Privacy Short Notice Design

By Travis Pinnick
User Experience Designer | TRUSTe

Part I: Background
[This is part 1 in a series about the design of a TRUSTe Privacy Short Notice. To learn more see part 2 and part 3]

TRUSTe Short Notice and Icon Design
TRUSTe is currently in the process of designing an icon-based privacy short notice for simplifying and summarizing consumer-facing privacy statements in a browser-based client. The tool will initially be a simple, consumer-facing presentation layer of a TRUSTe-hosted XML-based policy database, but could ultimately become an open-source standard for inclusion by browser manufacturers available for certification by other third-party privacy authorities.

Background – Evolution of the Short Notice
The need for a privacy short notice has been around almost since the inception of the privacy policy. Policy policies as initially conceived were meant to afford consumers protection from poor data practices, but have since evolved to serve more as legal protection for the companies collecting the data. As such they are often needlessly complex and intentionally vague.

Problems with standard privacy policies:

Privacy Policies are difficult to read
o Most are written in legal jargon that is difficult for an average person to understand (Anton, 2007)
Misconceptions about protections afforded
o People don’t read policies because they assume the existence of policy implies STRONG /false/ protection (Hoofnagle, 2008)
Amount of time to read policies is too great
o It would take upwards of 200 hours to read policy of every site encountered in a year (McDonald, 2008)
Lack of market differentiation
o Policies are equally vague about how data may be used, leaving consumers with no alternatives (KnowPrivacy 2009)

Need for a Short Notice
For these reasons there is a strong interest, especially among regulators and consumer advocates, to move beyond policies into easily digestible privacy short notices that can be represented in the browser. This brings to light a number of considerations for the design of a short notice:

  • What privacy elements are in scope?
  • Will the notice be icon based? What will the icons look like? Will they be open-standard?
  • Should the icons represent good practices or bad? What are the incentives on the business if they are good or bad?
  • How will the notice be rolled out to a customer? Will there be a tool that reads a policy and renders the notice from machine-readable code, and who will do this?
  • Should the notice be site-based or browser-based?
  • Should the protocol allow for both self-asserted and 3rd party verified policies?

Prior Approaches at Simplifying Privacy Notices
An early approach for simplifying the consumption of privacy policies was the Platform for Privacy Preferences Project (P3P) developed by Lorrie Cranor (Carnegie Mellon CyLab), which enables sites to express their privacy practices in a standard format that can be interpreted easily by user agents (in both machine- and human-readable formats) and to automate decision-making based on these practices. At the time of its creation P3P was supported by both the W3C and Microsoft (who built P3P mechanisms into IE). Possible explanations for why P3P failed to take off are that it was too complicated or there was little actual demand on the part of web users (in 2007 the P3P working group officially abandoned the idea).

Privacy Nutrition Label
A short notice style of P3P agent which gained attention was the Privacy Nutrition Label by Patrick Gage Kelley (Carnegie Mellon CyLab), which was able to read P3P policies and display the results in a graphical matrix which compares the types of data collected to the uses of that data. While this approach is clean and much clearer than a text-based standard policy, it still suffers from the problem of attempting to represent a large and complex policy in a way that may still be too thorough for a short notice (in its full form the nutrition label represents 10 data types and 6 uses, creating a matrix of 60 possible values).

A similar approach to visualizing privacy policies called KnowPrivacy was attempted by UC Berkeley graduate students Ashkan Soltani, Joshua Gomez, & Travis Pinnick. This icon-based policy summary used icons to represent 5 data types, 5 general data practices, and 3 types of data sharing for a total 13 possible icons per summary, still a little overwhelming for the purposes of short notice simplification.

Continued in part 2 of this series.