As debates around online privacy gain wider attention globally, so have calls to get privacy policies of companies out of the jargon black box and make them meaningful and comprehensible for users.
Facebook, in a white paper published on 14 June, raises the importance of individuals to be “meaningfully informed” about privacy policies.
According to one study conducted by Stanford University in 2018, it would take the average person 40 minutes a day to read the privacy policies for the services they use.
Facebook’s white paper, ‘Communicating About Privacy: Towards People-Centered and Accountable Design’, observes that the current practices for informing people about how companies use their data, and the laws setting out transparency requirements, “may be insufficient to provide meaningful notice to people.”
Following the massive Cambridge Analytica data and privacy abuse in February 2018, CEO Mark Zuckerberg, who had controversially spoken five days after the incident, had stated, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”
Thorough rebukes from US Congress, sustained public outcries and calls for greater regulation have prompted the Menlo Park-based company to initiate a series of privacy-focused measures including the white paper to help make privacy communication user-friendly and meaningful.
So, what is the way forward?
“If done well, we can empower everyone, regardless of literacy level or familiarity with technology, to make informed choices about how and when to share their data,” Erin, VP Public Policy, and Chief Privacy Officer for Policy wrote in an official company blog.
“People have to be meaningfully informed, in a way that empowers them to make choices about how they participate online and share their data,” the paper states. This would mean that notice has to be relevant to their needs and expectations, understandable, accessible, and simple.
“Despite this, today people are currently informed through documents and websites that might satisfy the law, but can be hard to find, filled with legalese, or simply confusing. Privacy policies are often written by lawyers for other lawyers,” the paper further adds.
In its white paper, Facebook made two observations on how the current practice of communicating privacy information may be insufficient to provide meaningful notice to people
Privacy policies cannot be the only ways that companies communicate with people about their information.
Rather than simply meeting minimum legal standards, companies need to find new ways to both inform and empower people to make privacy choices that are meaningful for them.
The paper goes on to identify three questions for further consideration in collaboration with regulators, policy makers and internet users.
First, How can organisations, regulators, and other stakeholders collaborate on a people-centered approach to the development, testing, and evolution of new ways to communicate about privacy that meet the diverse needs of a global community?
Second, how can laws and regulation better foster the use of people-centered design practices for privacy communication?
Third, how can regulators hold organisations accountable while also enabling them to fully embrace people-centered design for privacy communication?
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)