Re: simple, standardized privacy policy discovery

NIST, NTIA, and many other US government related groups do a lot of 
great work*. However, what I am interested in is the impact on the real 
world.

Have you seen any of these lovely icons in the permission dialogs when 
you installed new smart phone applications? I haven't. Have you seen a 
lot of change in behaviour of Website operators with regard to cookies? 
I see new banners about cookie usage and not companies who suddenly opt 
for a privacy-friendly design.

Have you seen what most smart phone applications ask for? They typically 
ask for almost all permissions. Why is that? First, the granularity of 
the permission model offered by the operating system or even in browser 
plug-ins isn't right in most cases. It also does not allow you to state 
the 'purpose'. Second, there is no incentive for the developers to be 
restrictive (or to follow 'purpose limitation') since everyone talks 
about "big data"** and so nobody wants to limit themselves for potential 
new business models in the future.

There are a few assumptions being made with these privacy icons:

1) Existing privacy notices are not read by end users because they are 
too long and complex.

Certainly true. Some studies have been published on that topic.

2) Users are interested to learn what the privacy practices are and they 
act differently depending on the different offers.

Partially true. Our privacy research showed us that 1/3 of the users 
don't care at all. Two thirds do, however, express interest to learn 
about these practices. Will they change their behaviour? Hard to say.

Looking at the practice in the mobile phone app space, where the 
permissions are at least expressed somehow, I have my doubts that a 
graphical representation will change the game in any significant way.

3) Companies are interested to clearly state what privacy practices they 
have.

This is the big challenge, IMHO.

4) Someone enforces misbehaviour.

Does this enforcement really happen?

In a nutshell: It would be really nice to have these icons summarizing 
privacy notices everywhere but I don't see how it will happen.

Ciao
Hannes
(Maybe a bit pessimistic today)

*: There is also great work from the GSMA on that topic:
http://www.gsma.com/publicpolicy/mobile-and-privacy/mobile-privacy-principles

**: This is why O'Reilly sells you the 'Data Science Starter Kit':
http://shop.oreilly.com/category/get/data-science-kit.do

Here is the quote from the page:
"The success of companies like Google, Facebook, Amazon, and Netflix, 
not to mention Wall Street firms and industries from manufacturing and 
retail to healthcare, is increasingly driven by better tools for 
extracting meaning from very large quantities of data. 'Data Scientist' 
is now the hottest job title in Silicon Valley."
– Tim O'Reilly

O'Reilly is the place where developers go to learn about new 
developments with programming languages.

On 08/21/2013 12:11 PM, Joseph Lorenzo Hall wrote:
>
>
> On 8/21/13 3:50 AM, Hannes Tschofenig wrote:
>>
>> On the other hand if you look at many of the smart phone applications
>> and the permissions they request then in some sense those are 'tiny
>> versions' (although without shiny icons) of the longer privacy notices
>> already.
>
> The U.S. Dept. of Commerce's NTIA just finished a year-long process to
> develop a multistakeholder-driven "code of conduct" for mobile
> application transparency, including some requirements for short notice
> screens. While this has drifted from policy discovery, here are some
> links if you want to learn more:
>
> code of conduct:
> http://www.ntia.doc.gov/files/ntia/publications/july_25_code_draft.pdf
>
> candidate screens from FPF/Intuit:
> http://www.ntia.doc.gov/files/ntia/publications/ntia_ui_comps_update_7.23.pdf
>
> HTML5 version from ACT: http://j.mp/privacydashboard
>

Received on Wednesday, 21 August 2013 10:39:15 UTC