2 Easy Steps to Improve Privacy Policies

OK, they’re not so easy. But they would save us from the eternal amend-then-freak-out cycle

The end of last week saw one of those tech stories that runs the cycle—from Twitter outrage to corporate chagrin—in less than 48 hours. Here’s what happened:

On Thursday, a major tech company (in this case, Spotify) debuted a new privacy policy. The policy permitted the software to access more information than seemed reasonable (in this case, a user’s photos, contacts, and GPS location), and people were upset. They had no easy way to opt out of the new contract: They either had to agree to it or leave the service.

Late that night, a nerd hero (in this case, Markus Persson, the developer of Minecraft) told the service on Twitter that he had cancelled his subscription and that the company should be ashamed of itself. (His words: “Please consider not being evil.”)

More corporate shaming from less high-profile nerds ensued Friday morning, as pundits more sympathetic to the needs of venture capital in turn condescended users. By noon in California, it was all over: The company had clarified its policy and apologized for not communicating better. Fin.

Another privacy-policy scandal managed, another variant on corporate Big Brother avoided. (Though a Spotify-driven surveillance regime would look less like 1984’s Oceania and more like The Apple’s disco-dystopian West Berlin.) So privacy policies could nicely disappear from the tech news slate—at least, until the next scandal.

And there will be a next scandal. The agita over Spotify’s privacy policy resembled disputes just this year over other companies’s privacy policies—like Samsung’s and Uber’s—as well as the the cyclical fretting over Facebook’s reach. These scandals have attained a degree of predictability: They are almost as formulaic as the legalese of the policies themselves.

But beyond the cycle of discovery, outrage, and apologetic adjustment, there are deeper problems. The way lawyers, executives, and developers address user privacy just doesn’t work that well. Neither consumers nor corporations benefit from our current amend-then-freak-out regime.

That’s partly because, if we’re being honest, privacy policies are kinda boring. They’re how new and shiny consumer software gets scaffolded in mundanity. Just like how, when your new Cuisinart or Frigidaire arrives, no one looks at the manual that comes with it.

The sum is that no one wants to think about privacy policies except during a crisis—and corporations want to avoid a crisis. So when they do have to amend their policies, companies are reluctant to provide too much information lest they initiate a negative PR cycle. But that reluctance leads them to state their privacy policy expansively or in forbidding legalese—and then they invite that same crisis, as users interpret the policy in the worst way.

This traps both consumers and companies in a cycle of bad faith. As the privacy consultant Jonathan Salem Baskin put it:

The fait accompli behind privacy practices is that businesses have the right to intrude massively into customer’s lives and, since the policies are legal agreements (often executed by nothing more than their tolerance), people have made consciously willing trades: their privacy for better playlists, or shoe ads.

This just isn’t true, since few people understand those transactions. It also violates every conceivable psychological or sociological model of how humans define and manage their privacy, which depend on two parties learning to trust and reveal information to one another over time.

“It doesn’t have to be like this,” Baskin wrote. “There’s nothing inherently wrong with customers sharing their personal information or behavior, nor with companies using it to improve their operations and, gasp, profiting from it.”

The situation could also be improved with two different specific adjustments, one legal and one technical. Legally, the tech-policy writer Logan Koepke (who, full disclosure, is a friend of mine) advocates that companies should announce a new privacy policy whenever they change.

Right now, most consumer-tech companies only announce changes whenever they make “material” changes to their policy. (The last time the Federal Trade Commission issued guidance on privacy policies, in 2009, it recommended that process.) But that means that it’s up to tech companies to decide which changes are material and which are not—which sets up a potentially adversarial relationship between company and consumer.

If companies instead notified users of every change to their privacy policy, they will be more skittish about making any change, Koepke believes, and more likely to frame the changes they do make in more public-facing language. The benefits of this would then accumulate over time: Once a more user-respecting privacy regime is mandatory, companies will compete on privacy.

Medium has since changed its privacy policy accordingly, and it now notifies users whenever it makes a change to its policies. The FTC should encourage similar companies to do the same.

* * *

If a regulatory change looks unlikely, though, there is a technical intervention that Apple and Google could make. To explain how, it’s worth getting into the nitty-gritty of the Spotify flap. One of the clauses that most worried users was the following:

Depending on the type of device that you use to interact with the Service and your settings, we may also collect information about your location based on, for example, your phone’s GPS location or other forms of locating mobile devices (e.g., Bluetooth).

The company says this access was needed for its new Running feature, announced in July, that monitored someone’s jogging pace and served them tunes appropriately. And when the company’s CEO, Daniel Ek, explained the new policy on Friday, he said that that type of data collection would always require a user’s permission:

We will never gather or use the location of your mobile device without your explicit permission. We would use it to help personalize recommendations or to keep you up to date about music trending in your area.

(Wired’s coverage, by the way, is revealing about how dissonant the tech industry’s thinking about privacy is right now: A feature described innocuously in Spotify’s “lovely” and “powerful” “hunt for the perfect playlist” on July 20 becomes, exactly a month later, something “eerie” that the user “can’t do squat about.”)

On Twitter, Nick Seaver, an incoming anthropology professor at Tufts University, pointed that the social costs of Spotify’s privacy policy emerged from social and technical limitations.

“The creepiness isn’t in using GPS for the running feature or whatever, it’s in asking for GPS access independent of a specific use,” he wrote. “In normal social interaction, you can tell someone where you are for a while without giving them ‘forever access’ to your location.”

To Seaver, this makes the case for “seamfulness” in design: Software should be asking for permission to use personal data more, not less. Currently, many designers aim for a “seamless” experience and take a set-it-and-forget-it approach to app privacy. The Facebook app on the iPhone, for instance, has to ask for permission the first time it tries to access the phone’s photos, camera, or GPS location—but once a user has given access, it never has to ask again. (“Seamlessness” as a goal resembles Facebook’s infamous “frictionless sharing.”)

This seamlessness is a software problem. On iOS, users can be specific about what kind of data an app can access: It can see their photos, for instance, but not their location. But once they’ve given it that access the first time, the app never asks again. A user has to go manually turn off permissions in the phone’s settings to restrict access. Android users, meanwhile, can’t even give apps permission with that level of granularity yet. It will be a feature in the next major update.

Imagine if, right before a run, Spotify asked for 60 minutes of access to your GPS location. If you still seemed on the move 55 minutes later, it would ask for another hour of access. That seems to me like a better trade: Not all the access, all the time, wherever; but access right now, for a little while, here. Apple or Google could encourage this practice simply by making that feature possible at the operating-system level. It would be more seamful, and it would be more trustworthy.

Such a technical advance would still require companies to communicate their privacy policies better to users—would require them to turn privacy policies from standalone, hedging, anxious land grabs into “living, breathing documents that represent a company’s culture,” as Koepke put it. But doing so would save both companies and users significant distress, taking us out of the cycle of wonder and shock.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.