Categories: informexplain

Privacy Aware Wording

Contents

Context

Users are exposed to many privacy policies and notifications which seek to inform them of various issues. The controllers who provide these explanations require that users fully understand the circumstances around the use of their data. Specifically, the purposes for which and means by which their personal data is collected or otherwise processed. There is much information however, and so users are likely to overlook important details.

Problem

Information the controller conveys to the user is frequently overlooked due to length and complexity of both the content and the vocabulary within, which compromises validity of consent.

Users should clearly understand the content of and terms used within privacy and security software. The terms are usually formulated on an expert-basis and therefore often difficult to understand for the average user.

Forces and Concerns

  • Users do not want to read complex and long policies
  • Users still want to understand what risks they might be taking with their data by using the service (or product)
  • Controllers want to ensure that users understand risks
  • Controllers need consent given by users to be informed

Solution

Construct privacy related information using easily parsed and low difficultly vocabulary, with short concise sentences and enough flow to persuade the user to process it.

[Implementation]

Users should not need to be familiar with the subject matter. They should also not be given unnecessary detail at the highest level of abstraction. Consider combining techniques from other patterns such as Layered Policy Design.

Before using the terms one should be sure that they are clear and understandable for the target-users. Therefore it is recommended to either refer to standardized terms [or] to conduct user tests on the understandability of [utilized] terms and phrases. These tests do not have to be extensive. Asking only few representative users from the target-group about their understanding of the terms should suffice.

Examples

Referring to the user as the data subject or otherwise introducing terms to the user may reduce reading comprehension. Instead of focusing on legally accurate terms, the information should make sense to the user. It should not be provide a false interpretation, however. The PrimeLife example features a mock corporation which summarises information according to 'what', 'how', and 'who'.

Privacy Aware Wording Example

This pattern complements Awareness Feed, Appropriate Privacy Icons, Icons for Privacy Policies, Privacy Labels, Privacy Color Coding, Abridged Terms and Conditions, Privacy Policy Display, Layered Policy Design, and Privacy-Aware Network Client.

Like many patterns which inform users, elements of Awareness Feed (like Impactful Information and Feedback) and its methods for establishing awareness go well with accessible policy aspects like this pattern.

Interpretations of privacy policies and their expression in easily understood summaries could be improved with Appropriate Privacy Icons, Icons for Privacy Policies and Privacy Color Coding. This makes for a more accessible solution with visual cues.

Accessible policies like these go well with Abridged Terms and Conditions, as they complement its need for policy summarization.

Privacy Aware Wording can be used alongside Privacy Policy Display and Layered Policy Design to provide more accessible wording in the resulting layered privacy policy or display. Similarly, Privacy-Aware Network Client benefits from such attention to accessibility in its easily readable format.

Implicit complementary relationships to this pattern include Dynamic Privacy Policy Display and Policy Matching Display. Both of these exist through their use of Privacy Policy Display.

[Sources]

S. Fischer-Hübner, C. Köffel, J.-S. Pettersson, P. Wolkerstorfer, C. Graf, L. E. Holtz, U. König, H. Hedbom, and B. Kellermann, “HCI Pattern Collection - Version 2,” 2010.

C. Graf, P. Wolkerstorfer, A. Geven, and M. Tscheligi, “A Pattern Collection for Privacy Enhancing Technology,” The Second International Conferences of Pervasive Patterns and Applications, vol. 2, no. 1, pp. 72–77, 2010.