Computers, Privacy & the Constitution

Informed Consent to the Use of Private Data

-- By RamShchory

The Problem – Softwares’ Privacy Policies Do Not Actually Provide Either Notice or Choice

Notice and Choice

The concept of notice and choice is the legal framework designed to assure that the user of an app or a website (“a software”) is aware of- and agrees to the collection and use of private information by the operator of the software. The user receives notification of these uses through a privacy policy, and is directly choosing by a trivial click on an “I agree” button, or implicitly choosing by merely continuing to use the website.

However, practically, neither notice nor choice are given. Privacy policies may contain the relevant information, but they are not understandable. To illustrate – estimations are that an average user will have to dedicate a month each year to read all the lengthy privacy policies she encounters, and in fact few do. Moreover, often people mistakenly think that the existence of a privacy policy means the operator has to keep their information private. Finally, because these are complex legal documents many users simply lack the tools to comprehend them (and sometimes they are simply in a different language).

Analogizing to tort law informed consent principles, without understanding, the user is not properly informed and the consent is an artificial agreement to an obscure or falsely perceived concept.

The Dangers

Allegedly, we can simply make the notice understandable. However, that alone will not provide true consent, as the user must also truly understand the potential consequences and the danger that may occur due to that infringement (approved or otherwise) of her privacy.

Warning the User of the Possible Dangers

A possible solution will be to adopt warning methods used in other legal contexts.

Prospectus Warning

In the securities context a company declares the risks an investor might incur if she chooses to invest. This “prospectus” warning differs from today’s privacy policies because it requires the operator to directly refer to risks. However, it seems to be insufficient to our cause, as it will suffer from the same understanding shortcomings, that is, being too long and in a professional language.

Cigarette Warning

A different way is to borrow the plain packaging warning approach used to warn cigarette consumers of the product’s health hazards, that is, demand a clear, blunt, straightforward and even frightening warning of the damages of agreeing to agree to the terms of the privacy policy.

However, this solution also suffers from major shortcomings. First, such blunt warning might over-deter people from using economically efficient software; even if we ignore the potential damage to the software’s owners and the political difficulties they may cause in their opposition to this solution. Second, it is unclear how such a warning will be designed, as the nature of the potential damage is less clear than that of cigarettes. Finally, because of people’s current unawareness, such warning might be perceived as an overreaction and be taken lightly, thus achieving the very opposite of what we tried to accomplish.

Stepping Away From Regulation

It seems that the implementation of the aforementioned models will be lacking at best. An entirely different approach is to provide a technical solution, not based on regulation.

Technical Solutions

One type of technical solutions is a simple, user-oriented and understandable review by a third party of a software’s privacy policy. ToS;DR – Terms of Service: Didn’t Read is a great example for such a solution. ToS? ;DR is a website rating different sites’ terms of service, providing a rank on a scale of A-E, and a brief summary of the most significant terms.

Another type of solution is standardizing and simplifying the data in the privacy policy, making it accessible to the end user, with or without an intervention of the user’s agent to access the information. CommonTerms is one example, offering a simple platform to be adopted by a software operator to preview the terms of the privacy policy in accessible and understandable way before accepting them. Privacy Icons is another example, attempting to create a set of icons to convey different privacy related massages.


The technical solutions have significant advantages. First, they depict an understandable and accessible picture of the privacy concerns. Second, they do not depend on regulation, making them uniform across the world and free from ever changing political concerns.

Nevertheless, they are not free of difficulties. First, these solutions are somewhat simplistic, in the sense that they narrow down vast legal issues to simple sentences. Second, the standardizing solutions depend on the cooperation of the software operator (to put the icons or to generate the preview), who has a completely different set of interests. Third, the expansion of the solutions may be slow (for example, ToS? ;DR is operating for nearly three years, and fully rated 12 sites). Finally, in their present state the technical solutions are not conveying the necessary sense of urgency about the dangers posed by privacy breaches. Put differently, they might be providing notice, but that does not result in fully informed users able to choose.

So what can we do? I suggest to develop the technical solutions, by adding a sense of danger to the current understandable messages, that is, by making it clear not only what a specific term means, but how can it be dangerous to the user. For example, when ToS? ;DR says Facebook has “very broad copyright license on your content”, it can add that “that may lead to Facebook owning your creations without additional consent”; or when saying that Google “can use your content for all their existing and future services”, it can add “that today we are unaware of, and may be destructive to your privacy”. This approach will create a simple, clear and thought provoking message about privacy. It may fail to lead to a revolution, but as long as people think, discuss and debate this important issue, we are already in a better place than the one we are in today, when everybody simply click “I agree”.


Webs Webs

r4 - 26 Jun 2015 - 20:23:10 - MarkDrake
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM