«

»

May
20
2011

Layered Policy Design

By Travis Pinnick
User Experience Designer | TRUSTe
@xtratrav

The original goal of privacy policies was to create transparency in data collection practices and to help users make informed decisions. Unfortunately most users do not read privacy policies and therefore little change has been made in data collection practices. This is partially because traditional privacy policies suffer from misaligned incentives. Privacy policies really serve as legal protection for the data collectors, and there is an incentive for websites to collect and share data about their users. This incentive should be balanced by the market with simplicity, transparency, and choice.

As a partial solution to this problem TRUSTe is planning to integrate a privacy short notice into our layered privacy policy design.

View interactive demo


Designing a Short Notice
The need for a short notice policy is clear, but a lot of thought was put into the development of the content for this short notice. Last April Mozilla hosted a Privacy Icon Workshop about the use of privacy icons to communicate important information practices to consumers.

There seemed to be general agreement that a short notice needs to be much simpler than previous attempts to be effective. One way of accomplishing this goal is to simplify the types of practices represented in the notice. For example rather than representing things users probably already know, such as the types of data collected (ie. name, age, financial or purchase information), the short notice can focus more on transparency around the data practices and uses which are invisible to users (secondary use, data sharing, third party tracking, data retention).

Testing Short Notice Categories
In Feb 2011 we conducted a user test of a preliminary short notice design featuring the following categories: data use, data sharing, and data retention (focused on how data is used, not what data is collected). Based on the results of the user testing I reached the following conclusions regarding short notice design:

- Users don’t seem to have preconceived notions of what categories make the most sense regarding web privacy, they expect an authority (like TRUSTe) to do that for them.

-Icon Design is not as important as category selection and taxonomic presentation. Several users commented that initially the purpose of the short notice is to educate, and as long as the icons made reasonable sense in the context of the categories they would eventually come to be associated with their intended meanings.

Proposed Short Notice Design

The final design for the short notice consists of three categories (Data Use, Data Sharing, and Third Party Tracking). These categories were selected because they represent data practices that are invisible to the user. Each category has three possible values ranging from most to least restrictive data practices (ie. for data sharing: 1- data only shared for expected/transactional uses, 2- data shared with affiliates/marketing partners with user choice, or 3- data shared without choice or practice not stated.)


Mobile Layered Design

Mobile presents another opportunity for innovating layered policy design– a visually appealing policy design optimized to be viewed on a mobile device. The privacy policy navigation elements take advantage of the constraints and form factor of mobile devices to support a policy which is intuitive to navigate and easy-to-read. Regardless of device users should be able to find the information they are looking for without having to scroll through screens designed to be viewed from a desktop.

View Interactive Demo


Designing for Consumer Expectations

Simplifying the presentation of a privacy policy short notice requires eliminating all but the most relevant content, and this is accomplished by considering what elements of the policy fall outside consumer expectations. Consumers logically expect some forms of data collection as they are voluntarily provided and integral to the interaction at hand (financial/purchase info at an e-commerce site, or preference info at a social networking site). Including this type of information in a short notice is unnecessary, it should instead focus on the invisible data practices that might not meet expectations (ie. things like: using data to create a marketing profile, sharing data with affiliates, or third party tracking).

The addition of the privacy short notice to our layered policy offering benefits consumers in the following ways:

-Simplicity – adding a short notice layer on top of the privacy policy gives consumers a simpler more easily interpretable presentation layer of policy content
-Transparency – the categories in the short notice were specifically chosen because they focus on creating transparency around the data practices which are invisible to consumers
-Choice – each category in the short notice provides consumers easy access to choices afforded to them for that data practice

We are excited to be releasing products for consumers that provide transparency around the data practices of the sites they visit. This project is currently ongoing and feedback is invited. If you have any questions or comments please contact Travis Pinnick, User Experience Designer at tpinnick@truste.com.

Follow me on twitter at @xtratrav.

Comments