by Johanna Gunawan, Privacy Intern
Introduction
In our previous blog post in the Vendor Education Series, we briefly discussed why transparency is critical for building consumer trust. Transparency is integral to the Common Sense Privacy Program because it provides an avenue for people to understand a vendor’s data practices; without transparency, people have no way of knowing what a company is doing with their data. A vendor may have great intentions but a user will never know without clear explanations of its privacy and data practices.
Why Does Common Sense Prioritize Transparency in a Privacy Policy?
The privacy policy is a user’s best resource for learning about a vendor’s data practices -- people aren’t typically privy to the internal and technical practices a vendor uses. Because the privacy policy is their first line of defense and first source of clarifying information, it is imperative that the policy be easy to understand and transparent. Our privacy evaluations use transparency as the first step towards understanding a vendor’s data practices. Before considering how protective or permissive a vendor’s practices are, we need to have a sense of what they are in the first place.
Why is transparency such an important trait? When people have less information, it is more difficult to make decisions, let alone decisions that benefit them. Take a nutrition label, for example -- a label that only outlines total calorie count provides some information, but people with dietary needs or restrictions will struggle to understand whether or not the food is safe for them to eat. More information is needed, like ingredient lists and nutrient distribution. The same is true for privacy policies. The more information provided by a vendor, the more transparent the vendor’s policy is, the more the policy allows for robust decision-making.
People also vary in their privacy needs and wants, much like dietary needs differ between individuals. Informed individuals and parents can make higher-quality judgement calls about what software and services they use. Audiences of all types have different sensitivities and privacy wishlists. Providing as much information as possible up front facilitates choice and allows people to compare products that best suit their needs.
How Common Sense Privacy Does Privacy Evaluations
The Privacy Evaluation questions are derived from legal requirements and user expectations of privacy, as well as existing industry best practices in security, technology, and privacy. Each evaluation is conducted based on a series of questions, and results in a privacy rating and overall evaluation score to help parents and users understand how an app or website performs against our privacy standards.
These evaluation questions serve as the core of the Policy Annotator Tool. Our evaluators use the Policy Annotator to explicitly reference text within vendor privacy policies and terms of use in response to the questions. The annotations allow both Common Sense Media and vendors to understand exactly which lines in a policy contributed to an evaluation question’s response. Vendors can contact the Common Sense Privacy Program at [email protected] for more information about their privacy evaluation, rating, and score.
After answering each question and annotating each policy, our reviewers provide a brief, easy-to-read summary of the product’s evaluation. These summaries provide an overview of the app or website’s purpose, as well as high-level notes on the website’s safety, privacy, and security practices, and compliance with data protection regulations.
Understanding the Privacy Evaluation Questions and Scores
All Common Sense Media Privacy Evaluation Questions address transparency, and many include an additional qualitative component. The transparency component asks whether a piece of information is provided at all, and the qualitative component corresponds to the nature of that information.
One question used for both Basic and Full Evaluations is: “Do the policies clearly indicate whether or not the product is intended to be used by children under the age of 13?” "Whether or not" questions like these may have a follow-up question. In this case, the follow-up qualitative question removes the "whether or not" portion and asks "Do the policies indicate the product is intended to be used by children under the age of 13?"
Consider a fictional math game website that targets elementary school-aged children and says in its privacy policy that the intended audience of its site is children under 13. Common Sense Privacy considers this a "yes" to both the transparency and qualitative parts of the question above: the policy "clearly indicates" (transparency) that the "product IS intended for use by children under 13" (qualitative answer to the question). Conversely, consider a discussion forum app for reviewing PG-13 films that says in its privacy policy that children under the age of 13 are not permitted to use the site, or are otherwise restricted from entering the site. The app would receive a "yes" to the transparency question, but a "no" for the qualitative piece. This is because the app’s vendor transparently disclosed their policy, and their policy states that the product is NOT intended for use by children under 13. A vendor that fails to disclose intentions of use for under-13s will receive a "no" to the transparency question. An example of this kind of policy would be one that labels all consumer parties as "users," without any reference to users who might be under the age of 13.
Both the transparency and qualitative components contribute to a vendor’s overall Privacy Evaluation Score. Policies that are transparent, but disclose privacy-eroding practices, receive half credit on these questions. Common Sense Privacy values both transparency and best privacy practices, but we consider transparency so integral that being transparent despite participating in weak privacy practices still has some value in our evaluations. Transparency leads to more informed decision making regardless of what a product’s practices are.
Why is Transparency So Difficult to Achieve? Multiple Influences on an End Product
Transparency is, in practice, difficult to achieve as it requires a delicate balance between multiple (and often competing) objectives and the interests of different stakeholders. There are several ways to achieve transparency, but vendors must weigh the benefits and costs to each method.
What is at stake?
Detail: Brevity, for one; educators, parents, and IT professionals do not have time to read every vendor’s privacy policy with dozens of pages each. Transparency can be achieved by writing up every data practice in extreme detail, but such a privacy policy would be difficult to read due to length and complexity. The longer the policy is, the less likely the user might be to read it, resulting in the unfortunate outcome of less education rather than more. It is not easy to find the perfect balance between efficiency, simplicity, and accuracy.
Risk: Legal risk is also at stake; over- or under-disclosure can have other legal consequences for a vendor. Companies may be advised to be as vague and non-transparent as possible in their policies to avoid promising protective practices to users that they cannot deliver. A company may wind up being well protected legally, but have fewer customers as a result, because users shy away from privacy policies that offer very few assurances.
Change: Innovation and technological change also influence transparency -- technology moves fast and staying relevant often requires keeping up with the curve, but determining how to account for innovation within a privacy policy can be challenging. The Common Sense Privacy Program measures how vendors change their policies, and how they notify users and give users the opportunity to consent to the changes.
Global: Vendors also have to consider the diversity within their product offerings and user base. People in different countries, states, and contexts may interpret transparency in different ways, and have varying standards for what counts as "transparent." A single vendor may also offer products across a range of features, and a privacy policy for the vendor has to take into account the multiple ways data flows in, out, and between their systems. Covering all these bases requires additional disclosure, which can quickly become overwhelming in effort and length.
Sales: In some cases, best-effort transparency can deter the target audience if they see those disclosed practices in a negative light. For example, vendors who sell and collect information may provide detailed information about their practices up front, which may result in a discerning user choosing to work with a different vendor’s product. This complicates the motivations for transparency for a vendor but does not diminish the importance of being up front with users regarding data practices.
How to Be More Transparent
Though difficult, it is incredibly important to continue trying to improve transparency within these policies. This is a long-term effort; as technology progresses in complexity and capability, there will always be new opportunities to inform users.
Communication: Improvements can and should come from a variety of sources -- "being more transparent" isn’t something that is only achieved by rewriting a policy, though that is part of it. One step is to improve communication and documentation between teams in an organization, especially between groups that develop software or interfaces and those that write the policy. Centralizing this information internally and standardizing practices across different development teams helps avoid confusion later on. This communication also contributes to policies that are easily understood not only by users, but also by internal and external stakeholders.
Assessment: A more direct way to improve transparency, and additionally Privacy Evaluation transparency scores, is to read through the Evaluation Questions and understand what we look for. The list of questions provides more information on what disclosures we seek when performing evaluations, as well as the relevant data protection laws that correspond to each question. The “Indicator” for each question provides the simplest explanation of what a privacy policy should include for that question.
Quality: Where possible, the policy should be more explicit about what the product or service does, and aim to use words that reflect the language of the laws in question. For example, our evaluations include the question "Do the policies clearly indicate whether or not the product is intended to be used by students in preschool or K-12?" A vaguer, less transparent indication would say that the product is designed for students, without noting school types, grade levels, or ages of the students. A more transparent indication would say that the product is intended for primary, secondary, or high school students. An even more transparent indication would explicitly mention "preschool" or "grades K-12," which echoes the language used by laws like SOPIPA and ELPIPA. Not all privacy laws use the same level of detail in their language, but in many cases, several different privacy laws contain text that contribute to the same question in our Privacy Evaluations. In this example, using the terms "students" or "primary and secondary students" may seem to be good enough -- but opting for more detailed, informative options makes it easier to measure compliance against more laws and help parents, educators, and technology coordinators determine if a product is appropriate for a given audience. Greater detail additionally makes it easier for users and the Common Sense Privacy Program to quickly find the most accurate description of privacy practices.
Overall the purpose of transparency is to be accurate and open about data practices and to leave less room for interpretation, confusion, or deception. Improving transparency in policies benefits everyone, not just users and parents.