- we need to use clear language -right now it’s not clear what “information being traced” means
- include Learn More links
- how to communicate to the user that some information is fundamental to the service (i.e. of benefit to the user) vs. information that is less expected / has a negative impact on the user - i.e. how to distinguish between these different “traces”?
- how to express the value of the information to the user? how to express/identify risk vs benefit? it’s not a spectrum, or two poles - often both are true for same info - how to clarify for user?
- how to specify the use of information in some contexts (e.g. my phone number on my smartphone is ok) vs. others (e.g. my phone number on a public device is not ok)
- would help to map the information back to the device/source (much like Me and My Shadow does) - here it’s not clear which piece of information is coming from which choice the user makes (for device used or other contexts)
- include a “need to know” option or “ask me first” option such that the user could agree in context to the use of their data
- would be good to provide links to other resources that help user to understand how this works
- could also provide a demo
- could also extend this story building to include what happens after the personal policy is created - and also be more flexible with how the story building works - if I have this policy, what would it look like to apply it? build the story in reverse?
- how to include a preference to “forget me” - example - an online purchase through a service that will never likely be used again - user wants all information to be wiped once it is no longer needed (e.g. delete email address once delivery confirmation is complete etc) - need a “forget me” option
- what about in-context adjustments - e.g. user creates a policy, but then decides to make exceptions in-context - how to store these exceptions - related to trust list? it’s a bit like the C4A concept of a base set and then tweaking the base set in-context
- are we creating a service that would also provide a platform for non-conformance warnings etc (or just a tool for creating a personal policy/privacy pref set)? if not, how would these be delivered, if not by the services themselves?