How humane privacy policies should be written (and in compliance with GDPR)

This topic is on the current practice on Privacy Policies, namely writing such long legal mumbo jumbo garbage that no normal human being can possibly understand, so usually refrains from reading and just blindly accepts.

Many of these policies are intentionally created this way to obscure agressive data collection practices and other dark uses of your data and online behaviours.

However, there is some light in this field. More and more companies realize that they lose the valuable trust of their userbase, as awareness of the issues is on the rise. Having a good, human-readable PP can actually be a unique selling point.

Letā€™s find examples of good privacy policies and add them to this topic.

This blog post by Codepen shows some great good vs. bad texts side-by-side:

2 Likes

Hey CHT Community, Andrew from Siempo here. Our team is committed to integrating humane design throughout the product and organization, including privacy.

Weā€™ve started with a fairly boiler plate privacy policy and would love feedback from this community on how it can be improved! Here is our current version.

Additional context:

  • The app is free while in beta. We will begin charging for it in the next couple of months.
  • We will never sell advertisements.
  • While we ask for certain permissions (Messages, Contacts) to activate specific features, we only collect relevant usage data that we can use to improve the experience (e.g. how many hours per day people spend on their phones), and itā€™s collected in such a way that it is always aggregated and anonymous.
  • We intend on approximating towards GDPR. Becoming fully compliant right now is out of budget for a pre-launch startup.
1 Like

Very cool @andrewmurraydunn , it is great that you allow us to participate, so we have a real case!

Letā€™s see what we come up with. The CHT could collect a set of patterns & practices to be published on our wiki pages

I was just about to post something related to PPā€™s, and a nice application of AI: An AI that can parse privacy policies and interpret them for humans.

Note their own privacy policy. Itā€™s easy to read. I am wondering, since it does not contain judicial sounding texts, it offers the same guarantees to them as a company.

I am no expert, but very curious to know more about the subjec. Iā€™ll add more stuff here soon.

Thank you!

Edit: The AI thing was described in a Wired article

2 Likes

Siempo looks like a great product. Am anxious to hear how it does.

I tried to read the privacy policy but stopped. I found the small type, long lines, and repetitive phrases pretty inhibiting. Can the policy somehow reflect the simplicity and elegance of your product?

Pribot and Polisisā€™s privacy policy is indeed simple and succinct. I am sure legal counsel has pronounced it fit and adequate, which poses an interesting question: how many theoretical situations does a privacy policy have to coverā€“and to what degree?

At one time, IRS instructions read like privacy policiesā€“in terms of impersonal, legalistic, dense language. The federal government instructed the IRS to rewrite its instructions, and (I assume) there has been no corresponding loss of tax revenue. That is, the simpler language has produced the sameā€“or betterā€“results.

2 Likes

Yes, that is good point. I was thinking that - while most PPā€™s are written from the perspective of the company - the human-readable examples out there - targeted more to the customer - could be just as legally sound, if the texts are carefully phrased. But that needs a lawyerā€™s advice probably (though they may not be to keen to lose business in writing arcane texts :wink: )

In the example I provided above in the section ā€˜What do we do with your information?ā€™ the state:

We do not log the the full IP address (such as 213.34.51.91). Instead we configured our server to anonymise it first (to 213.34.0.0)

And then later in ā€˜Disclosureā€™:

We do not share any personal information with third parties. However, aggregated and anonymized usage data might be used in the future as part of research publications.

If the first section is sufficiently well described and accurate, then the Disclosure section might be just this simple and readable and yet hold up in court cases.

Note that I think that the first section may not be all that complete, as there is more information that can be gathered, like device IDā€™s etc. which make it still possible to de-anonymize personal data. I have seen PPā€™s in the past (canā€™t find example quickly) where they gave an example of a full data collection record, so a consumer knows exactly how that looks like and what they give away.


Different subject. I just found this magazine exclusively on GDPR at InfoQ (I didnā€™t download yet, but InfoQ is good quality mostly):

(PS. I have mentioned GDPR in the topic title, as it is such a hot topic in IT currently)

This is a good GDPR cheat sheet with lotsa further references:

Specifically on PPā€™s it says:

The GDPR specifically prohibits the use of long, convoluted terms and condition statements, particularly statements that contain legalese. Any request for consent, declaration of terms, or statement of privacy must be presented clearly and concisely, and without any ambiguity of meaning. Furthermore, it must be as easy to withdraw consent as it is to give it.

2 Likes

I was recently tasked with re-writing the privacy policy for the non-profit I work at. I borrowed heavily from the Electronic Frontier Foundationā€™s privacy policy, and it was a great source of ideas. They also meticulously document all of their previous policies. If you are interested in this topic and havenā€™t seen it, itā€™s worth a look:

2 Likes

It is a readable PP, but also rather long. I wonder if it canā€™t be made a bit shorter without weakening it.

On 3rd-parties I found something interesting wrt GDPRā€¦ though this article could provide more helpful info, it shows that even when using Google Analytics you have to be very careful to not be in violation:

1 Like

More thoughts about Siempoā€™s privacy policy.

It seems to me that parts of the privacy policy actually constitute site-usage policy. It would be much better for Siempoā€™s site users to be provided information on site usage on a separate pageā€“rather than having that language clutter up the privacy policy.

Some sites Iā€™ve visited expressly say they use cookies and that the visitor, by using the site, consents to this.

Maybe Siempo could develop this idea further by articulating its site-usage policy in a clear, friendly way and then refer the visitor to its privacy policy for details.

1 Like

Good point! You read with the eye of a proofreader :slight_smile:

I also noticed an error, a wrong URL:

Any defined terms used but not defined in this Privacy Policy are defined in the Terms of Use located at siempo - KĆŖnh hį»— trį»£ giįŗ£i Ä‘Ć”p thįŗÆc mįŗÆc cį»§a ngĘ°į»i chĘ”i.

This points to itself (and siempo.co redirects, so need not be mentioned anymore, maybe)

1 Like

Thanks for this feedback!

We can certainly give the page some design love.

We can certainly work with our lawyers to make some of the language more consumer friendly and still be legally sound, as @aschrijver suggests. Could you share which phrases in particular you found inhibiting?

1 Like

We will consider breaking it out :slight_smile:

1 Like

Happy to help with suggestions; thanks for askingā€¦

Interesting article in Bloomberg:

https://www.bloomberg.com/news/articles/2018-04-20/uber-paypal-face-reckoning-over-opaque-terms-and-conditions

And discussion on HN: https://news.ycombinator.com/item?id=16885000

1 Like

Just found this privacy policy composed by the Center for Plain Language:

Aloha Andrew,

Here are some of the things I found. I put your original language in italics and my suggested revisions in bold.

Any defined terms used but not defined in this Privacy Policy are defined inā€¦
Any terms used but not definedā€¦
Comment: original is not logical.

Except as specifically stated in this Privacy Policyā€¦
Except as stated in this Privacy Policyā€¦
Comment: adverb is not needed.

you may be unable to access certain parts of our Services
you may be unable to access certain Services
Comment: concise language is better.

This helps us serve more relevant content and information.
This helps us provide you with more relevant content and information.
Comment: serve is ambiguous here. Revision provides an object for the verb (you) and clarifies the action and who is benefitting.

We may use subcontractors, vendors, or other third-parties in order to efficiently provide our Services to you (ā€œService Providersā€). Service Providers may provide services including, but are not limited to, providing data hosting and credit card processing services. Some Service Providers will collect information directly from you. Information collected directly from these Service Providers is governed by their privacy policies. You should view the privacy policies of Service Providers before providing information to them.
We may use subcontractors, vendors, or other third parties [hyphen not needed] in order to provide our Services (ā€œService Providersā€). Service Providers may provide services including, but not limited to, providing data hosting and credit card processing services. Some Service Providers will collect information directly from you. Information collected directly by [not from] these Service Providers is governed by their privacy policies. You should review [not view] the privacy policies of Service Providers before providing information to them.

We may disclose Usage Information and aggregated information that cannot be used to personally identify you without restriction.
Comment: curious about what ā€œwithout restrictionā€ means in this case.

Notwithstanding anything to the contrary in this Privacy Policy, we may disclose or share your Personal Information in order to comply with any court order, law, or legal process, including to respond to any government or regulatory request, or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety Siempo, our customers, or others.
We may disclose or share your Personal Information in order to comply with any court order, law, or legal process; to respond to any government or regulatory request; or to ensure the protection of the rights, property, or safety of Siempo, our customers, or others.
Comment: parallel construction is better in a case like this. Revised language is clearer, stronger, less wordy.

We may disclose your Personal Information in order to enforce or apply our Terms and other agreements, including for billing and collection purposes.
We may disclose your Personal Information to such agencies in order to enforce or apply our Terms and other agreements, including for billing and collection purposes.
Comment: verb needs object.

Disclosed when Collected: For any other purpose, when that purpose is disclosed by us at the time that you provide the Personal Information.
Comment: suggest moving this. It is a general statement that should not be embedded in a list.

We strive to provide you with choices regarding the information you provide to us. We have created mechanisms to provide you with the following control over your information:
We strive to provide you with choices regarding the information you voluntarily share with us. The following mechanisms enable you to have control over your information:
Comment: revision is clearer, stronger. The word provide should not be used as the verb in each main clause because its meaning shifts.

If you do not wish to have your email address used by us to promote our own services or third parties, you may opt-out of receiving to such promotional messages by selecting the ā€œunsubscribeā€ button as provided on any email communication from us.
If you do not wish to have your email address used by us to promote our Services [capitalize as elsewhere] or those of third parties, you may opt out of receiving such promotional messages by selecting the ā€œunsubscribeā€ button provided on any email communication from us.
Comment: small errors corrected.

We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted on the App. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the App.
We have taken measures to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. However, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted on the App. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the App.
Comment: this really belongs in a site-usage or terms-of-service page. There is a kind of warning latent in the language that may bother the reader. You donā€™t want to introduce such a disruption, especially late in the policy.

We operate the App from the United States. If you are located outside of the United States, please be aware that information we collect will be transferred to and processed in the United States. By using the Services, or providing us with any information, you fully understand and unambiguously consent to this transfer,
We operate the App from the United States. If you are located elsewhere, please be aware that information we collect will be transferred to and processed in the United States. By using the Services, or providing us with any information, you understand and consent to this transfer,
Comment: redundancy doesnā€™t improve clarity. Language should be clear, simple. Adverbs arenā€™t needed.

It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat our usersā€™ Personal Information, as determined in our sole discretion, we will notify you by email to the email address specified in your account and/or through a notice on the App. The date the Privacy Policy was last revised is identified at the top of the page.
On this page, we post any changes we make to our Privacy Policy. If we make material changes to how we treat your Personal Information, we will notify you by email to the address specified in your account and/or through a notice on the App. The date the Privacy Policy was last revised is identified at the top of this [not the] page.
Comment: start with important part first, ā€œon this page.ā€

To ask questions or comment about this Privacy Policy and our privacy practices
To ask questions or comment about this Privacy Policy
Comment: strike practices because it implies there are things that are important but not included in the policy.

2 Likes

My personal home brew privacy policy.

What about lines and cost for access to data like the results of all these surveys?
line order and time value accounting prices affect the cost and wait for accessing results of survey data for this project. No financial cost is required, but you must spend time to fill out forms and provide more data identifying yourself and your data access reasons and use. You must pay a 100% per minute of data access for any real or augmented human attention minutes. Possibly more if others have override the default project data cost of 100% minute match royalties in their personal profile. The cost of your minutes or hours of attention to the data are automatically paid forward to the person or persons who created the data as royalties. If someone looks at your form results to look at data, then you will receive notification and royalties for others who wish to access to your consolidated or individual ā€œdata access historyā€. Copying or reproduction of HEOP data is prohibited unless allowed by and payment made to the data creators with a valid receipt specifying prices for verification and enforcement of data theft if needed.

You may change your default data pricing and privacy options in your account setting. And opt out of receiving low value offers to purchase your data at any time. Aggregate statistics and consolidated information may be saved as snapshots, however, most aggregate statistics and consolidated information is re-created on demand using the most current data pricing and privacy decisions of the data providers. So if you mark your data private later, it will be removed from future data summaries and aggregate calculations when possible. Data handling practices an fines for data misuse or misrepresentation are handled by the hOEP internal Time Value Accounting system with jury verdicts for violations of our terms and conditions of access leading to steep re-active adjustments to the prices you paid in minutes for the receipts in which you stole data. We will charge you the back due amount for dishonest data usage and if you knowingly copy data with a price set to (1 million wait line minutes/copied use and attention minute) then you can and probably will be charged up to 1 million wait line minutes for your accidental copying of the data. Fines for theft and fraud attempts are 10 times the value involved and there is a bounty reward for crime spotting of 5 times the value. In addition to hOEP Verification and enforcement of our terms and conditions, you may be liable for other legal and civil penalties and court mediated actions. Link to survey on the HOEP project data access, costs, wait time, and pricing practices.

If you know or suspect someone has accessed your data and survey results in violation of our terms and conditions. Complete a 15 minute form detailing your reasons for suspicion after checking your receipts and making sure you didnā€™t sell the data to them at your specified rate. The form will talk you through the details about time and data to allow us to automatically attempt global receipt inspection to detect and find the violator appropriately. You can also invest additional resources of time and a jury to investigate further at very reasonable prices in hours of your time.

ā€“ from the google doc ā€œhOEP (hOurs Equals Price) hacks the pizza lineā€ a crowdsourced hackathon project.

Wow, I canā€™t thank you enough for applying such a critical (+ grammatical and humane) lens to this! As mentioned, we started with a boiler plate version, so Iā€™m thrilled to get this feedback on how we can make things more crisp, clear and user friendly.

2 Likes

Very happy to help! Thanks for the opportunity :slight_smile:

Hi @andrewmurraydunn, I just found the link in this post that is interesting for PPā€™s for humans:

How can researchers unite?

1 Like