Re: UK’s upper House urges privacy kitemark for online platforms | TechCrunch

> On Apr 23, 2016, at 21:55 , Nick Doty <npdoty@ischool.berkeley.edu> wrote:
> 
> Thanks for sharing, Dave.
> 
> Here is the brief summary from the Parliament report that discusses the privacy seal/kite-mark approach:
> 
>> 41.We support provisions within the General Data Protection Regulation to allow organisations to use privacy seals, or kite-marks, to give consumers confidence that they comply with data protection rules. (Paragraph 238)
>> 
>> 42.In order to encourage competition on privacy standards, not just compliance with the law, we recommend that the Government and the Information Commissioner’s Office work with the European Commission to develop a kite-mark or privacy seal that incorporates a graded scale or traffic light system, similar to that used in food labelling, which can be used on all websites and applications that collect and process the personal data of EU citizens. (Paragraph 239)
> http://www.publications.parliament.uk/pa/ld201516/ldselect/ldeucom/129/12913.htm
> 
> And in more detail, the substantive section on privacy notices is here:
> http://www.publications.parliament.uk/pa/ld201516/ldselect/ldeucom/129/12909.htm#_idTextAnchor113
> 
> We have frequently discussed in this and related fora the possibility of doing work on standardizing some improvement on privacy notices, perhaps through the model of privacy icons. W3C's previous work on P3P could be a useful data model, but the "seal"/"mark" work seems to be more focused on what the standards are for representing certain grades of practices. The more detailed text suggests that the UK ICO is already underway with a program of approving privacy seal schemes that are presented to them, but the recommendation suggests that there would be interest in collaboration, across sectors and across the EU, on developing a more effective seal/transparency system.
> 
> I remain interested in some privacy icons standardization work if others are. (I've tried to follow the OpenNotice folks, among others.) In the US, I see both ongoing academic research and commercial tools that work on either improving representation of notices through icons/grades or mechanisms for collecting that data.
> 
> —Nick

At a workshop long ago, we discussed the possibility of building a library of reference-able privacy-policy ‘snippets’, that policies could incorporate by reference.

For example, we might publish variants of ‘third party disclosure’ (strict/average/lenient) or ‘data retention periods (indefinite/finite/short/none) and then (a) companies could say “our third-party disclosure policy is W3C-Strict”, and get an icon to match.

But building this library is huge amounts of work. It involves analyzing dozens of policies, splitting them into pieces, sorting the pieces into piles of snippets that are roughly similar, and then crafting a single snippet text to represent each pile.

ugh

Then there has to be incentive to lawyers to adopt, rather than write; this legislation, I suppose, and the use of Icons might be that.


Dave Singer

singer@mac.com

Received on Monday, 25 April 2016 17:17:45 UTC