A way to see what you get

According to The Cost of Reading Privacy Policies, a paper by Aleecia M. McDonald and Information Sharing LabelLorrie Faith Cranor of Carnegie Mellon University, “national opportunity cost for just the time to read policies is on the order of $781 billion.”

This is based on reading 1462 policies with a median length of 2518 words, taking about ten minutes per policies, adding up to 76 work days per year, or a total of 53.8 billion hours for the U.S. population reading those polcies. This number, observes Alexis Madrigal, senior editor of The Atlantic, exceeds the GDP of Florida.

So, Joe Andrieu and Iain Henderson think, why not eliminate the cost of that work by adopting a Standard Information Sharing Label — like the nutrition label you see on foods of all kinds? So they’ve started a Kickstarter project to do exactly that. Their funding goal, $12,500, is, by my calculations, 1/00000001600512th of the opportunity costs we already run up every year.

Joe and Iain are already quite a bit downstream, having worked for some time on the Information Sharing Workgroup at Kantara, where they are already underway with a draft specification for the label.

So give the a hand, in the form of a pledge.

 

3 comments

  1. Joe Andrieu’s avatar

    Thanks for the shout out, Doc! Let’s get his thing funded!

  2. Nate Riggs’s avatar

    This is a fantastic idea. Thanks for the heads up, Doc.

  3. Aleecia’s avatar

    Thanks for a great summary! We found that if people actually were to read privacy policies they would spend as much time doing so as web surfing.

    The Kickstarter project looks like fun. See another effort in a similar direction from Lorrie’s lab: http://cups.cs.cmu.edu/privacyLabel/ (not a project I worked on.)

    It has always seemed to me that part of how food labels work at all is via percentage values. I do not understand Vitamin A, let alone the biological details of why I should care, but I do understand that 12% RDA is lower than 33% RDA. If we are to make privacy notices actionable, we need not just shorter, standardized notices but clearer notice. There have been dozens of attempts at this problem with “let’s do Creative Commons icons for privacy!” turning up as a new-sounding idea on a rather regular schedule. Noting the ways short (aka layered) notices fizzled could be instructive. It is all too easy to have users both more confident yet more incorrect about data collection and use practices. Plus, companies incentives do not always align with the goal of clear notice.

    Yet prior history does not mean all such attempts are doomed, at all. Certainly the status quo can and should be improved upon. That so many people attempt similar projects suggests sooner or later something may stick, perhaps in the mobile space first where there are fewer moving parts to document. I would urge building in resources for serious testing and revision for any such projects. My favorite example is the 322 page Evolution of a Prototype Financial Privacy Notice from Kleimann.

    Thanks again, and best of luck to the Kickstarter project team.

Comments are now closed.