Privacy labels aim to control prying eyes, personal data

Privacy labels aim to control prying eyes, personal data

Summary: A pair of entrepreneurs thinks labels on websites that outline information sharing rules could go a long way toward protecting user privacy on the Internet and improving business relationships between consumers and online services.

SHARE:

Nutrition labels tell consumers a lot about the food they eat and now two entrepreneurs want similar labels of websites that tell users a lot about how their data is being shared.

Joe Andrieu and Iain Henderson this week launched the Standard Information Sharing Label (SISL) as an alternative to lengthy and dry Terms-of-Use or Privacy Policy documents that websites post but that more often than not go unread.

The SISL allows websites to say in simple language what they do with a user's information. Armed with that knowledge, Andrieu thinks users can make better decisions about what they share online, and websites will get a more accurate profile on each user.

"Terms of Use policies are ransom notes," says Andrieu. "We agree to all sorts of things we don't understand. The idea with the label was simply to make it easier for companies to communicate what is happening with our data."

This week, the pair launched a Kickstarter project to raise money to fund the creation of the label's interface. They hope to collect $12,500 to support a designer they have selected and to produce an informational video.

A mock-up of a Standard Information Sharing Label

The SISL is designed like a USDA nutrition facts label, a Creative Commons license for personal data or the privacy nutrition label from Carnegie Mellon University's CUPS Lab.

The goal is to have the label graft onto today's Internet. The pair has targeted HTML forms and OAuth-based permissions as their use cases. Labels could be accessed via icons on Web pages, much like buttons for RSS feeds, and supported via browser extensions.

Andrieu and Henderson have been working for three years on underlying trust and legal issues around data sharing in the Information Sharing Work Group under the Kantara Initiative. That work fostered SISL.

Andrieu says SISL can be used without a trust and legal foundation, but the framework adds strength and options to the architecture.

"When you share information online there is a ‘point of sharing' and we want to use that point to create a contractual framework for terms-of-use for your data," says Andrieu. "We think there will be a basic agreement that has default terms that everyone agrees to."

The second part of the sharing architecture would be the ability to "bootstrap" a data transaction agreement around a particular piece of data for a particular use, he says.

Funding for the legal agreements is outside the scope of the Kickstarter project, so Andrieu is mining another source - the National Strategy for Trusted Identities in Cyberspace (NSTIC).

Andrieu's company SwitchBook, which bills itself as user-driven context management, was named a finalist in April for the NSTIC pilot grant program. Earning a grant could provide up to $2.5 million to work on their proposed project, which is to combine trust and context to provide a more relevant representation of a consumer that can be applied automatically when they visit a website. The NSTIC project would include developing the trust and legal pieces needed to complement SISL.

The NSTIC project defines how a user can provide information - or context - about themselves rather than having that information inferred by a provider relying on ad networks and personally identifiable information gleaned from the Internet.

"It's a much more relevant signal," says Andrieu.

He says that kind of capability leads to users being able to define their own default terms of use, such as the provider will delete any personal data after a session ends.

"Companies could still personalize services, but they might have to give up long-term expectations around leveraging that user data," he said. "But they also might see fewer users opting out all together."

The pair hopes to develop SISL in many languages and have it apply internationally. Today the label is only available in English.

Topics: Software Development, Browser, CXO, IT Employment

About

John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Need a rating system

    Need a rating system the above would make users eyes water and just ignore it. I get plenty of information here on what web site is doing what to there customers. Plus we have a couple of paid FB writers here warning users every day of current exploits instead of real articles
    Stan57