Making Privacy Policies not Suck
Creative Commons did an amazing thing for copyright law. It made it understandable.
Creative commons reduced the complexity of letting others use your work with a set of combinable, modular icons.
In order for privacy policies to have meaning for actual people, we need to follow in Creative Commons footsteps. We need to reduce the complexity of privacy policies to an indicator scannable in seconds. At the same time, we need a visual language for delving deeper into how our data is used—a set of icons may not be enough to paint the rich picture of where you data is going.
Understanding Data Flows
With the rise of web services, your information can end up in unexpected places. To get a better understanding of some of the complexities of data flow, we sketch out how Anti-phishing works in Firefox (with help from Oliver Reichenstein).
The difference in understandability is huge between the text and the schematic. In fact, while we were working on creating this infographic we found a hole in our legalese and updated it accordingly.
The idea here is that by creating a visual schematic language, it is relatively painless way for a company to convert their wall-of-text into something a bit more approachable. And that the more visualization actually shines a light into the dense tangle of words, possibly highlighting flaws or trouble spots that would have otherwise remained hidden.
The simple form
For that, we want to move from the descriptive to the proscriptive, to a set of legally-bindings icons like Creative Commons.
For now here are a set of axis we’ve come up with that need to be whittled down:
Is your information…
Shared with a 3rd Party? Shared internally within the company?
Anonymized/Aggregated before being stored or used?
Stored for more than x number of days?
Encrypted on the server?
Monetized (sold) in some way?
Usable to contact you?
Update: Based on the feedback, we’ve decided the set of attributes people should care about.