Privacy Policies are not enough. Transparency requires accessibility.

datapolicy

TLDR: Make data policy statements accessible, else they’re worthless.

There is currently lots of discussion about privacy policies, and the use of data by applications (not just mobile, but any application, whether it be desktop, web or unicomp) after a number of notable examples of companies taking/using data from you without explicitly asking permission to do so.

At the same time, Google have recently changed their privacy policy across all of their services, to provide a simpler, singular, shared policy, which not only aims to keep the policy more simple, but also allows data to be shared across their services.

And, today, a shared privacy policy has been agreed by the major ‘app store’ owners, which further aims to make policies clearer and arguably more strict when it comes to use of your data (ergo life).

Admirable (or forced into doing so) or otherwise, having data policy statements is only part of the job.

I challenge you to find me three people in your network who have read a EULA when purchasing software, or read every letter of the terms and conditions when buying a product from an online (or offline, for that matter) retailer. If you can find me three, and they’re not all lawyers, good on you – you’ll know just how much spare time your friends have on their hands to enable them to read the lengthy legal documents, and how intelligent your friends are that they can intepret the often complex and grey language.

In the main (me included), consumers and users do not read license agreements, and rarely privacy policies. They generally make an assumption that the organisation aims to not be naughty with their data. They place a great deal of (sometimes misplaced) trust and faith in these organisations to respect the data they have access to. Sometimes, the assumption is stretched to breaking point.

Personally, some of the techniques used by apps like Path, Twitter, Color and Facebook, are innovative and magical. They provide a layer of intelligence to the application which you don’t have to think about. If a centralised system has access to your address book, and your friends’ address book, it can see there is an overlap, and suggest that you connect also via their service. This is smart. This is using data to create a better connection between two people. I’m all for these sorts of clever approaches to making smarter experiences.

I’ll go a step further. If you had to approve every single data transaction, or clever technique like this, two things would happen: a) user experience would become so poor, that most apps would rarely seem like magic, dramatically reducing their appeal and adoption, and become less likely to succeed to be frictionless and b) new and left-field techniques would rarely be implemented, and apps would become functional, and progress and exploration of new mechanisms to create ambient and passive interaction would falter.

These are bad things.

So, what is the solution? If people don’t read privacy policies, that there is an important moral point to ensure users know how their data is being used, but all with progress, and painless user experience in mind, how can we make sure that apps ‘do good’?

Accessibility.

Accessibility is not just about making sure people can get through doorways in a wheelchair, or see small text in big letters.

Accessibility is the provision of information in a usable form to all.

Accessibility in the context of privacy policies are making those policies clear, and immediately understandable, so they are read (in some form) and understood, and AGREED to.

And it is the explicit agreement for applications to use the data in the way explained which allows apps to continue to innovate and be magic.

How do we make privacy policies accessible? Plain English? No. Hire a lawyer? Probably not.

I think its through the use of icons. Those funny little dingbat symbols we see all around us which evoke meaning.

A picture of a man on a door, means men can use this toilet.

A horizontal line through a red circle means do not enter.

An arrow pointing upwards means we take your personal data and upload it to our servers.

An arrow pointing left and right means we share your data with other systems.

A arrow pointing up with a dollar symbol means we share your data with advertisers.

The first two examples you might recgonise, the final three I just made up, but with a globally recognised icongraphic data policy system in mind.

It works for food (red/amber/green lights for salt content on UK food packaging, for instance).

It works for film and computer games (BBFC ratings on films, or ESRB ratings on games).

It works for copyleft (Creative Commons licenses for instance).

In fact, Facebook already employ a basic similar concept for their “Approve this Application” screen when you’re using an app for the first time.

When installing or choosing to use an application, a quick prompt with a set of icons which quickly describe what the application will potentially do with your data.
This then allows you to make an informed decision on whether to continue installing the application.
It means you can make an informed decision on whether you’re happy for your data to be used, without crippling the user experience or innovation, and without you having to read through paragraphs of legalese.

This concept doesn’t remove the need for application developers and platform owners to develop honest, open and sensible data and privacy policies, it just calls for those policies to be made accessible, in a format that everyone can understand.

Once again, accessibility (and good information design) to the rescue.

Now, over to you, application platform developers.

Leave a Reply