Privacy for Humans
Most of us hate reading privacy policies. If we’ve already decided to use a new product, this wall-of-text is just in our way.
So we click “accept” to just make this pain go away. The company who put it there treats it like we read and accepted it, which they likely know is false. But it’s a convenient fiction, and we feel we have no choice anyway.
Take for example the age filter on FaceApp, which recently went viral (again). Approximately 0% of new users have read their crappy privacy policy, because “what am I going to look like in 40 years?” is an irresistible appeal to our common narcissism.
It’s like an alligator learned to use cat-nip and laser pointers for snack time.
Sure, some privacy advocates warned us that we’re “at risk” (again) for sharing our information this way. But how many people listened?
We probably think to ourselves: we’re all going to die someday. The age filter just shows us what we’ll look like on the way. Ok!
Personally, I usually read these policies, because I’m stupid that way. And a bit older. And I once had my identity stolen on Facebook, no less.
I actually won’t use any Facebook products anymore, mostly because I did read their policies and I understand their game. I’ve had the opportunity to personally ask several of their execs if they’d prefer a more customer-friendly business model, given the choice. No, but maybe someday.
I also carefully read all of my contracts too. They’re written by lawyers, not designers who were tasked with helping us make the best decisions. Still, this is slightly less pain now vs. finding out years later we’re legally obligated to do or not do something surprising.
So I went looking for the simplest privacy policy generators for websites, to find some inspiration.
I found so many helpful ad-driven websites. But all of them are basically the same:
clickwrap, origami style.
I think maybe we’re thinking about this all wrong.
Here’s what I want to see on all of my future products regarding privacy:
That’s right. I want my privacy policies to be as compact and easy to read as a nutrition label on a box of cereal. I want to be able to scan the contents quickly to find out if this product keeps more of my information than I’d like. I want to see a list of “ingredients,” in order, to determine that ingredient #1 is human catnip or laser beams.
And I want it to all be true, by force of law.
I realize that’s a lot to ask, especially in this political climate. But I’ve started working on some steps in this direction, just messing around for now.
Ultimately, the FDA imposes these labelling requirements on food companies and requires they be truthful. Supplements that aren’t regulated as well, for some reason, don’t bother to add these labels voluntarily. Huh.
I think we’ll need another non-food agency to step up to regulate. The likely candidates today aren’t known for being so consumer friendly, but let’s try.
Here’s an example I’ve been noodling on, with a few expert eyes helping. It isn’t nearly as simple as we’d need, but is still slightly easier to read than your standard privacy policy. It would actually be in line with the terms of many websites, just nicer.
Yes, there’s still way too much text and I’m picking almost random icons for visual aids.
Still, you could at least skim it quickly to get the gist.
What I’m actually thinking about more is whether we can go a step further than just compact (and better) visual design for privacy policies.
Let’s assume we don’t want to read at all.
So I’m wondering if we might assign a unique code to each of the individual points in a policy, including each specific personal data item to be collected and/or retained. Maybe it’s a hash of the displayed text or something smarter like digital certificates? It’s basically a machine-readable version of the policy, but not presuming any AI.
We can then use browser plug-ins and/or App Store features that compare the published digital privacy policy of each site or app vs. the terms we’ve previously agreed to. It can warn us about anything that exceeds our individual limits.
This is similar to how Creative Commons terms can be used as filters in Google Image Search to find pictures that Google thinks are ok to use. Or how browsers warn you when a site’s certificates don’t match up.
The pop up might look something like this:
Here’s another still-too-verbose example of what data some website or app might reasonably ask to retain:
The extra text is only needed for closer inspection. So let’s not show it unless we have to.
In the end, ideally, we can still just click “accept,” as long as our privacy watchdogs didn’t pop-up to warn us not to. We could get that nice little checkbox in the browser bar that tells us: “everything is going to be ok.”
How’s that for simple and painless?
And if the warning does pop up, I think we can make it really easy to understand what the problem is and make a decision either way. As in: “I’m happy to upload my friend’s pictures to age them instead of me.”
This is a lot like having a smart nutrition label that puts the word “NUTS” in big letters, only if I’m allergic. Or something that shows me that the sugar content is way too high for my health based on settings I approved.
Maybe someone should build that too.
What do you think?
