Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday October 11 2017, @01:35PM   Printer-friendly
from the don't-make-them-100-pages-long dept.

The key to turning privacy notices into something useful for consumers is to rethink their purpose. A company's policy might show compliance with the regulations the firm is bound to follow, but remains impenetrable to a regular reader.

The starting point for developing consumer-friendly privacy notices is to make them relevant to the user's activity, understandable and actionable. As part of the Usable Privacy Policy Project, my colleagues and I developed a way to make privacy notices more effective.

The first principle is to break up the documents into smaller chunks and deliver them at times that are appropriate for users. Right now, a single multi-page policy might have many sections and paragraphs, each relevant to different services and activities. Yet people who are just casually browsing a website need only a little bit of information about how the site handles their IP addresses, if what they look at is shared with advertisers and if they can opt out of interest-based ads. Those people doesn't[sic] need to know about many other things listed in all-encompassing policies, like the rules associated with subscribing to the site's email newsletter, nor how the site handles personal or financial information belonging to people who make purchases or donations on the site.

When a person does decide to sign up for email updates or pay for a service through the site, then an additional short privacy notice could tell her the additional information she needs to know. These shorter documents should also offer users meaningful choices about what they want a company to do – or not do – with their data. For instance, a new subscriber might be allowed to choose whether the company can share his email address or other contact information with outside marketing companies by clicking a check box.

This article was originally published on The Conversation. Read the original article.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday October 12 2017, @10:05AM

    by Anonymous Coward on Thursday October 12 2017, @10:05AM (#581062)

    Many users don't care much, as they are powerless to any of it except maybe not use it. To tip that balance, the users need negotiating power, to e.g. approach an ISP that they don't like the fine print in their standard contract and want it removed.

    I can't really think of a solution here, but maybe the next two points may do something:
    1. Making the companies responsible for the data they collect. (e.g. if that data is stolen from the company, it should be handled as the company violating the privacy of it's users, with fines in the form of compensation to those users.)
    2. Make it illegal for companies to sell personal information without informed consent from the user for each entity they sell the data to. E.g. company has a bunch of data and wants to sell it to corp X, they have to get agreement from all users to sell their data to corp X.