we need to use clear language -right now it’s not clear what “information being traced” means
include Learn More links
how to communicate to the user that some information is fundamental to the service (i.e. of benefit to the user) vs. information that is less expected / has a negative impact on the user - i.e. how to distinguish between these different “traces”?
how to express the value of the information to the user? how to express/identify risk vs benefit? it’s not a spectrum, or two poles - often both are true for same info - how to clarify for user?
how to specify the use of information in some contexts (e.g. my phone number on my smartphone is ok) vs. others (e.g. my phone number on a public device is not ok)
would help to map the information back to the device/source (much like Me and My Shadow does) - here it’s not clear which piece of information is coming from which choice the user makes (for device used or other contexts)
include a “need to know” option or “ask me first” option such that the user could agree in context to the use of their data
would be good to provide links to other resources that help user to understand how this works
could also provide a demo
could also extend this story building to include what happens after the personal policy is created - and also be more flexible with how the story building works - if I have this policy, what would it look like to apply it? build the story in reverse?
how to include a preference to “forget me” - example - an online purchase through a service that will never likely be used again - user wants all information to be wiped once it is no longer needed (e.g. delete email address once delivery confirmation is complete etc) - need a “forget me” option
what about in-context adjustments - e.g. user creates a policy, but then decides to make exceptions in-context - how to store these exceptions - related to trust list? it’s a bit like the C4A concept of a base set and then tweaking the base set in-context
are we creating a service that would also provide a platform for non-conformance warnings etc (or just a tool for creating a personal policy/privacy pref set)? if not, how would these warnings/messages be delivered, if not by the services themselves?