Tom Inniss Journalist and podcaster

How to be better than compliant

H

How many times have you signed up to a service where it asks you to confirm you’ve read the T&C’s, and the privacy policy? Dozens, if not more. And how many times have you actually read them? I’m willing to bet it’s been exceedingly rare.

A cross-disciplinary team are currently in the process of creating new tools to help businesses and users engage with privacy policies in a new and meaningful way.

In a session led by Tessa Darbyshire, they first broke down some of the stats around data. For example, there is 2.5 exabytes of data created every day, and more than 90% of all existing data in the world has been created in the last two years.

Another, more interesting statistic, was that after reading Facebook’s privacy policy, 35% of people used the service less.

To demonstrate why that might be the case, in groups we were given Facebook’s UK privacy policy, and were asked to pull out some of the areas that surprised us. The privacy policy included the collection of metadata, address book and sms log history, your device ID, other devices on your network or nearby, and facial recognition to name just a few things. It also said it will comply with any lawful requests from law enforcement to hand over your data (which was perceived to be a bit vague), as well as use your location data to know what shops you’ve been in. It was also concerning that all of this data was shared between every service owned by Facebook, for example Instagram and Whatsapp, and you couldn’t opt out – it was all or nothing.

Tessa and co are working on creating a new tool that will be used by both businesses and consumers to move away from the inaccessibile jargon of current privacy policies, and instead generate simple, easy to parse legalise that can be read by both machines and humans. The hope is that businesses will use the tool in the first instance to create their privacy policies, and will then feed it into a .json file. The user can then see the trust score based on their own set of preferences. The tool has a trust score provided, based on your own preferences. It is similar in many ways to the Terms of Service, Didn’t Read project.

For businesses, the benefit will be the creation of a privacy policy that is actually relevant to your business, and ensures you are compliant with laws. It will allow you to quickly tick the things you need to collect and have a privacy policy generated for you, saving time and money.

The consumer will be able to select what they view as acceptable inclusions for a privacy policy, and then the tool will be able to read the .json file and provide a score as to how aligned that privacy policy is to their values. It currently presents the score as a percentage, but the audience felt it might be helpful to have a numerical or alphabetical ranking, similar to food hygiene scores for restaurants.

I asked them if businesses are actually showing interest in using the tools, and apparently they are. Tessa explained that brands might see privacy policies as a threat, but it is actually an opportunity to get rid of spammers, and create a more refined and successful marketing campaign as you’re only contacting the people who care about your products. I pushed to get details on whether any companies have signed up, and while they declined to offer names, I was told that conversations were ongoing with companies in the automobile and finance sector.

The trust tool mock-up is available to play with on GitHub, and the team are looking for feedback.

About the author

Tom Inniss

Tom is a journalist and feature writer with interests in politics, technology and culture. He currently works as the editor of Voice - an online magazine for young people interested in art and culture.

Tom Inniss Journalist and podcaster

Tom Inniss

Tom is a journalist and feature writer with interests in politics, technology and culture. He currently works as the editor of Voice - an online magazine for young people interested in art and culture.

Follow Me