Blog Update (June 13, 2011): Web "Privacy Themes" Proposal: Reactions and More Info

I can't begin to count the vast number of times that people -- and not just non-techies -- have made this comment to me regarding privacy on Web sites (with the word "damn" frequently replaced with significantly more colorful invectives).

Such bitter reactions are understandable. Most folks just want to get about their business of accessing Web sites and services, without feeling that a prerequisite for safe use is a prophylactic graduate course in privacy law -- notwithstanding sites that do make determined efforts to present privacy-related data (e.g. via "dashboards" and other formats) in a comprehensive manner.

Even when users fully understand the terminologies and principles involved, often tortuous and labyrinthine privacy preference settings can be the "salt in the wound" that causes many persons to throw up their arms in despair.

Faced with such situations, a common reaction is to either just accept the default privacy preferences as is, or, depending on personal proclivities, abandon the involved sites altogether.

Neither of these "all or nothing" reactions are good ones. Users who accept defaults that they later consider to be too "lax" regarding privacy are likely to be quite upset. Users who refuse to even use a site in the first place may be depriving themselves of services that they actually would have found valuable, perhaps in major ways.

Yet Internet privacy issues are complex by definition, and will continue to become increasingly convoluted as newer technologies like location-based services, face recognition systems, and who knows what else -- increasingly come broadly online.

This leads to users often having settings that do not accurately represent the privacy preferences that they had assumed were actually in place.

Recently, in Do-Not-Track, Doctor Who, and a Constellation of Confusion, I suggested that an accurate assessment of Web site privacy parameters actually entailed a multidimensional "constellation" of issues, and that most current ways of looking at Web privacy were actually far too simplistic.

But given that privacy settings today are already frequently far too complex and ephemeral from the users' standpoint, and subject to additions, removals, reorganizations, and other confusions with little or no advance notice to users, how can we possibly consider the necessary additional privacy aspects and interactions that will be key to a reasoned and balanced approach to privacy concerns moving forward?

Even viewed from the standpoint of today's status quo in this area, it's time to admit that the methods we're providing users to control their privacy preferences at most Web sites have become woefully inadequate and obsolete.

Worse yet, the sorts of solutions being touted by various government and other entities -- such as simplistic Do-Not-Track systems -- are virtually guaranteed to take the current situation and make it far worse in many ways.

Attempting to mandate such Do-Not-Track mechanisms to deal with privacy concerns is akin to destroying a beehive with a nuclear bomb. Not only will there be enormous and spreading collateral damage, but an entire range of useful and important attributes associated with behavioral targeting and other technologies will be indiscriminately obliterated in the process, to the ultimate detriment of Web users.

We can do much better.

As a starting point, we need to come to grips with the fact that facing users with a barrage of complex and often interrelated opt-in, opt-out, and other privacy preference settings will typically do more harm then good. As we've seen, users will tend to "tune out" options with too much complexity, with the strong potential for both users and services being dissatisfied with the results down the line.

But at least under the hood of Web services, the complex, multidimensional constellation of detailed settings will need to exist, to meet an increasing list of technical, legal, and policy requirements.

Is there a practical way to provide users with a more useful and accessible means of specifying their privacy preferences in most cases, while shielding them from the increasingly complex array of internal privacy-related settings, especially as these are augmented and change in other ways over time?

An approach that I feel is worth considering involves what I call User Privacy Preference Themes (UPPTs).

The idea is fundamentally straightforward.

Most of us tend to fall into a relatively small set of categories regarding our personal privacy concerns. Some of us are willing to broadly share information, including for example location data -- but only to our friends or other associates. Other persons are open to even broader sharing beyond such circles. And some persons would prefer to share as little data as possible, and want to stay as anonymous as is practicable.

I believe it is possible to create a "mapping" between these and other comparatively generic "personal privacy sensibility sets" regarding privacy issues, and use this analysis to create broad "privacy preference themes" -- that themselves can be used internally to select many detailed privacy settings -- based on the aspects of each individual theme itself.

In other words, if we know that someone has declared themselves to be a user of the "glad to share info with friends" theme, this knowledge can be employed to reasonably anticipate and control the settings of a large number of individual privacy-related parameters on a site for that user, and to make a reasonable judgment as to how this person would likely want their settings configured for new features that may later be deployed.

The same sort of process would hold true for users selecting other privacy preference themes as well.

Best practices would still necessitate that sites clearly notify users when significant privacy preference options have been extended with new features or otherwise altered, and users would naturally still have access to (and control of) all detailed privacy settings on demand.

But by starting from the baseline of a user's privacy preference theme choice -- their UPPT -- and using that as a guide for future individualized defaults as new privacy-related technologies augment the existing environments, users are likely to be far more satisfied. Their settings associated with these new capabilities will already likely be "in sync" with their historical preferences related to data sharing, behavioral targeting, and the many other aspects of sites that can be important both to users and to the functioning viability of Web services themselves.

Users stand to gain mightily from such an approach. User privacy preference themes could provide a means to help assure that individual privacy-related settings are optimally configured not only to protect data and functions as each specific user expects, but also to enable users' maximal engagement with those aspects of sites that they have chosen to access.

Unlike a complex array of detailed privacy settings that default the same way for everyone, or the "feature obliteration" doomsday approach of Do-Not-Track, individualized UPPTs could provide a framework for a highly customized approach to privacy preferences, capable of dealing with extremely complex preference constellations, without requiring users to manually analyze and manipulate the detailed settings incorporated within these environments, unless they prefer to do so.

Obviously, practical implementation of this concept would likely not be trivial -- but I believe that this approach is a practical one with potentially major benefits for both Web users and services. I have a pile additional details and thoughts on this that I'd be happy to share, though currently they are not in a suitable form for public posting.

We need to bite the bullet, and admit that while privacy issues are critical to the Web, our traditional approaches to dealing with this area are increasing frayed, tattered, and entangling users in a confusing mess rather than helping them.

Nor is cutting off our nose to spite our face, in the manner of Do-Not-Track, the best way to help users navigate privacy issues without potentially crippling many of the very services that they most wish to use.

Singing the same old songs regarding Web privacy may feel reassuring, but no longer is a practical path. Perhaps some new "themes" will help to get us back into tune with the best interests of Internet users and of the Web at large.

--Lauren--

Blog Update (June 13, 2011): Web "Privacy Themes" Proposal: Reactions and More Info