News Reader.info

We need a simple system for categorising data privacy settings, similar to the way Creative Commons specifies how work can be legally shared. Shutterstock Here’s what a privacy policy that’s

easy to understand could look like Publié: 7 juin 2018, 06:34 CEST Alexander Krumpholz, Raj Gaire, CSIRO Auteurs Alexander Krumpholz Senior Experimental Scientist, CSIRO

Raj Gaire Senior Experimental Scientist, CSIRO

Les auteurs ne travaillent pas, ne conseillent pas, ne possèdent pas de parts, ne reçoivent pas de fonds d'une organisation qui pourrait tirer profit de cet article, et n'ont déclaré aucune

autre affiliation que leur organisme de recherche.

Partenaires

CSIRO apporte des fonds en tant que membre fondateur de The Conversation AU.

Voir les partenaires de The Conversation France

https://theconversation.com/heres-what-a-privacy-policy-thats-easy-to-understand-could-look-like-97251 Lien copié Partager

Data privacy awareness has recently gained momentum, thanks in part to the Cambridge Analytica data breach and the introduction of the European Union’s General Data Protection Regulation

(GDPR).

One of the key elements of the GDPR is that it requires companies to simplify their privacy related terms and conditions (T&Cs) so that they are understandable to the general public. As a

result, companies have been rapidly updating their terms and conditions (T&Cs), and notifying their existing users.

À lire aussi : Why your app is updating its privacy settings and how this will affect businesses

On one hand, these new T&Cs are now simplified legal documents. On the other hand, they are still too long. Unfortunately, most of us have still skipped reading those documents and simply

clicked “accept”.

Wouldn’t it be nice if we could specify our general privacy preferences in our devices, have them check privacy policies when we sign up for apps, and warn us if the agreements overstep?

This dream is achievable.

For decades, software was sold or licensed with Licence Agreements that were several pages long, written by lawyers and hard to understand. Later, software came with standardised licences,

such as the GNU General Public Licence, Berkeley Software Distribution, or The Apache License. Those licences define users’ rights in different use cases and protect the provider from

liabilities.

However, they were still hard to understand.

With the foundation of Creative Commons (CC) in 2001, a simplified licence was developed that reduced complex legal copyright agreements to a small set of copyright classes.

These licences are represented by small icons and short acronyms, and can be used for images, music, text and software. This helps creative users to immediately recognise how – or whether –

they can use the licensed content in their own work.

À lire aussi : Explainer: Creative Commons

Imagine you have taken a photo and want to share it with others for non-commercial purposes only, such as to illustrate a story on a not-for-profit news website. You could licence your photo

as CC BY-NC when uploading it to Flickr. In Creative Commons terms, the abbreviation BY (for attribution) requires the user to cite the owner and NC (non-commercial) restricts the use to

non-commercial applications.

Internet search engines will index these attributes with the files. So, if I search for photos explicitly licensed with those restrictions, via Google for example, I will find your photo.

This is possible because even the computers can understand these licences.

Similar to Creative Commons licences under which creative content is given to others, we need Privacy Commons by which companies can inform users how they will use their data.

The Privacy Commons need to be legally binding, simple for people to understand and simple for computers to understand. Here are our suggestions for what a Privacy Commons might look like.

We propose that the Privacy Commons classifications cover at least three dimensions of private data: collection, protection, and spread.

This dimension is to specify what level of personal information is collected from the user, and is therefore at risk. For example, name, email, phone number, address, date of birth,

biometrics (including photos), relationships, networks, personal preferences, and political opinions. The could be categorised at different levels of sensitivities.

protected?

This dimension specifies:

encryptedhow long the data is kept for – days, months, years or permanentlyhow the access to your data controlled within the organisation – this indicates the protection of your data against

potentially malicious actors like hackers.How is your data spread?

In other words, who is your data shared with? This dimension tells you whether or not the data is shared with third parties. If the data is shared, will it be de-identified appropriately? Is

it shared for research purposes, or sold for commercial purposes? Are there any further controls in place after the data is shared? Will it be deleted by the third party when the user

deletes it at the primary organisation?

À lire aussi : 94% of Australians do not read all privacy policies that apply to them – and that’s rational behaviour

Privacy Commons will help companies think about user privacy before offering services. It will also help solve the problem of communication about privacy in the same way that Creative

Commons is solving the problems of licensing for humans and computers. Similar ideas have been discussed in the past, such as Mozilla. We need to revisit those thoughts in the contemporary

context of the GDPR.

Such a system would allow you to specify Privacy Commons settings in the configuration of your children’s devices, so that only appropriate apps can be installed. Privacy Commons could also

be applied to inform you about the use of your data gathered for other purposes like loyalty rewards cards, such as FlyBuys.

Of course, Privacy Commons will not solve everything.

For example, it will still be a challenge to address concerns about third party personal data brokers like Acxiom or Oracle collecting, linking and selling our data without most of us even

knowing.

But at least it will be a step in the right direction.

Privacy Creative Commons Data privacy terms and conditions GDPR