Privacy Paradigm – getting the design right

ODell@ICS2 I spoke today at the (ISC)² Security Congress EMEA in Dublin. Before me, Minister Naughten gave an opening address; after me, Brian Honan provided a fascinating keynote.

In between, I beat the drum (again) for Privacy Paradigm. The image, left, is an artist’s impression of the highlights of my talk. If you click through, you will get a bigger version, and – as a bonus, on the same sheet – the same artist’s impression of the talks from Brian and the Minister as well.

What I am hoping to do with Privacy Paradigm (if anyone wants to fund the research) is provide a simple means by which websites could signal not only that they respect their visitors’ privacy but also how (if at all) the sites processe personal data. For this, by analogy with Creative Commons, I suggest an appropriate icon and short accompanying text which explains that the site operates under a standard-form privacy policy, with a link to the underlying privacy policy, provided by an appropriately coded plugin. In my view, the key is to start with the standard-form privacy policies, and to code them accordingly, and then to provide the icons.

There have been many previous attempts covering some elements of this strategy, but none has caught on. This is in part because they have been partial (not replicating the full depth of the Creative Commons precendent), in part because they started with the icons and didn’t get much further, and in part because the icons haven’t been great (either too many, nor not intuitive, or not connected with underlying privacy policies). The image at the top is very good, and it emphasises for me that, although the icons should probably come near the end of the process, they need to be good – clear, intuitive and few in number. If they work, then Privacy Paradigm will be able to live up to its slogan of “respecting privacy online”.