The recent Symposium on Usable Privacy and Security, SOUPS 2009, seemed to cover a whole lot of interesting topics. One of these days I hope to attend for real — but failing that, I’m just working my way through the proceedings slowly. One paper, A “Nutrition Label” for Privacy, is especially cool.
The researchers have gotten pretty far down the path of rationalizing website privacy policies into a graphical/tabular form that’s actually enjoyable to use (their word! and they have numbers to back it up!). Whereas such policies in natural-language form are usually wordy, complex, inconsistent, and stubbornly irrelevant to a user’s actual preferences, their proposed label format provably borrows the benefits of real U.S. FDA nutrition labels, such as making a policy more amenable to at-a-glance interpretation, allowing you to compare two policies, and providing visual boundaries for the regulated/trustable portion of what you’re seeing.
The data categories in the label are a very high-level, “cooked” version of what’s in the Platform for Privacy Preferences (P3P) policy system. It’s worthwhile asking if the labels, and even the original sophisticated descriptions of data collection and use that they’re based on, are measuring the right thing. (After all, I have very little confidence that actual FDA Nutrition Facts labels are measuring the right thing.) But the categories they list seem like a pretty good start; “your activity on this site”, for example, turns out to be one of the biggest loopholes in many of today’s prolix-but-slippery privacy policies:
- contact information
- demographic information
- financial information
- health information
- purchasing information
- social security number & govt ID
- your activity on this site
- your location
Now I’m consumed by the thought of letting a person use this matrix-based approach to configure her ProtectServe-enabled relationship manager, such that any would-be recipient has to meet her privacy terms if they want to get the goods…