Categories: privacy-policyinformexplain

Privacy icons

Summary

A privacy policy which is hard to understand by general audience is summarized and translated into commonly agreed visual icons. A privacy icon is worth a thousand-word policy.

Context

This pattern can be applied to any system which collects end user data. It can be presented in an interactive web page but also as part of a physical product which can collect data (e.g. fitness tracker)

Problem

Many organizations provide privacy policies which are too lengthy and hard to understand by the general audience. These policies are oriented as legal disclaimers for legal issues, rather than to inform end users so they can consent to the organization practices after being clearly informed of the collected data, its purpose, and the processing and potential sharing with third parties.

Solution

Include within the service/device a very accessible and visual explanation of the privacy policy. Icons are a great complement to written text, as they may convey much information at a glance through a different modality (images). Standardized icon sets may thus be added to the privacy policy.

Truly inform customers of the privacy policy of a system/organization

Consequences

Users may understand, at first glance, what are the potential risks of consenting of a privacy policy. In order to be useful, the icons must be well known and understood by the majority of the potential users before being used. A common meaning of the icon needs to be shared by the community. Educational material can be built upon the implications of each of these icons.

Examples

Alice buys a fitness tracker and she is aware that the device collects her location, and sends it to a central web service in order to provide her with her fitness statistics (her fitness routes, the time spent...). The device provider aggregates this data and provides a business analytics service to third parties.

Alice is totally unaware of this secondary use of her data and may not agree to it. But accessing this policy involves accessing a website and going through a lengthy and legally oriented document.

[Known Uses]

  • The current version of the forthcoming EU Data Protection Regulation includes a set of privacy icons that should be used within European services and organizations
  • https://disconnect.me/icons
  • https://wiki.mozilla.org/Privacy_Icons
  • http://yale.edu/self/psindex.html
  • http://www.privacybird.org/
  • https://netzpolitik.org/2007/iconset-fuer-datenschutzerklaerungen/
  • http://knowprivacy.org/policies_methodology.html
  • http://www.privicons.org/
  • The EU-funded PrimeLife project also proposed a set of privacy icons: Holtz, L. E., Zwingelberg, H., & Hansen, M. (2011). Privacy policy icons (http://link.springer.com/chapter/10.1007%2F978-3-642-20317-6_15) In Privacy and Identity Management for Life (pp. 279-285). Springer Berlin Heidelberg and Holtz, L. E., Nocun, K., & Hansen, M. (2011). Towards displaying privacy information with icons. In Privacy and Identity Management for Life (pp. 338-348). Springer Berlin Heidelberg.
  • The Use of Privacy Icons and Standard Contract Terms for Generating Consumer Trust and Confidence in Digital Services CREATe Working Paper 2014/15 (October 2014)

Currently, most of these are only applied by client-side solutions.

See also the Privacy Icons entry at Ideas for a Better Internet (kind of a pattern repository by the Berkman Center for Internet and Society in Harvard).