Making Privacy Obvious to Everyone

Privacy and User agreements: We agree to them without a single thought and certainly never ever read them. Let’s start with a quick background. Since the early days of the software industry — like the days when software came in boxes — users were presented with a legal agreement to use software. It is not uncommon for the legal documents to ramble on and on for pages. All you really need to know is there’s a good chance that “you’re on your own” if you use the software.

Fast forward to the internet age. Since virtually every app or service we use today is free, software companies came up with a Privacy Agreement that basically gives them permission to use your data in unprivate ways. Monetizing user data is THE business model of the internet age so as the saying goes, “if the product is free, then you are the product.” Use Facebook, and all that data about you is used by Facebook to sell ads. Same for Google, Twitter, YouTube, and on and on. By the way this extends to “apps” like Amazon where your Shopping Cart contents are widely shared with ad networks.

If people actually realized what was going on with their privacy, they might change their behavior. There are three primary questions users should want answered by these types of agreements:

  1. Can the service provider ever read my data or is it encrypted?
  2. Where is my data stored? On my device, in the cloud, or both?
  3. Does the service provider monetize my data?

Why not come up with a simplified labeling requirement for internet service agreements? This idea could be used for ISPs, your mobile carrier, the apps you use online, and then all the way down to the search engine you use.

Each of three questions have two or three states so it’s a pretty simple iconography problem. Above is a terrible sketch of what I’m thinking. I bet with no other info, you can figure out which one is Facebook and which one is a my Alarm Clock. Put it at the top of the agreement and allow new users to read the entire agreement if they want, but at least they would get the top-level questions answered before they start using the product.

Would this idea make privacy more obvious to the masses? For the longest time if you wanted nutritional information at places like McDonald’s you had to request what was a very large foldout poster of mountains of information. I’m sure it cost McDonald’s a fortune to print and keep these things in stock in thousands of locations. Today, their menu above the counter already includes the key metric you’re mostly likely wanting to know: calories. And yes, that info has changed my behavior. I don’t get to McDonald’s often, but it’s a real drag that my favorites are obviously the worse for me as well.

Legislation might be required to get providers to make this change. I’m okay with that. Users have a right to know, and I also believe vendors have the responsibility to transparently disclose how they use my data. It was my data in the first place.