Privacy nutrition labels

The recent Symposium on Usable Privacy and Security, SOUPS 2009, seemed to cover a whole lot of interesting topics. One of these days I hope to attend for real — but failing that, I’m just working my way through the proceedings slowly. One paper, A “Nutrition Label” for Privacy, is especially cool.

The researchers have gotten pretty far down the path of rationalizing website privacy policies into a graphical/tabular form that’s actually enjoyable to use (their word! and they have numbers to back it up!). Whereas such policies in natural-language form are usually wordy, complex, inconsistent, and stubbornly irrelevant to a user’s actual preferences, their proposed label format provably borrows the benefits of real U.S. FDA nutrition labels, such as making a policy more amenable to at-a-glance interpretation, allowing you to compare two policies, and providing visual boundaries for the regulated/trustable portion of what you’re seeing.

The data categories in the label are a very high-level, “cooked” version of what’s in the Platform for Privacy Preferences (P3P) policy system. It’s worthwhile asking if the labels, and even the original sophisticated descriptions of data collection and use that they’re based on, are measuring the right thing. (After all, I have very little confidence that actual FDA Nutrition Facts labels are measuring the right thing.) But the categories they list seem like a pretty good start; “your activity on this site”, for example, turns out to be one of the biggest loopholes in many of today’s prolix-but-slippery privacy policies:

  • contact information
  • cookies
  • demographic information
  • financial information
  • health information
  • preferences
  • purchasing information
  • social security number & govt ID
  • your activity on this site
  • your location

Now I’m consumed by the thought of letting a person use this matrix-based approach to configure her ProtectServe-enabled relationship manager, such that any would-be recipient has to meet her privacy terms if they want to get the goods…

Tags: , , ,

5 Comments to “Privacy nutrition labels”

  1. [...] a form human beings can grok (à la Creative Commons or the nutrition label approach I wrote about here) can begin to empower humans to change things if they so desire, using a variety of [...]

  2. [...] A “Nutrition Label” for Privacy [...]

  3. Ana 18 September 2010 at 12:13 pm #

    I found this article by searching for nutrition but stayed because of the intriguing post. I too wonder how this will effect our rights and what it will really mean to everyone.

  4. Eve M. 18 September 2010 at 12:20 pm #

    Thanks for visiting, Ana! I invite you to check out my “real” nutrition-blogging posts as well.

  5. Ana 19 September 2010 at 7:38 pm #

    Thanks for the link. I will go check it out now.