Building a taxonomy of privacy policies: What we have learned so far from the Privacy Summary Project

Posted on May 19, 2011 by Jim Brock

Much of the effort in the PrivacyChoice Project focuses on “third-party” privacy, or how nearly 400 tracking companies collect and use information across websites. Lately we have been working on “first party” privacy too — how individual websites directly collect information about their users. Privacy policies typically are unread or misunderstood, making this an important area for innovation.

In that spirit, today I’m taking the wraps off of our first prototype for first-party privacy: PrivacyChoice Summaries.

What is a PrivacyChoice Summary?

  • A series of short (<15 word) statements in plain English that describe the key provisions of the privacy policy.
  • Provisions that we have deemed to be less protective or less common are presented in bold face.
  • The full text of each provisions, and of the entire policy, presented a click away.
  • Third-party tracking policies (from our own scanning) are built in, giving the user (for the first time) a complete view of the privacy profile of a website.
  • The interface is simply a basic wireframe for the prototype; no icons or other elements to make them more easily used and understood.

To start, we are presenting our summaries for around 50 top websites; enough to give you a sense of what is similar and what is different about policies on different leading sites. It’s a prototype, so watch out (and please report) bugs or errors. Be sure to click on the feedback link for a survey that takes less than 20 seconds to complete.

What have we learned so far?

  1. Despite the primitive interface, our testers have responded very favorably to the summaries. A high percentage would recommend the service and want to see summaries for more sites that they use.
  2. The vast majority of policies share common entries from the taxonomy. This means that consumer tools should focus on provisions that are most likely to be of concern (such as sharing of identity or location information), or provisions that vary in important ways from the mainstream.
  3. Privacy policies can be classified at scale for a reasonable cost. We have developed internal tools to make processing highly efficient (a trained analyst can process a policy in just a few minutes).
  4. Using human analyzed policies as a seed, the process becomes even more efficient through semantic analysis. However, there are enough special provisions — particularly on more popular websites — that some level of human review will always be necessary.
  5. Based on some experimentation, icons and graphics will make this more usable and interesting for users. They will not substitute for the user reading the summary at least once; but once the user has done so, icons provide helpful shorthand across sites.

What’s next?

Some other similar efforts are set to debut today at the Privacy Identity Innovation Conference, giving us a good chance to compare approaches. With phase one of the project complete, we will now turn to improving our automation processes, and also to some new applications to make the taxonomy more valuable. Stay tuned (and be sure to subscribe to the blog for updates).

This entry was posted in Privacy Policies, Pros, Website Disclosure. Bookmark the permalink.

One Response to Building a taxonomy of privacy policies: What we have learned so far from the Privacy Summary Project

  1. Pingback: Can better privacy disclosure be crowd-sourced? | PrivacyChoice Blog

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>