SoylentNews is people
SoylentNews
from the don't-make-them-100-pages-long dept.
The key to turning privacy notices into something useful for consumers is to rethink their purpose. A company's policy might show compliance with the regulations the firm is bound to follow, but remains impenetrable to a regular reader.
The starting point for developing consumer-friendly privacy notices is to make them relevant to the user's activity, understandable and actionable. As part of the Usable Privacy Policy Project, my colleagues and I developed a way to make privacy notices more effective.
The first principle is to break up the documents into smaller chunks and deliver them at times that are appropriate for users. Right now, a single multi-page policy might have many sections and paragraphs, each relevant to different services and activities. Yet people who are just casually browsing a website need only a little bit of information about how the site handles their IP addresses, if what they look at is shared with advertisers and if they can opt out of interest-based ads. Those people doesn't[sic] need to know about many other things listed in all-encompassing policies, like the rules associated with subscribing to the site's email newsletter, nor how the site handles personal or financial information belonging to people who make purchases or donations on the site.
When a person does decide to sign up for email updates or pay for a service through the site, then an additional short privacy notice could tell her the additional information she needs to know. These shorter documents should also offer users meaningful choices about what they want a company to do – or not do – with their data. For instance, a new subscriber might be allowed to choose whether the company can share his email address or other contact information with outside marketing companies by clicking a check box.
This article was originally published on The Conversation. Read the original article.
(Score: -1, Disagree) by Anonymous Coward on Wednesday October 11 2017, @01:42PM (17 children)
The word "she" is specifically for a special, unusual, or cherished thing such as a boat or a female; that's why "he" is associated with masculinity, because males are expendable.
The quoted sentence should use "him" and "he".
(Score: 2, Touché) by Anonymous Coward on Wednesday October 11 2017, @01:45PM
Nobody reads the whole summary; there's no way to fix that, either.
(Score: 2, Disagree) by meustrus on Wednesday October 11 2017, @02:56PM (11 children)
It's common in communications like this to alternate genders when the target is ambiguous. It's the more traditionally acceptable alternative to using "them" or invented pronouns like "xe".
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 3, Informative) by Anonymous Coward on Wednesday October 11 2017, @03:16PM (9 children)
No, it is not common and it is certainly not traditional.
Quit telling lies. Default catch-all pronoun in the male one; if you don't want to use that, avoid prounouns and use posessives like "the customer's."
(Score: -1, Troll) by Anonymous Coward on Wednesday October 11 2017, @04:33PM (8 children)
I remember the days when the expected way to do it was "he or she" and "his or her." But that is too wordy, I guess for these new people so they'd rather inconvenience everyone else instead of typing more letters. And that isn't even getting into the whole "gender isn't binary," which I still don't understand. I mean, you need a guy with the proper gonads and equipment and a gal with the proper gonads and equipment to make more guys and gals. Sure there are different ways to express that, but it doesn't change the fact that on a biological level you are one or the other.
(Score: 3, Insightful) by HiThere on Wednesday October 11 2017, @06:56PM (3 children)
That was for a relatively brief period. I think it was common for less than five years. And there was a period when people were inventing pronouns. Which was common for only a short time.
If you're going to be traditional, then "he" is the gender neutral pronoun. If you're less traditional then there are various ways, the most common of which is to avoid pronouns, but occasionally I'll use the plural form when talking about a single entity, if the other approaches seem too clumsy.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by acid andy on Wednesday October 11 2017, @08:16PM (2 children)
The biggest problem I have with it is that it can actually mislead the reader:
I squinted at the shadowy figure, struggling to make out detail in the haze. The figure strode purposefully over to the base of cliff and then he stretched an arm up and began to climb.
This makes it seem to the reader that perhaps I was able to determine the gender of the shadowy figure and that if so, the figure was a male. If "he" is being used in a gender neutral way, then that is false information.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 2) by HiThere on Wednesday October 11 2017, @11:05PM
I'm not claiming that the traditional usage is free of problems. It clearly isn't, and I, for one, try to avoid it. But it *is* the traditional usage.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @12:59AM
The misinterpretation is the reader's (e.g., yours). Unless the author states that it's a man, you shouldn't assume that it is; that assumption is... shall we say... your unconscious, sexist bias—it's clearly a microaggression against the author.
Your whole life, you've misinterpreted the word "he".
(Score: 1, Informative) by Anonymous Coward on Wednesday October 11 2017, @07:07PM
I'm blind, and I think this "color" thing these "sighted" people tell me about is a conspiracy by libtards. I've never experienced sight in my life, so I don't understand it. I think people who claim objects have "color" are mentally ill.
(Sorry. I know we have at least one user without eyesight here. No offense intended. It's just that the sighted users seem to be blind to other things. The gender-blind leading the gender-blind. It's amazing. But I guess having sight isn't an advantage if 99.99% of the world is blind. If you share things you've observed with this sense that 99.99% of other people don't have, you just come across as crazy, especially if your observations don't fit neatly with either "side" in this supposed debate about things that are just fucking plain as daylight. Then, of course, a bunch of SJWs, who are equally blind and completely misapprehending everything they've ever heard about wavelengths and colors, will make a royal fucking mess out of it all.)
(Hmm, I probably could have shorted that up by mentioning blind men and an elephant. However, that metaphor has never sat well with me, because it makes fools of the blind only because it presumes that the blind men are ignorant of elephants. Maybe I'm just overthinking it. What the blind men can't tell you, though, is that the elephant is grey, because colors are an SJW conspiracy, as established above.)
All except for the fact that at the biological level things are messy and you're just flat out wrong. But here I am trying to convince blind people of the color of the sky again.
Maybe that right there is true proof of my insanity.
Keep groping at that elephant. Hope it doesn't stomp you.
(Score: 2) by meustrus on Wednesday October 11 2017, @10:00PM (2 children)
"He" may be the traditional ambiguous pronoun, but it fails to convey that the gender is ambiguous. acid andy posted a good example of when this might be important [soylentnews.org]. In that case, the better pronoun might be "it", but unfortunately that implies a lack of personhood.
In technical documentation, it generally doesn't make any difference to the clarity. But it does make a difference for comfort and identity. The difference is small, but considering that we have a massive shortage of competent women in STEM, it's worth trying to solve even small discomfort.
I would personally avoid pronouns, although that makes it much harder to construct sentences that aren't super awkward. But the alternating-gender strategy is not wholly invented in this one post, and it's not worth getting your knickers in a twist. It's not like a better-qualified male pronoun was passed over for the job.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @09:41AM (1 child)
In any case, this is a good rebuttal [soylentnews.org].
(Score: 2) by meustrus on Thursday October 12 2017, @03:47PM
That's not a rebuttal, it's an assertion [youtube.com]. And I'm not alone in disagreeing that the pronoun "he" can be used without implying the subject is male.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 2) by Phoenix666 on Wednesday October 11 2017, @05:37PM
I thought that was resolved with "shklee [theinfosphere.org]."
Washington DC delenda est.
(Score: 2) by acid andy on Wednesday October 11 2017, @08:08PM (3 children)
Just use they / them already!
It sounds perfectly fine. The meaning is clear and there's no ambiguity over single versus plural because the person has already been introduced at the start of the sentence.
Surely, surely this is infinitely preferable to the awful clumsiness of alternating genders or using "he" or some other made up words?
The amount of time people spend arguing over this seems to suggest that my solution must be absolutely intolerable to a great number of people, otherwise everyone would just STFU and use it. So seriously, what gives?
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: -1, Troll) by Anonymous Coward on Thursday October 12 2017, @12:55AM (2 children)
Sure, [ab]using the plural forms works for everyday, mundane discussions in vernacular, casual speech. However, when precise language is important, such usage totally destroys the ability to convey nuance.
This is the reason that sentences in modern mathematical logic are constructed in terms of individuals rather than groups (unlike the old, tired, limited Aristotelian logical forms). [Ab]using the plural forms not only betrays heuristic failures in the mind and thus poor thinking, but also leads to further poor thinking.
(Score: 2) by acid andy on Thursday October 12 2017, @08:28AM (1 child)
As does [ab]using the masculine form. There may be a historical precedent for its use but that doesn't make it any more logical or unambiguous.
See my example here [soylentnews.org] for the ambiguity.*
Honestly, the only form I can see that would fit your very specific criteria would be "it" (It would have worked well in my shadowy figure example) but don't be surprised if that causes you a few problems when you use it in some contexts in polite society.
*Note though that "base of cliff" should be "base of the cliff".
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @09:38AM
How many times must this be pointed out to you?
If you want to refer to a male explicitly, then use an articled "man": "a man", or "the man".
Of course the word "it" cannot be used; there is a need to speak of non-human things (human language is mainly about expressing the human experience):
He and she did it in from of them.
(Score: 4, Insightful) by Anonymous Coward on Wednesday October 11 2017, @01:51PM
The only purpose of privacy policies it to get around privacy laws by pretending that by not reading the privacy policy users consent.
I have noticed that they share their view on consent with rapists.
(Score: 3, Insightful) by Anonymous Coward on Wednesday October 11 2017, @02:22PM (6 children)
Nobody should read privacy policies because they don't matter whatsoever.
If a service collects personal information then it will be shared. Even when an upstanding business promises not to do nefarious things (and intends to keep their promise) one of two things will inevitably happen:
(Score: 3, Funny) by The Mighty Buzzard on Wednesday October 11 2017, @02:46PM (2 children)
Yes, they do. They let you know which company is trying to screw you and which is willing to give you a reach-around whilst doing so.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @04:14PM (1 child)
FTFY
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @05:19PM
FTFY
(Score: 2) by JoeMerchant on Wednesday October 11 2017, @06:58PM
Actually, the point of the written and agreed upon privacy policy is, in part, so that the successors and assigns of such information as is covered by the policy are also bound by the agreement. This would, in theory, extend to creditors, liquidators, and anyone who comes into possession of the covered information.
In practice: yeah, sure, whatevah, so sue me.
🌻🌻 [google.com]
(Score: 2) by stretch611 on Wednesday October 11 2017, @07:11PM
Not to mention the number of companies that later change their privacy policy after you read it. You may get a blurb saying it changed and that you need to re-read it.
And lets face it, there are plenty of companies that lie and say one thing while doing another. The FTC does go after these companies, but not nearly as often as necessary and their legal action results in a fine, but your data is still out there being shared to everyone willing to pay.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by bob_super on Wednesday October 11 2017, @09:31PM
You forgot the most common: The privacy policy gets "updated" (read: gutted) and the company does what it wants.
In the best of cases, you'll get a notice of the update, which nobody will ever read.
(Score: 3, Interesting) by shrewdsheep on Wednesday October 11 2017, @02:22PM (4 children)
I don't think so. The solution would be to build broad categories analogous to the creative commons set of licenses. The policy categories would define bounds within which the specific policy would fall (IdentityRegistration-NoSharing-LocalLinking-NoCommerce, IdentityRegistration-NoSharing-CrossSiteLinking-ForCommerce (that would be google), ...). I would be willing to accept more policies knowing such a category than I do now. Of course I do not read policies at the moment, I just opt-out as soon as too many questions are asked.
(Score: 1, Interesting) by Anonymous Coward on Wednesday October 11 2017, @02:39PM
Interesting idea. One could even make those definitions machine-readable, so that you could configure your browser to block (or show only after confirmation) sites with policies that you did not mark as always-agreeable.
Maybe a good set of blocks would be:
(Score: 2) by frojack on Wednesday October 11 2017, @05:09PM
Smaller chunks have more problems than can be solved by mere standardization.
ESPECIALLY when they are presented piecemeal.
Small chunks represent something of a sneak attack, slowly boiling the Frog, in for a penny, in for a pound.
You get comfortable using a website or an app. Then they want to some other knowledge, another right to your data, and another usage of your data.
I don't know how many times I've gotten into an website, only to be asked for a email address for no discernible reason.
Just do you draw that line in the sand? Especially if you've paid money for the app. Then they demand to know your location, use your GPS, or want you to key in your email address or something.
The chunks should continue to be presented all at once in a rational order with easily understandable text, and a link to the your open source definitions.
There should be acceptance/denial options for each.
If a denial choice make it impossible to use the app/site or some parts there of, then you should know right then and there which parts won't work.
No, you are mistaken. I've always had this sig.
(Score: 2) by JoeMerchant on Wednesday October 11 2017, @07:01PM
The first principle would be to make it more difficult to operate a business that trades on personal information (which the privacy laws do, slightly.)
Demanding personal information in exchange for things that do not need your personal information to provide is... annoying, intrusive, and there really should be an alternative to providing personal information to get the same product or service.
🌻🌻 [google.com]
(Score: 2) by HiThere on Wednesday October 11 2017, @07:08PM
That's a reasonable approach. Now how do you make it binding and beneficial to the companies using that approach?
This is the real problem. Privacy policies are only slightly binding...bankruptcies get around them. And laws favor impermeable policies...in fact they even favor "visit our website daily, because you are bound by any changes we make to our policies there" notices. Those terms *may* not be actually legally binding, but it would take a lot of time and money with a fancy lawyer to prove that.
As long as "customer information" is seen as a financial good, the current laws will favor companies that collect and sell it. And promises not to sell it aren't all that binding. Almost always there's a notice that says something like "we may share this information with our business partners, and those partners aren't bound by even the pretense of a promise to not sell the data.
So any change to make not sharing the data beneficial to the company would need to be more beneficial to the company than selling the data.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Insightful) by meustrus on Wednesday October 11 2017, @02:52PM (10 children)
It is not in web site owners best interests to make privacy policies more accessible. More accessible, actionable privacy policies would either mean a) some users decide not to participate, or b) some monetization strategies become untenable. The status quo, where users don't ever read the policies and they are legally in the clear, is the best situation for them.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 3, Informative) by The Mighty Buzzard on Wednesday October 11 2017, @03:12PM (9 children)
Depends on the site. We, for instance, try to collect as little as possible information and share that information with nobody (we encrypt the small amount of metadata necessary to know who paid for what that we send with subscription payment requests). It's in our interest that this policy be known.
My rights don't end where your fear begins.
(Score: 1, Touché) by Anonymous Coward on Wednesday October 11 2017, @04:17PM (1 child)
Yeah, but you guys are weird like that... :P
(Score: 2) by The Mighty Buzzard on Wednesday October 11 2017, @04:31PM
You are not even remotely wrong.
My rights don't end where your fear begins.
(Score: 2) by rigrig on Wednesday October 11 2017, @05:54PM (4 children)
Maybe it could be linked to a bit more prominent, like in the footer and from the registration form?
It took me quite a while to find the draft version on the wiki (an obsolete TodoList being the first search result for "privacy policy" [soylentnews.org] didn't help)
Even if it's just a page with
(or even a direct link to the wiki)
No one remembers the singer.
(Score: 2) by The Mighty Buzzard on Wednesday October 11 2017, @07:21PM (3 children)
You do have a point. I'll put it on the to-do list. Damn, that put us over the 100 Issue mark again.
My rights don't end where your fear begins.
(Score: 5, Funny) by bob_super on Wednesday October 11 2017, @09:33PM (2 children)
You had 99 problems, and the Privacy policy accessibility wasn't one?
(Score: 2) by meustrus on Wednesday October 11 2017, @10:18PM
Where's the mod for -1 Groanworthy?
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 0) by Anonymous Coward on Friday October 13 2017, @01:26AM
OVER the 100 issue mark. Since 'issue's are atomic (ie. there's no "1/10th of an issue") that made it 101.
Off by one errors - they matter!
But good joke anyways!
(Score: 2) by number11 on Wednesday October 11 2017, @07:05PM
Yes, but this website is not a very representative of websites in general. For one thing, you Big Soys aren't frantically pushing to monetize the site. You're also probably a bit more aware of the potential downfalls (and, between the libertarians and the lefties, know that we'd pounce if we found anything).
Of the 20 tabs I have open at the moment, there are only 2 others that I even suspect might have a similar philosophy (both are news sites funded by donations and perhaps media syndication fees of their radio and TV programs). But I can't find a privacy policy on either for website visitors (there are policies re donors, where they obviously have to keep a bit more information). I'll give an honorable mention to The Intercept, whose privacy policy, while long, is written in coherent English instead of boilerplate, and points out 18 third parties (including AWS and Cloudflare) that you might be exposed to when you visit.
(Score: 2) by meustrus on Wednesday October 11 2017, @10:06PM
And that's truly commendable! But I'm sure you'll agree that the SoylentNews demographic is unusually concerned with privacy. Unfortunately, with almost any other demographic, the reaction to a user-friendly privacy policy is almost always "meh".
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 4, Insightful) by sjames on Wednesday October 11 2017, @03:38PM
As long as the policy is subject to change after the fact, it is worthless. Especially when the "display department" is as described by Douglas Adams.
(Score: 3, Insightful) by Anonymous Coward on Wednesday October 11 2017, @04:12PM
There's a thing you need to understand: companies want their policies to be impenetrable because they are used to fuck over their users, their products, their partners and everyone else they can fuck over. These things are written by lawyers who always ask the same thing: "how can we constrain the other guy while giving us free reign?" or "you may not want to do X now, but what about tomorrow... you don't know whether you'll want to do that tomorrow. Don't lock yourself out from doing that tomorrow and enshrine this into this policy". They embed things like "and we can change this whenever we feel like it" or "in case of a dispute, someone who works for us will decide on the matter (and in our favor)" for these types of reasons.
There's a very good reason why these policies are always in ALL CAPS because it makes them even less comprehensible.
You've identified a valid problem, but you're going about the wrong way to try to solve it!
Good luck finding companies that actually take your advice and incorporate it into their practices! I'm not holding my breath...
(Score: 2, Insightful) by Anonymous Coward on Wednesday October 11 2017, @04:48PM (4 children)
letmestopyourightthere
Have they ever seen people use a computer? Nobody reads two-word dialog boxes.
Users don't read anything. [joelonsoftware.com]
(Score: 4, Funny) by frojack on Wednesday October 11 2017, @05:17PM (1 child)
TL;DR
No, you are mistaken. I've always had this sig.
(Score: 2) by DeathMonkey on Wednesday October 11 2017, @06:15PM
Both of you are wrong.
Users don't read anything!
(Score: 2) by maxwell demon on Wednesday October 11 2017, @07:12PM (1 child)
OK, then let's make it with images. I mean, the standard policy is "we get everything, you are fucked." I'm sure that can be put into an easy to understand picture. ;-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @10:40PM
It's been done. You'll find the picture over at http://goatse.cx/ [goatse.cx]. The only thing that picture is missing is the sentence "this is what we expect from you when you do business with us"
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @04:56PM
This articles solution won't work. Greed drives companies and the only way to convince them to make a decisions will be if it affects their bottom line.
We would need privacy laws that protect citizen's privacy and are enforced with punishments that kill a companies bottom line. Having national rules instead of per company rules would also make it easier for people to understand (i.e. one or several sets of rules instead of a huge number that can change at any time). Getting this done on a national level would be difficult as the Democratic party is sold out to corporations and the Republican party is sold out and seems to actively hate the majority of the country's citizens. But this would be part of the best solution.
Technical solutions blocking identifying information, like those mentioned in comments above, would be good in any case.
(Score: 2) by crafoo on Wednesday October 11 2017, @05:15PM
Everything you do online is collected, categorized, and associated with your real name. It doesn't matter if you are using public wifi and TOR. It's just a minor speed bump in the automated collection and profile building algorithms. It doesn't matter what the privacy policy is that you clicked through. The information will be sold and abused to make money, cc'ed to the NSA & FBI, and then made available to even the most disinterested, unmotivated hacker bored and trolling around on a Sat. night.
(Score: 2) by NotSanguine on Wednesday October 11 2017, @07:17PM (3 children)
Here's the (sanitized) privacy policy I (IANAL) wrote for a website I created. I think it balances the privacy of users with shielding the website owner(s) from liability:
The above would need to be modified to support different business models, but the basics should be retained:
1. Website will *not* share data with *anyone* without authorization;
2. Website will *not* store personal information on the site;
3. Website will make every effort to secure personal information;
4. Website will not be liable for the release of personal information by others.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @12:55AM (2 children)
Your policy is worthless to the users. Terms can be changed at any time without notice. "specifically authorized" isn't defined nor limited so management can authorize anything regardless of what the rest of the policy says. Who stores data mining data on web servers? You transfer that data onto other servers, your policy doesn't prevent that. You try to disclaim any liability for your own screw ups, so even if you had a good policy you just told everyone you don't have to follow it. Etc... Your policy sucks. Get one reviewed by a lawyer next time.
(Score: 2) by NotSanguine on Thursday October 12 2017, @01:02AM (1 child)
Thank you for your input.
Go ahead and try to sue me. See how well that works, friend.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Thursday October 26 2017, @11:57PM
Exactly, you claimed it balances rights for the user and it doesn't.
(Score: 2) by driven on Wednesday October 11 2017, @08:18PM
Simple shortcut: If the software you are using provides a privacy policy, ask yourself: am I willing to give up my privacy for this software? Weight it against what you're doing and make a decision. Software that doesn't spy doesn't have a privacy policy you need to click through.
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @01:10AM
Not necessary for the specific transaction strangely absent but collect it all is the motto of who now?
(Score: 2) by opinionated_science on Thursday October 12 2017, @09:49AM
that's what I would call it - you hold personal information you are liable - and if you sell it , you are liable. If it is released , you are liable.
Go read about HIPPA, it's why you still fill out paper at your Dr's offices.... but the insurance company happily sell your information to anyone.
If the "equifax" hack shows anything, there is not anywhere enough liability around holding personal information....
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @10:05AM
Many users don't care much, as they are powerless to any of it except maybe not use it. To tip that balance, the users need negotiating power, to e.g. approach an ISP that they don't like the fine print in their standard contract and want it removed.
I can't really think of a solution here, but maybe the next two points may do something:
1. Making the companies responsible for the data they collect. (e.g. if that data is stolen from the company, it should be handled as the company violating the privacy of it's users, with fines in the form of compensation to those users.)
2. Make it illegal for companies to sell personal information without informed consent from the user for each entity they sell the data to. E.g. company has a bunch of data and wants to sell it to corp X, they have to get agreement from all users to sell their data to corp X.