The 7 Things That Matter Most in Privacy
In late January we held a workshop that brought together some of the worlds leading thinkers in online privacy, with everyone from the FTC to the EFF represented. We spent the day working to answer the question: What attributes of privacy policies and terms of service should people care about? If you are new to the project, please read the original blog post, as it will answer a number of the probable nagging questions (like how to make icons enforceable).
The Should is Key:
The “should” is critical here. Privacy policies are often complex documents that deal with subtle and expansive issues. A set of easily understood and universal icons cannot possible encode everything. Instead, Privacy Icons should call out only the attributes which are not “business as usual”: the warning flags that your privacy and data are at risk.
Let’s take an example that came up at the workshop. Should we have an icon that lets the you know that your data will be shared with 3rd parties? Isn’t 3rd party sharing intrinsically a bit suspect? The answer is a subtle no. Sharing with 3rd parties should raise a warning flag but only if that sharing isn’t required. The classic example is buying a book on Amazon.com and getting it shipped to your home. Amazon needs to share your home address with UPS and Privacy Icons shouldn’t penalize them for that necessary disclosure. In other words, Privacy Icons should only highlight 3rd party data sharing when you do not have a reasonable expectation that your data is being shared.
An example of the multi-state icons found on the cloth tags.
The “should” is a major differentiator from many of the prior approaches, like the taxonomical P3P or Lorrie Cranor’s crowd-sourced Privacy Duck.
After synthesizing the input from the workshop as well as the numerous projects that have come before us, Lauren Gelman, Julie Martin, and I spearheaded the effort to boil down these “shoulds” into 7 attributes. The vision is that each attribute will correspond to an icon, and that each icon can have different states. A good example of a multi-state icon comes from the tag on your shirt that tells you how it should be cleaned.
The Proposal:
Here is the proposal for the information architecture of the attributes for the Privacy Icon. To be clear, there are no physical icons yet. Once we have general consensus on the attributes, we’ll begin work on designing the graphics both directly and via a Design Challenge.
- Is you data used for secondary use? And is it shared with 3rd parties?
- Is your data bartered?
- Under what terms is your data shared with the government and with law enforcement?
- Does the company take reasonable measures to protect your data in all phases of collection and storage.
- Does the service give you control of your data?
- Does the service use your data to build and save a profile for non-primary use?
- Are ad networks being used and under what terms?
For companies that go above and beyond by retain their data for a minimum amount of time, with minimal exposure, etc., we can also provide a “best practicies” icon.
Explanation:
Is your data used for secondary use? The European Union has spent time codifying and refining the idea of “secondary use”; the use of data for something other than the purpose for which the collectee believes it was collected. Mint.com uses your login information to import your financial data from your banks — with your explicit permission. That’s primary use and shouldn’t be punished. The RealAge tests poses as a cute questionnaire and then turns around and sells your data. That’s secondary use and is fishy. When you sign up to use a service you should care if your data will only be used for that service. If the service does use your data for secondary use, they should disclose those uses. If they share your data with 3rd parties, then they should disclose that list too.
Is your data bartered. You should know when someone is making a gain off your back. You should also know roughly how and for what that data is being bartered.
Under what terms is your data shared with the government and with law enforcement? Do they just hand it over without a warrant or a subpoena?
Does the company take reasonable measures to protect your data in all phases of collection and storage. There are numerous ways that your data can be protected: from using SSL during transmission, to encryption on the server, to deleting your data after it is no longer needed. Does the company protect your data during transmission, storage, and from employees? This icon should tell you what the weak link is.
Does the service give you control of your data? Can you delete your data if you choose? Can you edit it? What level of control do you have over the data stored on their server.
Does the service use your data to build and save a profile for non-primary use? This is a subtle one, as we want to include the concept of PII (personally identifiable information). What we are worried about are companies secretly building a dossier on you — say by taking your email address and then buying more information from a 3rd party about that email address to get, say, your credit rating. Then using that profile for uses with which you haven’t agreed.
Are ad networks being used and under what terms? On the web most pages include ads of some form, and the prevalence of behavioral tracking is on the rise. Yahoo, for instance, can track you across 12% of the web (from personal correspondence). While letting users get a handle on ad networks is important, raising the alarm on every page would be counter-productive. We haven’t figured out yet how to handle ad networks and are looking for more thought here.
Next Steps:
The next steps are to socialize this list of privacy attributes and once we arrive on agreement, to begin the design process. Feedback is crucial at this juncture. Jump in.
RT @aza The 7 Things That Matter Most in Privacy | Follow @aza on Twitter | All blog posts
Austin King
Really great work!
ad networks:
This might include recommendation engines and other “fuzzy advertisement”. Users of Nokia’s music store have their behavior data shared with a 3rd party recommendation SaaS business. Is this advertising? If not is SaaS secondary use?
Aggregate and Anonymized sharing of datasets:
For secondary use, should a distinction be made between raw, anonymized, and aggregated data? The netflix challenge showed the dangers of de-anonymization. Maybe this falls under “reasonable measures to protect”. Should some best practices around aggregation be set as a minimum for this also?
Control of your data:
Would be good to set the standard for control with being able to delete an account and a portable data format (
http://www.dataliberation.org/ ).
karl
For data control, I had written a document about the policies to check/create when you are introducing doing business around data. http://bit.ly/freedata
Data create traces. For example, when a company replaces something like hard drives in their computers, what is the policy with regards to these data.
Also more and more companies are using hosting sites for these data (The cloud). We have no idea about the possibility of using these data.
Encryption is another interesting issues. If data are encrypted, you can’t create search features, but for security and privacy you need encrypted data. You can encrypt the communication but what about the storage? These are also different types of issues.
Anonymous use of data is another super hard issue. We know the case of AOL search data. Everything we search online can be not identified, but the compilation of these data makes you identifiable.
http://en.wikipedia.org/wiki/AOL_search_data_scandal
So it’s not necessary about sharing these data with a third party but accumulating these data on a long term and identifiying patterns.
Joanne Furtsch
This is a great start on what the icons should represent and how icons can be utilized to help consumers make an informed decision on whether to interact with a particular Web site. TRUSTe agrees consumers need to be aware of unexpected uses of their information and too many icons representing all the privacy elements will cause greater confusion. However, icons should not be limited to representing the unexpected. Businesses are looking for ways to build trust and manage consumer expectations through transparency, choice, and accountability. Icons can help online businesses do this.
The icons need to represent both what consumers want to know in addition to communicating the unexpected. To simplify what is being represented and reduce the number of icons TRUSTe recommends icons to represent the following:
• Are there any secondary uses of data, meaning is the collected data used in a way that is not reasonably expected by the consumer? .
o This includes secondary uses by the business collecting the data as well as any unexpected sharing with third parties.
o Can the consumer exercise choice?
• Is sensitive data collected such as financial information, national ID number, health information, or location data?
• Is data collected, transmitted, and stored in a secure manner?
o Are there other indicators on the site such as a security seal or a valid SSL certificate?
o Icons can be used to represent the level of the SSL cert ranging from domain only cert up to an EV cert.
• Is there behavioral targeting or re-targeting?
o Can the consumer opt-out of targeting?
o How can the consumer opt-out?
• Is there a way for the consumer to contact the business if they have a question, issue, or concern?
o Is there a third party mechanism the consumer can use if the business does not satisfactorily respond or address the consumers concern?
o Accountability is one of the keys to building trust and consumers need to know businesses are accountable for their data collection practices.
TRUSTe is looking forward to continue to provide input and contribute to this important project.
Signed:
Joanne Furtsch, Policy & Product Architect
Travis Pinnick, Design & Usability Specialist
Jodi Schneider
I’m really excited about this work, Aza. I was a little worried when you referenced clothing care icons. While the “multistate” aspect is useful they puzzle me and it took me several tries to look them up, since they don’t have letters on them and (being real world objects) they don’t usually come with links.
Creative Commons does both of those: gives links to a human-readable and machine-understandable license AND includes text so we know what to call these.
I hope privacy icons will do both of these, too!
And for the similarly puzzled, here’s a guide to “fabric labels”: http://www.cleaning101.com/laundry/fabricsymbols2.html
Janelle Shudde
While ad networking has a place and potential benefit to both parties in the current environment, it also has potential for abuse. I should also have the right to block my name from being used on ad networks. And I should not have to renew it weekly or check monthly to be sure it is still in place. Perhaps an erase command that would circulate within the network with each information exchange.
Lonny Chu
This is wonderful and important work. Thank you for sharing it in progress. A few initial thoughts.
1. As a highly technically proficient person (but not in privacy matters), my eyes still glaze over when reading the text for privacy policy. Breaking them out into self-contained chunks helps in parsing the concepts, but I still need to really think about what all the words mean. I suspect that for the general public, this will still be a significant roadblock to comprehending what privacy means. The icons will help in recognizing each of the privacy attributes, but may not help in understanding the attributes.
2. I’m not sure if knowing whether or not an attribute is in effect is the most important factor for many typical users. It might be that knowing what their information is used for is more important than knowing if it is being used at all. My sense is that if users don’t know how their info is being used, they naturally want everything shut off. But if it is transparent how info is being used, many people are willing to let their info out. This speaks to a larger issue of whether or not it is possible to reframe privacy so that it is not something that scares people, but becomes system that can be beneficial to people.
3. The “Best Practices” icon seems extremely valuable and meaningful. Providing icons for individual attributes feels overwhelming.
Thanks!
Bertil Hatt
I’m coming very late to this party — but there’s one point that has always been problematic, and recently found an application in the XY Magazine bankruptcy (and Facebook changing privacy settings): Can the conditions be changed unilaterally? Will the service be continued as it is, or can the company force you to agree to new terms to keep on? What if the company is bough, controlled, bankrupted?
I would be interesting to have entrepreneurs have the investors agree that any misuse after a bankruptcy will reflect very badly on them, and impair trust, but it’s a long fight, and a similar icon could help.
I’d also support a “What happens with the dysfunctional hard drive disks?” icon, presumably once a reputable recycling company offers a proper service.
Bertil Hatt
I’m here to comment the suggestion you put on Flickr—I guess it’s more relevant. Reaction around me tend to think there are too many buttons, and ask for a “three, like CC”.
I’m counting three dichotomies on usage: unintended use, commercial use, police access (or not). I’m not sure how to simplify those: include a none-of-the-above is presumably in the works but… what is the difference between “unintended” and “commercial”? Is one including the other, plus non-profit published academic studies? You might want to think of a way to lay them out to show which are outside the range.
I do understand Police snooping can be a problem, especially in dictatorship, but most companies that would adopt this might have a legally generous, but morally sane way of sharing data with police forces: pedophilia, emergencies, etc. Getting a subpoena is annoying, but it doesn’t make a big difference to the user: being warned about it might (but not just if it’s police forces: hacking matters too). Secret services don’t respect contracts, for instance, but might leave traces of intrusion. I’d remove that to replace it with a “We’ll warn you in detail about any intrusion.”
The two dichotomies on control (erase & export) might need to be treated separately, like the three previous one, or have the three previous one on the same badge—but this needs to be coherent. I’d use a circle for usage, and a square for control, to make the distinct typology more clear (or a triangle, an hexagon… — distinct shapes).
People can see the ads, so why include a badge for that? I understand the issue with 3rd party, but I can’t tell if this is distinct from commercial, or unintended use: I’d skip that. If a website tries to make a coherent profile, then you might as well put the logo of that third party next to the “unintended use” icon, so that people start to identify the culprits and the trustworthy actors in the area (that would solve the debate on whether sending back to Facebook a ‘like’ is intended).
I wouldn’t include anything about security grade, because people don’t really do that mistake and they abide to their banks or credit card policy: end-users are not the best angle for that.
This leaves me with three possible badges (one being very likely to become default, like Attribution is for CC):
- we share your data with third parties (be it commercial, academic or otherwise) — possibly including a clickable link to a list of those third parties ; we don’t share it (except intended purposes, explained as such in the process) ;
- we’ll warn you if we notice a breach, a buyout or a bankruptcy (that shouldn’t be an option) ;
- you can erase or export / just erase / just export / neither your data at any time.
On the graphic design side, I’m not sure you need to represent “your data”: a simple arrow would make sense. The garbage can/dust bin is a great idea, but you can’t really recognize it.
Finally, if you need incentives for that, try to ask Google to support it and shame commercial websites that do not go with it: people tend to trust website they know and have bookmarked, so that will only affect newcomers, trying to make sense of a new website. I can’t imagine them not jumping on an occasion to shame Facebook on their rather imperialistic privacy policy.
gucci belts
The basis of its mens belts investigation indicates that cheap gucci belts they operate on a sustainable path of poverty, cheap louis vuitton belts for men job security and low wages. The Department cheap desiger belts for Work and Pensions, gucci belts on sale said, with louis vuitton belts cheap five billion people return to work undertaken. The charity said that about one-fifth of the poverty and again and again where people escape from poverty on a temporary basis.
شات كتابي
thaank you saudi woman
شات صوتي
Why use an app when you can do what bicycles usually do in Toronto, ride like you own the roads, sidewalks, and anything else that they can ride on.
شات كتابي
Why use an app when you can do what bicycles usually do in
sexitim
Here’s the thought: add the ability to turn sparkly new features-sets on and off at will. These are features which feel like they are part of Firefox that just happen to be turned off by default. A quick trip to the preferences panel lets you try out the latest and greatestr: adding features whichsesk izle are important, but may not be large enough to be a stand-alone add-on that
Allen
Very interesting topic you chose to write on, Privacy is something that can be broken very easy these days. Ökostrom Anbieter
vaginal mesh lawsuit
I think it really depends on the user if he wants to expose his private information…
Jessie
Yeah tell that to facebook! They surely know a lot about our privacy!Produkte Testen
شات الجنوب
thaank you saudi woman
Krankenversicherungsvergleich
Thanks for this wonderful article, I really appreciated reading it. Krankenversicherungsvergleich
Guy
It’s hard to find knowledgeable people on this topic, but you sound like you know what you’re talking about! Thanks!
Exclusive Finca Mallorca Vermietung
wholesale beads
welcome to china wholesale beads store with free shipping
seo
I Linke your article. It’s great to read it.
Immobilien Trier
Thank you for this informative article. I like it to read.
house insurance quide
Good post. But I’m getting an error message when I try to subscribe to your feed. Is it a problem with my settings, or is anyone else here getting it as well?
Texter
A very goog topic you have write here
Wechsler
This article is very good. I like it very much. go on writing
Jim
Excellent and valuable information. Thanks for the share
Scratch Cards Online
Krankenversicherungsvergleich
this is very goog written article. thank you
sparen tipps
a very good article. I will come back again!
شات صوتي
thank you admin Ilike NİCE web site
Maryanne Marchello
Es ist ein Toller Beitrag der mir sehr geholfen hat ich werde euren Blog und auch den Beitrag empfehlen.
Nutte Köln
Thanks for your great informations.
Frank Schmitt
Hi folks,
why you dont make this Page in German?
Greetings from Trier ( Germany)
immobilienmakler trier
thank you admin Ilike NİCE web site
greetings from Germany
Cazare hoteluri pensiuni vile
A very interesting article about things that matter most in privacy. Every one of us should respect this things.
Best regards
immobilienmakler trier
Its only for Amarica….or for Germans too???
Greetings Frank
Anayansi
Eli, I’m so sorry I missed your pstientaeron! I’m a school librarian and didn’t peruse the CLA offerings as closely as I should have, because this is a topic of great interest to me both personally and professionally. In reading your blog a little more I was also interested to see that you recently heard Nicholas Carr speak I read his book this summer and it had a profound effect on me. I love technology as much as the next person, and love to teach kids about it, but there’s this nagging feeling in the back of my mind that our society is on a path with potentially disastrous consequences. Privacy is a huge issue, of course, but I’m also just wondering about the risks to deep and sustained thinking in this age of short attention. I’ll be interested to explore the links in your pstientaeron. Thanks for posting it.
pkv wechseln
what a nice site. I will visit it very often. thanks for it
krankenversicherungsvergleiche
The blog is very good to read
mop456
This is very interesting, You re very skilled blogger. Ive joined your feed nd pper forwrd to seeking much more of your outstnding post. lso, Ive shred your web website in my socil networks!
Baufinanzierung Vergleich
I will read sometimes on your interesting blog. Thanks for informations.
Pflegeversicherung Reform
When I read on your site I am interested in informations about goverment
Krankenkasse Beiträge
About goverment is a interesting info for me in germany
stellen it
I will visit again
soeren
interesting read. though i find in the iron icons example are too many variations af basically the same thing. From the users perspective merely impossible to note (remember) the difference between them
viagra
Wow! This could be one particular of the most beneficial blogs We have ever arrive across on this subject. Basically Excellent. I’m also a specialist in this topic therefore I can understand your hard work.
Oferte litoral
Is this applying world wide or just European Union?
Jessie
Excellent post! Very informative, specially privacy is one of the most important aspect. Pretty sure to follow your blogs for more knowledge. Thank you!
Cazare online
I’m really inspired with your writing skills and also with the structure in your weblog. Is that this a paid topic or did you modify it your self? Either way stay up the excellent high quality writing, it is rare to look a nice weblog like this one today..
Stefan Emanuel
Oferim cazare litoral mamaia constanta la particular in vile,pensiuni si apartamente in regim hotelier
Immobilienmakler fair und freundlich Trier
Thank you for this informative article. I like it to read.
I wish this Site in German soon..
Greetings Frank
Vaginal Mesh Warnings
I was searching for a well written article about privacy for a long time. I didn’t even search for it now that I came across your post. I sincerely appreciate your thoughts and input on this.
Best LPN Schools
Even though I am an atheist, today I want to give thanks to God (or whosoever there is) for hearing my wishes. You see, I was digging for a little bit of information on this specific topic, and, right here I have discovered not really a little bit but rather, a bigger bit of information. I can’t say how glad I am to have came across your pretty website.
Marilee Marecki
This web site is actually comparatively great! Exactly how was it produced !
seagate hard drive datarecovery
This is a nice sharing. The writer point out very useful info.Its really a work thanks a lot for sharing nice article .
Rossmann1663@yahoo.com
The bad weather separates the break. An axis plans the bursting sugar. The tiniest block continues the physic powder. The troop objects with a sharp home furniture on the region.
Harley Marsteller
I understand which our very own sites might not have a good deal in popular, however I wish that you help mine like I support your own.
click here
What was it like living in that era? Is it much different is privacy now? What are (lack of) privacy similarities between America today and the USSR? Could people follow you around and harrass you as they wish in either society?
videos de xxx
What i don’t understood is in truth how you are not actually a lot more neatly-preferred than you might be now. You are very intelligent. You realize therefore significantly when it comes to this subject, made me for my part imagine it from a lot of various angles. Its like men and women are not fascinated until it’s one thing to do with Woman gaga! Your own stuffs outstanding. At all times handle it up!
house cleaning services sacramento ca
I’ve been exploring for a little bit for any high quality articles or weblog posts on this kind of space . Exploring in Yahoo I eventually stumbled upon this site. Studying this information So i am happy to express that I’ve a very just right uncanny feeling I found out exactly what I needed. I so much surely will make certain to do not forget this website and provides it a look on a constant basis.
شات صوتي
thnks
goooooooooooood
min:)ااا
Joe R
LOL I remember Larry D’agostino from Port St Lucie High School. He use to put all these grease in his hair and think the girls liked him lmao!! He use to go around and talk about how badazz he was and how good he could fight lol. Then some guy named Tony jumped him in his senior year and Larry got the beat down. After school he got real fat I remember him working at Mcdonalds. He gained like 200 pounds and nobody hanged out with him anymore. I dont remember when he moved to Florida.
Bryan O.
One thing I’d like to say is always that insurance cancelling is a feared experience so if you’re doing the correct things being a driver you simply won’t get one.
Daffney L.
Great concept for nerds and ACLU lawyers. The other 99% of us just want to know
A) Does this company respect our privacy? and
B) Will it respect our privacy tomorrow?
Keep it SimpleStupid. Otherwise its just a conversation piece for nerds.
Bilete avion
Privacy is relative now. People choose to NOT have privacy. Everyone is exposing their life on social networks, smartphones are collecting data about what we do, where we go, who we talk to, and so on. Privacy is dead.
charlielees124
RAID RecoveryI will read sometimes on your interesting blog. Thanks for informations.This is a nice sharing. The writer point out very useful info.Its really a work thanks a lot for sharing nice article .
Easy Way to Recover data from Hard Drive
interesting read. though i find in the iron icons example are too many variations af basically the same thing. From the users perspective merely impossible to note (remember) the difference between them
Dropped Hard Drive
what a nice site. I will visit it very often. thanks for it
macif mutuelle
J’apprécie la façon dont vous abordez ce sujet. J’ai vraiment apprecié de lire cette article. bonne continuation.
Debra Denet
Wow!!! Appear at these CRAZY PPL! YOU FREAKS Need to STAY At your house!!!
222
I really think some people here are commenting just to argue with someone
Airport Parking
Hi, of course this paragraph is really fastidious and I have learned lot of things from it regarding blogging. thanks.|
Gros cul
Thanks for your publication on the travel industry. I’d also like contribute that if your senior taking into consideration traveling, it is absolutely vital that you buy traveling insurance for senior citizens. When traveling, elderly people are at high risk of getting a healthcare emergency. Obtaining right insurance package for the age group can look after your health and provide you with peace of mind. jdei726ya
body sweating
Thanks for discussing your ideas on this blog. Likewise, a fantasy regarding the financial institutions intentions whenever talking about foreclosures is that the loan company will not getreceive my payments. There is a certain quantity of time that this bank is going to take payments from time to time. If you are as well deep inside hole, they should commonly desire that you pay the actual payment entirely. However, that doesn’t mean that they will not take any sort of repayments at all. In the event you and the financial institution can seem to work a little something out, a foreclosure course of action may end. However, should you continue to miss out on payments in the new program, the foreclosure process can pick up from where it was left off.
Work At Home Jobs Available Now
As I website owner I conceive the subject material here is really great, appreciate it for your efforts.
salope
I have been exploring for a little bit for any high quality articles or blog posts on this kind of area . Exploring in Yahoo I at last stumbled upon this web site. Reading this information So i’m happy to convey that I have an incredibly good uncanny feeling I discovered exactly what I needed. I most certainly will make certain to don’t forget this web site and give it a look regularly. jdei726ya
reklama forda
Hello, Neat post. There is a problem along with your web site in web explorer, could test this… IE nonetheless is the marketplace leader and a good part of people will miss your excellent writing because of this problem.
Lisa
nice blog very informative
100 dayloans unemployed
Hello there! Do you know if they make any plugins to assist with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good gains. If you know of any please share. Many thanks!
we buy houses raleigh
Thank you, I’ve recently been looking for details about this subject matter for ages and yours is the best I’ve discovered so far.
Hard Disk Data Rescue
Well, Thank you for sharing this valuable article for peoples your tips and trick is helpful for me.