- Privacy policies are unclear. They are written in legalese that laypersons can’t understand.
- Privacy Policies are unreasonable. Because people don’t read them and because “users” have no alternatives, companies are free to retain the right to do whatever they want with your information
In response to these issues, a few things have been proposed. There were two parallel but different approaches that each involved what I think of as a Creative Commons-like model (It’s worth noting as well that Ryan had another fascinating idea involving incorporating human avatars into interfaces, about which he has a blog post). Essentially, the two ideas, as i recall them, broke down thus:
- The user could brand her content with the privacy options that she wants, with some sort of badge.
The former seems more difficult to successfully implement—you would need all participating services to comply. I’m more interested in the latter proposal, mostly because it seems so elegant in its simplicity. I’m imagining shamelessly copying some aspects of Creative Commons licenses:
- Three-tiered views: lawyer-readable legalese, human-readable plain english (in simple, bullet-pointed terms), and machine readable metadata (RDFa or something).
- Standardization: all privacy policies generated from a set of more-or-less on/off switches, like CC’s commercial/noncommercial, remix/no-derivs, copyleft/noncopyleft.
The readability issue with privacy policies is solved by the the human-readable code. The unreasonability and non-negotiability of these privacy policies is also helped, but less directly.
P3P is a (now defunct?) project that i really ought to research further, but basically seems to be exactly what i’m discussing here. It might include the necessary standards that I just mentioned.
If P3P is now defunct, why did it fail? As I recall from our conversation that friday, the answer was “nobody implemented it.” I’d like to close with this thought: perhaps we are at a unique moment where P3P or something similar is about to have many great opportunities to be adopted, if the right people talk about it soon. Let me explain.
During my last week in San Francisco, I saw Evan Prodromou of identi.ca and autonomous, as well as my boss Nathan Yergler and Google’s Chris DiBona, speak at CC Salon SF. Evan talked specifically about Free Network Services, and one thing that he said that really struck me with its blunt simplicity was that we need to basically clone all networking websites … twitter, facebook, dopplr, digg, last.fm … everything. Before you accuse Evan of trivializing the development of Free Software, I should note that he also said that we could make this process fun and improve on these services in ways beyond simply making them free. Indeed, the project is already under way, with sites like identi.ca and libre.fm already picking up steam, and mumblings about many others floating around.
My point is that if we’re going to be rebuilding the social web right now—and we are—then we ought to make sure that it ships with a “solution” to privacy. We need to make discussions about a P3P-like system part of our discussions about Free Network Services.