TRUSTWORTHY PRIVACY INDICATORS: GRADES, LABELS, CERTIFICATIONS, AND DASHBOARDS.

• Author: Reidenberg, Joel R.

ABSTRACT

Despite numerous groups' efforts to score, grade, label, and rate the privacy of websites, apps, and network-connected devices, these attempts at privacy indicators have, thus far, not been widely adopted. Privacy policies, however, remain long, complex, and impractical for consumers. Communicating in some short-hand form, synthesized privacy content is now crucial to empower internet users and provide them more meaningful notice, as well as nudge consumers and data processors toward more meaningful privacy. Indeed, on the basis of these needs, the National Institute of Standards and Technology and the Federal Trade Commission in the United States, as well as lawmakers and policymakers in the European Union, have advocated for the development of privacy indicator systems.

Efforts to develop privacy grades, scores, labels, icons, certifications, seals, and dashboards have wrestled with various deficiencies and obstacles for the wide-scale deployment as meaningful and trustworthy privacy indicators. This paper seeks to identify and explain these deficiencies and obstacles that have hampered past and current attempts. With these lessons, the article then offers criteria that will need to be established in law and policy for trustworthy indicators to be successfully deployed and adopted through technological tools. The lack of standardization prevents user-recognizability and dependability in the online marketplace, diminishes the ability to create automated tools for privacy, and reduces incentives for consumers and industry to invest in privacy indicators. Flawed methods in selection and weighting of privacy evaluation criteria and issues interpreting language that is often ambiguous and vague jeopardize success and reliability when baked into an indicator of privacy protectiveness or invasiveness. Likewise, indicators fall short when those organizations rating or certifying the privacy practices are not objective, trustworthy, and sustainable.

Nonetheless, trustworthy privacy rating systems that are meaningful, accurate, and adoptable can be developed to assure effective and enduring empowerment of consumers. This paper proposes a framework using examples from prior and current attempts to create privacy indicator systems in order to provide a valuable resource for present-day, real world policymaking.

First, privacy rating systems need an objective and quantifiable basis that is fair and accountable to the public. Unlike previous efforts through industry self-regulation, if lawmakers and regulators establish standardized evaluation criteria for privacy practices and provide standards for how these criteria should be weighted in scoring techniques, the rating system will have public accountability with an objective, quantifiable basis. If automated rating mechanisms convey to users accepted descriptions of data practices or generate scores from privacy statements based on recognized criteria and weightings rather than from deductive conclusions, then this reduces interpretive issues with any privacy technology tool. Second, rating indicators should align with legal principles of contract interpretation and the existing legal defaults for the interpretation of silence in privacy policy language. Third, a standardized system of icons, along with guidelines as to where these should be located, will reduce the education and learning curve now necessary to understand and benefit from many different, inconsistent privacy indicator labeling systems. And lastly, privacy rating evaluators must be impartial, honest, autonomous, and financially and operationally durable in order to be successful.

TABLE OF CONTENTS INTRODUCTION I. GOALS FOR PRIVACY INDICATORS A. More Meaningful Notice B. Consumer Empowerment C. Nudging Users and Data Processors Toward Privacy II. TYPES OF ONLINE PRIVACY INDICATORS A. Privacy Grades and Scores B. Privacy Labels and Icons 1. Privacy "Nutrition " Labels 2. Label and Icon Systems C. Privacy Certification Regimes and Seals D. Privacy Dashboards III. OBSTACLES TO MEANINGFUL PRIVACY INDICATORS A. Lack of Standardization B. Scoring Criteria Deficiencies 1. Selection of Grading Criteria 2. Weighting of Grading Criteria C. Interpretation Issues 1. Non-holistic Interpretive Approach 2. Ambiguity, Vagueness, and Silence in Privacy Statements 3. Annotator Consistency D. Rating Agent Reliability IV. LAW AND POLICY REQUIREMENTS FOR SUCCESSFUL DEPLOYMENT OF PRIVACY INDICATORS A. Legislative or Regulatory Establishment of Standardized Evaluation Criteria B. Analytical and Interpretative Approach C. Development of Standardized Icons, Location Placement, and Technical Requirements D. Reliability, Autonomy, and Sustainability of Indicator Systems CONCLUSION APPENDIX: ADDITIONAL EFFORTS TOWARD PRIVACY INDICATORS Privacy Grades and Scores Privacy Labels Privacy Certification Regimes and Seals Privacy Dashboards INTRODUCTION

Privacy policies are notoriously long, complex, and impractical for consumers. (1) To assist users of websites, internet platforms, mobile applications, and network-connected devices in evaluating privacy notices and gleaning useful information from them, many have tried to synthesize privacy content into short-hand indicators and some have tried to develop automated technological tools to create or display the indicators. These indicators include grades, scores, nutrition labels, ratings, certifications, and dashboards. (2) Despite numerous groups' efforts to score, grade, label, and rate the privacy of websites, apps, and network-connected devices, these attempts at privacy indicators have, thus far, not been widely adopted. (3)

Privacy policies, however, remain long, complex, and impractical for consumers. The ever-growing Internet of Things and growth of Big Data continue to undermine our reliance on long written disclosures, because data practices increase in complexity raising many difficulties for an accurate description that is meaningful to consumers. Communicating in some shorthand form, synthesized privacy content is now crucial to empower internet users and provide them more meaningful notice, as well as nudge consumers and data processors toward more meaningful privacy. This highlights the need to satisfy privacy concerns ex ante to assure trust in online systems.

In the modern network-connected world, privacy notices are failing to provide meaningful transparency for users, and many are hastening to move toward short-hand indicators of synthesized privacy policy content. The National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC), for example, have explored solutions to improve notice and choice and synthesize statements of privacy practices. (4) This paper seeks to provide a valuable resource for not only the legal community, but also for businesses and policymakers who are focused on improving privacy online.

Over the years, efforts to develop privacy grades, scores, labels, icons, certifications, seals, and dashboards have wrestled with various deficiencies and obstacles for the wide-scale deployment as meaningful and trustworthy privacy indicators. This paper identifies and explains the deficiencies and obstacles that have hampered past and current attempts to develop and deploy trustworthy and meaningful privacy indicators. Taking these problems as lessons, the paper offers criteria that can be established in law and policy so that trustworthy and meaningful indicators can be successfully deployed and adopted through technological tools.

To provide context, Section I describes the goals for privacy indicators. These goals are distilled from various past and current attempts at the generation of online privacy indicators. Despite differing methodologies and approaches, online privacy indicators have set out to achieve three similar goals: to provide consumers with more meaningful notice; to empower consumers; and to nudge data processors to improve online privacy notices.

Section II contributes to the academic and industry dialogue a typology of online privacy indicators. Attempts to create meaningful and trustworthy privacy indicators from full-length privacy policies appear to fit into one or more of four categories: privacy grades or scores; privacy labels; privacy certifications or seals; and privacy dashboards. Section III then analyzes notable attempts at the creation and deployment of online privacy indicators to isolate the specific obstacles to the development of meaningful synthesized privacy policy content.

To overcome the obstacles identified in Section III, Section IV proposes a set of requirements for the successful deployment of privacy indicators. Indicators can adequately, accurately, and successfully synthesize online privacy content if: (1) lawmakers or regulators establish both standardized evaluation criteria for the privacy practices under consideration and appropriate weightings for scoring techniques; (2) in the analytical and interpretive approach, rating mechanisms must accurately convey to users the actual and demonstrable data practices, or else simply show without deductive reasoning what a privacy statement says according to recognized criteria including the legal principles of contract interpretation and legal defaults associated with the meaning of silence in privacy policy language; (3) lawmakers or regulators provide an imprimatur to a standardized system of icons along with guidelines as to where and how they should be displayed; and (4) privacy raters are impartial, honest, autonomous, and financially and operationally durable.

1. GOALS FOR PRIVACY INDICATORS

   Many have tried to develop privacy indicators. (5) Such initiatives generally seek to achieve three common objectives: provide consumers with more meaningful notice, empower consumers, and nudge data processors to improve their privacy notices and practices. The three subsections below describe each of these goals.

   A. More...