TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tech | On Building Consumer-Friendly Privacy Notices for the IoT Related reading: Could This Tech Help Prevent the Hack of Your C-Suite?




Snapchat made headlines once again late last month after the media latched on to its newest privacy policy update. The Independent reported, “Snapchat’s terms of service allow the company to look through your snaps and share them publicly.” That same report later added, “Very similar worrying phrases were found in Microsoft’s terms and conditions earlier this year, for instance, when a tool that could guess how old you were went viral—but also granted the company the option to use and publish those photos.”

These aren’t the only examples of updated privacy policies garnering public and media ire. Like other instances before it, Snapchat followed up last month’s media scrutiny with its own PR emergency response:

Snapchat posted a more complete response on its site, explaining, “There’s been some confusion about the updated Privacy Policy and Terms of Service we rolled out last week. We never want to create any misunderstanding over our commitment to protecting your privacy.”

Not even two months ago, I wrote about a similar misunderstanding after security software firm AVG decided to break ranks with the traditional legalese-based privacy policy and, instead, disclose a simpler, more user-friendly version.

They faced the ire of the media as well. And yet again, we see a lack of trust between companies and consumers.

To pile on, we’re entering the Golden Age of the so-called Internet of Things (IoT). A world replete with remote sensors, wearable technology, drones, smart cars—you name it. Plus, many of these devices may not have an interface on which to read a privacy policy.

It’s highly likely that with this new era these, let’s call them, "privacy-notice misunderstandings," will only increase as exponentially as the iPV6 addresses upon which IoT devices rely.

One company, however, is offering a potential solution for consumer-friendly privacy notices. Called Privacync, the tool aims to provide IoT manufacturers with an easy-to-read dashboard for consumers, complete with information such as what PII is collected, with whom it’s shared, whether it’s encrypted and other data security info, plus opt-out options as well as links to the full, lawyer-friendly policies.

“I’ve noticed that every time an FTC commissioner gives a speech, they ask for someone to do this in the real world,” said company co-founder Dale Smith, CIPT. “This product is based at its core on the FIPPs,” he added. “We’ve developed a set of ‘best questions’ geared toward the manufacturer, and our concept is, ‘why not build in questions an expert would ask a vendor?’”


The tool was released in October, and is ready to go, according to Smith. To grasp what the product would look like, they have a few “featured products” based on public information of existing products in the marketplace. So, for example, if Fitbit were to use Privacynq, based on just the publicly available data—its privacy policy, terms of use, etc.—you can see what the dashboard would look like.

The company lists other samples from existing IoT products in the automotive, garden, health, home, manufacturing, pet, security and toy industries as well.

“Our set of ‘best questions’ are not enough to satisfy a lawyer, but they’re good enough for the consumer,” Smith said. “We put together a survey—a list of those best questions—and look at the features and benefits of a product. It’s not just a one-sided notice written from the perspective of the lawyer.” The manufacturer then fills out this survey and decides what inputs they want for this dashboard, he said.

Smith was careful to point out that Privacynq is not designed to replace standard privacy policies. The goal, rather, is to cultivate trust with the consumer.

“We want to promote digital trust,” he said. “If we can agree, ‘Yeah, I’ll give you certain data, if, and only if, you treat it right,’ then we can trust each other,” he said.

Privacynq isn’t the first foray for Smith in the startup world. Nor is it his first go at a privacy-focused product. Two years ago, he and his team looked into building a verifiable parental consent tool for compliance with the Children’s Online Privacy Protection Act (COPPA). AgeCheq applied to the FTC for two separate verifiable consent methods. However, both were denied. One proposal featured a real-time common consent mechanism. The FTC noted that such a method had already been recognized. The second device-signed parental consent form was denied because, according to the FTC, it was not compliant with COPPA’s requirement “regarding the type of parental information” that can be collected for verifying a parent’s identity.


But these denied requests have not deterred Smith. He and his team, which includes his brother, have worked with the Online Trust Alliance (OTA) in developing Privacynq. “Our concept is that the IoT needs this tool somewhere,” Smith said. “We’re trying to bring together the best practices of the IoT space and make it consumer ready.”

OTA Executive Director Craig Spiezle said Privacynq recently joined the OTA and shares "our view of the need to move privacy from a compliance discussion to one of stewardship." He said with a growing rift between manufacturers and consumers—he points to the rise in use of ad blockers as proof of that gulf—businesses need to communicate "in a simple straightforward manner, weighing privacy best practices against good faith need for consumers' personal information." Spiezle also said Smith and his team "have been very receptive to the OTA working group's input to brief consumers regarding their privacy in context and in accordance with industry best practices."

Smith says he believes this is just the beginning. “We’ve tried to take the long-term view on this,” he said. “We don’t believe the standoff between the manufacturer and the consumer will continue. We want to educate and build trust.”

It looks like the needs of the IoT space, and time, will tell.


If you want to comment on this post, you need to login.