Layered Policy Design
[Also Known As]
Layered Privacy Policies / Multi-Layered Notices
Context
As the law in various parts of the world requires a number of considerations, policies tend to be long, complex documents which are difficult to understand. The same holds true for privacy, which supplies its own legislative concerns, particularly regarding data protection. The [data] controller in these instances, provides users (data subjects) with services (or products) to which privacy policies apply. These suffer the same detail rich and superfluous content pitfalls as other policies, though are legally required to be available to users in a manner which is both understandable and complete.
Problem
The controller needs to balance comprehension and comprehensiveness in their privacy policies in order to ensure that users choose to inform themselves. If they do not, then processing their information is unlawful.
Forces and Concerns
- Users do not want to read complex and long policies, and most will simply not read them unless they are very concise
- Users still want to understand any important distinctions which might cause them risks they would rather not take
- Controllers want to comply with legal requirements to avoid punitive measures as well as bad publicity
- Controllers also want users to know what they are signing up for when using a service, without being unpleasantly surprised
Solution
Extract the most crucial aspects of the privacy policy, which users are most likely to read, to the foreground. Nest successive detail levels within these components so that users can quickly find information that is relevant to them.
[Implementation]
A short notice may provide a summary of the practices that deal with personal data, highlighting those which may not be evident to the data subject. Then, a longer policy may provide specific information, split into sections, detailing any uses of personal data. And finally, the whole legal text of the privacy policy can be specified.
Consequences
[Helps users] understand what they can expect about their personal data from a data controller (in terms of which data is managed, for which purposes, etc.) Also fosters simplicity, transparency and choice.
However, [multiple] versions of the privacy policies [need to] coexist, which may introduce potential contradictions; in particular, the data controller must ensure that updates are performed in parallel and coherently.
Examples
See examples at Terms of Service Didn't Read. The average user would take 76 work days to read the privacy policies they encounter each year.
[Known Uses]
- An early example of layered privacy policy by TRUSTe and its mobile version, which are discussed in Pinnick, T. Layered Policy Design. TRUSTe Blog, 2011.
- There are several sites that use this pattern nowadays, albeit not always with that name. One example is Banksia Villages, which provides a Simplified Privacy Policy as well as an Extended one.
- It is recommended by British Information's Commissioner Office in its Privacy Notices Code of Practice (p.55)
- This concept is quite similar to the Creative Commons license layers in the field of copyright management.
[Related Patterns]
This pattern complements Awareness Feed, Appropriate Privacy Icons, Icons for Privacy Policies, Privacy Labels, Privacy Color Coding, Abridged Terms and Conditions, Privacy Aware Wording, and Privacy Policy Display.
Like many patterns which inform users, elements of Awareness Feed (like Impactful Information and Feedback) and its methods for establishing awareness go well with accessible policy aspects like this pattern.
Interpretations of privacy policies and their expression in easily understood summaries could be improved with Appropriate Privacy Icons, Icons for Privacy Policies, and Privacy Color Coding. This makes for a more accessible solution with visual cues.
Accessible policies like these go well with Abridged Terms and Conditions, as they complement its need for policy summarization.
Additionally, where this pattern extracts the most crucial aspects of the privacy policies into layers, these layers could be written following Privacy Aware Wording. This improves the accessibility of the layered privacy policy. Similarly, Privacy Policy Display benefits from both of these, in this pattern particularly from its multi-layered approach.
Implicit complementary relationships to this pattern include Dynamic Privacy Policy Display and Policy Matching Display. Both of these exist through their use of Privacy Policy Display.
[Sources]
Pinnick, T. Layered Policy Design. TRUSTe Blog, 2011.
Christoph Boesch, Frank Kargl, Henning Kopp, and Patrick Mosby, “privacypatterns.eu - collecting patterns for better privacy,” 2017. [Online]. Available: https://privacypatterns.eu/#/?limit=6&offset=0. [Accessed: 18-Jul-2017].
Multi-Layered Notices Explained, White Paper, The Center for Information Policy Leadership, Hunton & Williams, http://mddb.apec.org/documents/2005/ECSG/DPM1/05_ecsg_dpm1_003.pdf
Corrections or additions? Contribute on GitHub.