Next Steps for Personal Privacy
One of the key findings of this project is that autonomy and choice cannot happen without knowledge and transparency. Currently there are significant knowledge gaps around the control of personal information and a hesitancy to make decisions in this space. It has become clear that education about privacy needs to be part of the preference creation and editing experience. A portion of this issue has been addressed through the current project with the creation of a prototype for a ‘Privacy Story Builder’. The story builder uses a playful strategy to engage the person using it in exploring privacy themes through a fictional character. Throughout the experience the person is given information about privacy and can consider different settings without fear of modifying their own privacy. Upon completion the person can choose to use the created policy for themselves. This project also resulted in designs for privacy preference editing tools which included some exploration of using a timeline to communicate how privacy related information is used.
There are three areas where further work needs to be done to build upon the work that was completed during this project. Firstly, alternative and/or complementary presentation formats for communicating personal privacy related information should be created. Secondly, additional areas of personal privacy design such as interfaces to help with weighing the benefits and risks of sharing personal information should be researched and explored. Finally, the designs and the privacy preferences standard developed during this project should be extended and refined.
Alternative and Complementary Presentation Formats
Given the complexity of the privacy space it is important to find new ways to communicate with a diversity of users. Accessible and understandable presentation of privacy related information needs to be further explored. This would include communicating what information is collected by whom, how it is used and where it is shared. To enable a person to make an informed decision the benefits of disclosing the information must also be made clear. A profusion of communication strategies need to be employed including data visualization and sonification techniques to leverage the diverse learning styles and aptitudes of individuals. Creating an ecosystem of possible communication formats, presentations and strategies enables the largest diversity of individuals to participate comfortably in this space.
Extended Personal Privacy Design Research
Although this project focused on the creation and editing of personal privacy policies and the creation of a privacy preferences standard, it also touched on many related areas in the privacy field. These topics included:
Accessing and understanding inferred data
Entry points to the creation and setting of privacy preferences
Sharing privacy preferences and personal privacy policies with peers
Weighing the risks and benefits of different privacy preferences in specific contexts
Self assigning value for personal information including deeming what constitutes personal information
Creating trust maps / circles of trust
Communication about privacy between vendors and users
Each of these themes should be explored in depth using a co-design process to develop tools and resources that improve people’s ability to actively control their personal information while taking advantage of the many services that are improved through access to personal information.
Continued Development of Existing Designs
The privacy preferences creation and editing tools that were co-designed during this project have led to some important findings and opened up the space for better personalized control of personal information. Continuing work on these designs will result in improved tools for users and information that can be used to extend the privacy preferences standard.
Continued work should include:
Further development of game-like, playful approaches to privacy policy creation
Developing the existing story-builder further to include a character/persona interacting with different services and applying their privacy policy
Building a keyboard / screen-reader accessible prototype
Implementing the privacy preferences tools in real world settings including consideration of in-context findability
Creating a machine-readable personal privacy policy
Usability testing of real world implementations of the privacy preferences tools
Refining the privacy preferences tools using the knowledge gained from user testing
Considering context-dependent choices for privacy (e.g. device or location), including in-context exceptions
Updating the privacy preferences standard based on the refined tools
Through the course of this project, resources were created to teach about privacy topics including the ‘Inclusive Design for Privacy’ guide. Building on this resource, exemplars and examples of privacy could be developed including:
Tutorials about specific privacy-related topics
Exemplars of easy-to-understand privacy policies for vendors
Examples of how a vendor can present to the user in an easy and specific way how and why their personal information will be used (including aggregate data use)