Policy Matching Display
[Also Known As]
Personalized Policy Matching Display
Context
Controllers have policies written in a manner appropriate for legal evaluation, as it is the legal compliance which warrants them in the first place. Users tend to not be able to comprehend such language, and do not typically care to spend the time and effort required to parse it. However, much of the content in these policies is consistent throughout the services they use.
Users value using a service (or product) without having to go through repetitive and verbose policy detail. However, these users must still understand the policies which apply to them in order to not be blindsided. Controllers need to avoid this as keeping users happy is integral to a sustainable business model.
Problem
Users may get overwhelmed by the complexity of policies impacting privacy when using a service, compromising the validity of their informed consent.
Forces and Concerns
- Users do not want to have to read privacy policies, but do want to know about relevant and important distinctions from their personal preferences
- Controllers need to have policies which are tailored to legal compliance, but also need users to understand risks and responsibilities
- Users may not like the default values chosen by controllers for application settings, even if those defaults are privacy friendly
- Controllers would like users to use a service immediately, with as little in the way and as little potentially discouraging as possible
Solution
Retrieve user policy preferences and use these to highlight contradictions with the privacy policy. Where possible, configure application settings to the values which best adhere to these preferences.
[Implementation]
User policy preferences may be collected and managed by a controller, exposed by their user agent, or at a well-known URI. They may be highlighted through an overlay of elements or handled in-line where context plays an important role. In either case these notifications should not encourage users to apply settings which do not match their preferences in order to remove them.
On the other hand, if the notification is not noticeable, the user may overlook an important policy distinction. Notifications which are persistent or ubiquitous may quickly desensitize users, and should also be used with care.
Consequences
Allows users to provide a consistent privacy threshold while reducing cognitive workload as they use services.
[Constraints]
Expressing and comparing the policies requires a consistent machine-readable format. There however numerous approaches to this. The Platform for Privacy Preferences pattern addresses this through eXtensible Markup Language.
[Known Uses]
- For an academic discussion, see Graf, C., Wolkerstorfer, P., Geven, A., & Tscheligi, M. (2010, November). A pattern collection for privacy enhancing technology. In PATTERNS 2010, The Second International Conferences on Pervasive Patterns and Applications (pp. 72-77).
- For a discussion of privacy languages see Kumaraguru, P., Cranor, L., Lobo, J., & Calo, S. (2007, July). A survey of privacy policy languages In SOUPS'07: Proceedings of the 3rd Symposium on Usable Privacy and Security. and Becker, M. Y., Malkis, A., & Bussard, L. (2010).
- A related, classic initiative was W3C's The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, however, the matching was performed at the client's side.
- A more recent example is available at S4P: A generic language for specifying privacy preferences and policies. Microsoft Research.
- ... and Sacco, O., & Passant, A. (2011, March). A Privacy Preference Ontology (PPO) for Linked Data. In LDOW.
[Related Patterns]
This pattern may use Privacy Policy Display. While the display aims to show policy information this pattern may highlight privacy preference mismatches therein, providing more valuable information for the user.
It may also be used by Platform for Privacy Preferences. It is a fundamental part of the implementation of the latter, which adds useful improvements and overlaps this pattern's context and problem.
This pattern complements Trust Evaluation of Services Sides, Dynamic Privacy Policy Display.
Between this pattern and Trust Evaluation of Services Sides, both patterns may work together to provide the user with information toward building trust in a controller. This will be based on both preferences matching and means for demonstrating trustworthiness.
With Dynamic Privacy Policy Display, however, these patterns may provide mismatches within or through the standardization and 'tooltips'.
Implicitly, through Trust Evaluation of Services Sides, this pattern also complements the visual cue patterns. This includes Icons for Privacy Policies, Appropriate Privacy Icons, and Privacy Color Coding.
[Sources]
S. Fischer-Hübner, C. Köffel, J.-S. Pettersson, P. Wolkerstorfer, C. Graf, L. E. Holtz, U. König, H. Hedbom, and B. Kellermann, “HCI Pattern Collection - Version 2,” 2010.
C. Graf, P. Wolkerstorfer, A. Geven, and M. Tscheligi, “A Pattern Collection for Privacy Enhancing Technology,” The Second International Conferences of Pervasive Patterns and Applications (Patterns 2010), vol. 2, no. 1, pp. 72–77, 2010.
Corrections or additions? Contribute on GitHub.