BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

UK And Germany Double Down On Joint AI, Clean Energy R&D Efforts
Decarbonizing Heavy Transportation: Quantron's Michael Perschke On Pioneering Hydrogen Solutions
Bridging The Digital Divide In The AI Era - The UNDP Way
Big Tech Ramps Up Content Moderation Amid EU Pressure
Spain's Successful Miura 1 Launch Reignites Europe's Hopes For Space Exploration
UNESCO And The Netherlands Launch Initiative To Ensure Ethical Oversight Of AI
Edit Story
Tech

Is It Time For Privacy Nutrition Labels?

Kashmir Hill
Former Staff
Welcome to The Not-So Private Parts where technology & privacy collide
This article is more than 10 years old.

Policymakers in D.C. have been very public about  online privacy being on the legislative agenda this year. Last week, the Senate held a hearing on online privacy where Sen. John Kerry, among others, lamented the state of privacy on the Web. The discussion at the hearing focused on Do-Not-Track, a privacy "bill of rights", and the problem of privacy policies that are too dense and usually go unread.

Regarding that last topic, Lawrence Stricking of the Department of Commerce testified: "These lengthy, dense, and legalistic documents do not appear to be effective in informing consumers of their online privacy choices. Surveys show that most Americans incorrectly believe that a website that has an online privacy policy is prohibited from selling personal information it collects from customers."

A group at Carnegie Mellon has  suggested an innovative way to address the problem of long, privacy policies that no one reads -- replacing them with a standardized, "nutrition facts"-type label. The team worked up a standardized label in a paper published in 2010, using the fictional "Acme Corporation" as its example. Here's the label that Wile E. Coyote would see on Acme's website were he to order his TNT online:

This isn't the first discussion of a simpler approach to privacy policies. Mozilla has endorsed an icon system for websites to use to convey the type of data they collect and how they use it. But the Carnegie Mellon researchers have a study to back up the effectiveness of their label. In a 2009 study involving 700 participants, the research team found that people demonstrated a better grasp of a company's treatment of their data based on a "privacy label" than a text version of a privacy policy -- answering a greater number of 15 questions correctly after reviewing the policies in different formats.

Of course, privacy is not as simple and quantifiable as nutrition facts. Saying how many calories and how much sugar is in a pack of Oreos is easier to convey than how and why a company is placing cookies on your computer.

"The quantifying is not actually that challenging," says one of the Carnegie Mellon researchers, Lorrie Cranor. "The question is, 'Is the company doing it or not?' As a consumer, I just want to know, 'Are you sharing my data or not?'"

Privacy nutrition labels are on the feds' radar. The FTC footnoted the approach in its 122-page paper on online privacy this winter.

One of the biggest problems with online privacy is that much of the data collection and trading has, until now, been fairly opaque. People simply didn't know to what extent they were exposed through their online activity. That's changing now, thanks to academic, media and public interest in online data markets. Having privacy policies that people can glance at to understand might be another way to solve the problem of mystification about online privacy.

Of course, nutrition labels on food don't necessarily seem to have actually helped us eat healthier (judging from obesity statistics in the U.S.). Would privacy labels make people any more careful about their website consumption?

* Two versions of the privacy policy "nutrition label" from the researchers' paper, "Standardizing Privacy Notices:An Online Study of the Nutrition Label Approach."

Kashmir Hill
Kashmir Hill