What Privacy is about

The problem with privacy policies today is that those boring documents are written by as boring lawyers, whose best parturition is a bunch of words no one reads. Lawyers don’t understand usability, lawyers don’t understand the web itself. How can they sit on the footer of almost every website in the world?

The problem with privacy policies (and TOS too) is that they are far beyond other components of a website, they never had innovation, they are felt like a legal requirement no one seriously cares of.
Since we are in the sharing era, people are concerned about privacy everyday more. When I report that people care about privacy, you probably label me as a privacy fanatic, but let me explain well how I perceive the situation.

Privacy is not about which kind of data is shared, who takes this data, who even sells.
Privacy is instead about two things:

  • Information
  • Control

People don’t want to stop sharing, most internet users are sincerely willing to make their life public, myself included.
This is part of the human nature, writers and artists in past centuries (and more recently) sacrificed their own life to sharing, by writing books, producing movies or carving sculptures. Marcel Proust died young and sick, but happy, because his life was immortalized by those seven books of  À la recherche du temps perdu. The young Thomas Mann became famous thanks to the Buddenbrooks, an absolute masterwork where he discloses everything about his family (and the whole city Lubeck), making every secret naked, showing all the dirty laundry.

What’s amazing of this sharing era is that every internet user can be a little Thomas Mann, or a young Marcel Proust. And I’m not jabbering of a world made of writers. Today, any of us have an incredible capability of sharing, straight into the hands. Thomas Mann and Marcel Proust are two in history, we could even make the effort of listing a bunch of others, but today we are talking about millions of people sharing themselves to a wide audience, potentially every internet user in the world.

Humanity never experienced something like this. It’s completely new, it brings new challenges, but it won’t stop.

Let’s get back to what Privacy is truly about: information and control. They are like titans holding the sky on their shoulders, and Privacy is like Atlas for an ancient Greek.
What people really want is to feel safe in terms of knowing what personal information they are sharing, and of course who can see that piece of their personal life. Moreover, people want to keep control of all this sharing activity, always preserving an ultimate capability of choice.

What’s incredibly sad is that the pivot around which Privacy moves, the way we get knowledge about information and control, is the Privacy Policy.
The problem with Privacy Policies is that they must be rethought from the beginning, the way we write and read privacy policies need a radical revolution.


A new generation of Privacy Policies

State of the art

Today, Privacy Policies are broken, and I’m not the first to realize this state of things. Before even trying to understand what a Privacy Policy had to tell, I needed to study what other clever guys wrote and thought before my humble person.

Among the many attempts to simplify and rethink the privacy policy, I chose three examples.

The first one is the Privacy Nutrition Label model.

The problem here is that this table is too long to read and understand, and the final result is really complicated. This is made for privacy fanatics, not for the mass.

The second one is the Aza Raskin’s proposal of Privacy Icons.

These icons represent a huge step forward, but they also leave many holes. They don’t help you with privacy policy core, they add information (surely useful) without reaching the heart of the problem: informing users about the personal data collected, the parties involved, the uses of the data. They are too similar to Creative Commons and they get inspired by a model which doesn’t truly fit.
The effort is sincerely good, but the result is not complete and lacks the base information. Anyway, Aza gave a great contribution, thanks for that 🙂

The third one is my favorite. How unusual is that it has to come from the company that constantly receives the worse complaints about Privacy?! This company is Facebook, and my opinion is that Facebook (along with Google and Twitter), is driving innovation not only in making the world more connected, but also in the privacy field.
This is quite strange to assume, but the effort made by Facebook for sustaining intensive sharing features acts as an innovation driver in how privacy is communicated and managed.
The apex of this effort is the apps’ authorization popup:

All in all, this is a real privacy policy, completely different than how privacy policies usually look like. The result is awesome, you look at it and what matters for you is there, catchable at a glance. If you ask to real people if they read privacy policies, they obviously say no (why should they read such a boring piece of text?!). If you ask people if they read the FB authorization popup, the response is different: people read it, and make choices based on the sharing features. Information and Control are preserved.

Moving on: a new privacy policy model

Assumed that the Facebook apps’ popup is probably the best example of privacy policy out there, with the plus that users are already familiar with it, I started thinking how the privacy policy for the average website had to look like. Since we can’t forget it’s a document required by law, there were some requirements I had to meet in terms of information the privacy policy needs to provide:

  • A privacy policy must inform the users about the personal data collected. Examples of personal data are Cookies, IP Address, Email, First and Last name. Depending on the Country, the requirement can be weaker, but generalizing a bit is needed in order to reach an international level of discussion.
  • A privacy policy must contain the uses of the data. Do you use cookies for tracking my visits? Do you collect emails for a newsletter?
  • A privacy policy has to list the parties involved. Which third-party companies are involved? Google, Facebook, Twitter and so on.

These requirements are met by any existent privacy policy, including lawyers’ one. But to be something really breakthrough, a new generation of privacy policies needs to be:

  • Short (no legalese broth, please)
  • Readable at a glance (summarization and icons)
  • Preferably opened as a popup/lightbox
  • Accessible
  • Standardized (privacy policies need follow a pattern, so that users easily recognize the key elements)
  • Written in plain language (no legaleeeese!)>/li>
  • Legally compliant (of course)

The new generation of Privacy Policies

Now you may ask: after all this thinking, did you build a hell of mockup?
I did! And it follows…

Full size here.

This privacy policy strongly relies on the mentioned Facebook’s model, and this all is brought to the mass thanks to iubenda, the privacy policy generator that we develop. It’s also supposed to open as a popup/lightbox, just like Facebook does (and like our users request).

There are some further principles I followed here:

  • Use as less text as possible
  • Hide long lists
  • Group, group and group
  • Meaningful icons (those on the mockups are just placeholders, of course)

The rest is quite self-explaining, and I want to hear from you if it’s also meaningful and useful.

From the model to the mass

Since the main reason why any standardization model fails is adoption, thanks to our service the risk of falling into this problem is drastically reduced.

This privacy policy model is still a draft, and we are working with the amazing Jonno Riekwel for translating it from useful to beautiful.

Since it’s still a draft, your feedback is welcome 🙂


Vungle and Millennialmedia Privacy PoliciesTwitter Lead Generation Cards Privacy PolicyFree Privacy Policy

About Us

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app
www.iubenda.com

Generate a privacy policy now

Ready in a few steps and built to meet the needs of both website and mobile app owners

Generate your privacy policy now
RSS FEED

Sometimes the best choice is to "just give it a try"

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate your privacy policy now