Privacy Icons: Alpha Release
Earlier this year, Mozilla convened a privacy workshop that brought together some of the world’s leading thinkers in online privacy. People from the FTC to the EFF were there to answer the question: What attributes of privacy policies and terms of service should people care about? This lead to a proposal presented for the W3C, among other places, which further refined the notion.
We are now ready to propose an alpha version of Privacy Icons that takes into account the feedback and participation we’ve received along the way. We’ve simplified the core set dramatically and tightened up the language. While the icons don’t touch on all topics, we do think they significantly move the discussion on privacy, as well as the general level of literacy about privacy, forward. We do not want to let perfection or devotion to taxonomy get in the way of the good.
Keep in mind that the target adopters of Privacy Icons are 2nd-tier sites—the sites where differentiation based on privacy matters to their users. Think about the large number of sites which vehemently promise to never share your email address when you sign up for their service or mailing list. Those are the kinds of sites, which make up a significant fraction of the web, that would adopt Privacy Icons.
References to Data mean data that is either personally identifiable (including name, ip address, or email address) or associated with some personally identifiable aspect of your identity (such as correlated with your ip address name, or email address).
This means that data is only collected and used to carry out the interaction you are engaged in with the website. The website is only using your data in ways that are functionally necessary to carry out the relationship as users intend. This means if you are buying a pair of shoes, your email address is collected to confirm the order, provide updates on shipping status, etc. An intended use of your email address would not include sending you marketing messages from other companies or for other products.
The European Union has spent time codifying and refining the idea of secondary use; the use of data for something other than the purpose for which the collectee believes it was collected. Mint.com uses your login information to import your financial data from your banks — with your explicit permission. That’s primary use and shouldn’t be punished. The RealAge tests poses as a cute questionnaire and then turns around and sells your data. That’s secondary use, is undisclosed, and feels scummy. When you sign up to use a service you should care if your data will only be used for that service. If the service does use your data for secondary use, they should disclose those uses. If they share your data with 3rd parties, then they should disclose that list too.
This means that your data is collected and used in ways that go beyond what is necessary for the interaction. For example, in addition to collecting your address to ship you a pair of shoes you just bought (which is an intended use of your address), the web site might also sell your address to data aggregators who sell it to junk mail companies.
The site that is collecting data about you is not trading or selling it. It will only share your data with other organizations in order to carry out the intended transaction.
This means that a website is collecting data about you and selling or trading it with another organization, government, or person. An example of this is where a shopping website collects data about your shopping preferences, frugality, and ip address and sells that info to data aggregators or to other e-commerce sites directly.
Besides the information exposed via on-page advertisement, the site does not share the data it collects about you with advertisers.
This means that a site either shares the data it has about you with marketing or advertising companies or allows those companies to collect info about you while on its site.
Your data is deleted before 1, 3, 6, or 18 months from the date of transmission have elapsed, respectively. Alternatively the data is never deleted.
This means that when an organization gets a phone call, letter, or other legally insufficient request for your data, they don’t comply because the law requires the government to take additional steps before getting your data. These organizations require the government to comply, at a minimum, with the legal process provided by the law before getting users’ data.
These organizations might provide your data to a government that asks for it without following the legally required process. They might just send a letter or make a phone call to the company to ask for your data.
Bolt On Approach
Nobody Will Use the Bad Icons?
First, because the target implementers of Privacy Icons are the second-tier sites, a privacy market-place has a chance of growing. Sites already try to differentiate base on privacy concerns, and these icons simply codify what they are already doing. Second, if Privacy Icons become widely adopted (and I think Mozilla is in a unique position to help make that happen) then the correlation of good companies using the icons and bad companies not using the icons becomes rather strong. The absence of Privacy Icons becomes a warning flag for when you go to sign up for new service.
A huge thanks to Mozilla’s Associate General Counsel, Julie Martin, who wrote the text descriptions for the Privacy Icons.