted sixth-grade
reading level for
its entire history.
They are famous for
explaining law,
foreign affairs,
human biology,
anatomy and
physiology using
simple language and
illustrations. "This
is Joe's liver"
Wikipedia has a
"language" of
"Simple English".
This is a very
restricted
vocabulary (850
words) and writers
are translating
everything from
engineering and
Einstein's
relativity to social
sciences into Simple
English. It really
works, stripping
away jargon,
hundred-dollar-words
where a five-penny
word will do, losing
all pretension.
Intensely valuable
for people for whom
English is a second
language, with some
kinds of cognitive
challenges, or for
whom vocabulary is a
barrier. http://simple.wikipedia.org/
http://simple.wikipedia.org/wiki/Special_relativity
Apps that score
text for readability
often check word
length (in
syllables), sentence
length, paragraph
length, structure
simplicity/complexity,
and grammar rules
that prevent
semantic confusion.
So overall length of
a contract or
advisory should
help, but there are
many other factors
that contribute to
readability and
access by someone
who doesn't read
much or read well.
I don't know if
it's still true, but
I was told when I
first study
technical writing
that the average
person is most
comfortable reading
three or four years
below their highest
academic grade
level. Where
inclusion is a goal,
and I'd think it
would be in the case
of readable
contracts, shooting
for 6th grade seems
both important and
attainable.
On Feb 10, 2013, at 9:57 AM, Mary
Hodder <
">
>
wrote:
What's
interesting about this is that it would
be fairly easy to get around, if it
passes.
So.. a site or app does a 100 word,
easy to read Privacy Policy.
Then they do a TOU and Data
Policy.. for the rest of what usually
goes in those things.
It's silly to write a law this
way.. and I think would also violate
free speech rights...
I could see requiring a simple text
summarizing a privacy policy in 100
words, but I just don't see this going
anywhere useful, even if it does pass.
Which I doubt it will.
On Feb 10, 2013, at 11:51 AM,
Sean Bohan wrote:
Awesome
share - Thanks!
From a business context,
Pharma companies and their
agencies focus on a 7-8th grade
reading level for all
communications meant to be
read/experienced by patients.
On Sun, Feb 10, 2013 at 12:24
PM, J Clark <
">
>
wrote:
FYI,
FWIW.
In California, I
was told a few years
ago by a Criminal
Prosecutor & Law
School Professor, an
average jury pool has
an 8th grade
education. Elsewhere
in the US, it's closer
to a 7th grade
equivalent, which
isn't saying much
these days.
Begin forwarded
message:
From:
"PFIR \(People For
Internet
Responsibility\)
Announcement
List" <
">
>
Date:
February 9, 2013
7:33:50 PM PST
Subject:
[ PFIR ] Proposed
California law
requires site
privacy
polices not to
exceed 8th
grade language
and 100 words
Reply-To:
"PFIR \(People For
Internet
Responsibility\)
Announcement
List" <
">
>
--
------------------------------------------------
Sean W. Bohan
------------------------------------------------
Mobile: 646-234-5693
|