Trustworthy Privacy Indicators: Grades, Labels, Certifications and Dashboards

46 Pages Posted: 28 Mar 2019

See all articles by Joel R. Reidenberg

Joel R. Reidenberg

Fordham University School of Law

N. Cameron Russell

Fordham Center on Law and Information Policy (CLIP)

Vlad Herta

Fordham Center on Law and Information Policy

William Sierra-Rocafort

Fordham Center on Law and Information Policy (CLIP)

Thomas Norton

Executive Director

Date Written: February 26, 2019

Abstract

Despite numerous groups’ efforts to score, grade, label, and rate the privacy of websites, apps, and network-connected devices, these attempts at privacy indicators have, thus far, not been widely adopted. Privacy policies, however, remain long, complex, and impractical for consumers. Communicating in some short-hand form, synthesized privacy content is now crucial to empower internet users and provide them more meaningful notice, as well as nudge consumers and data processors toward more meaningful privacy. Indeed, on the basis of these needs, the National Institute of Standards and Technology and the Federal Trade Commission in the United States, as well as lawmakers and policymakers in the European Union, have advocated for the development of privacy indicator systems.

Efforts to develop privacy grades, scores, labels, icons, certifications, seals, and dashboards have wrestled with various deficiencies and obstacles for the wide-scale deployment as meaningful and trustworthy privacy indicators. This paper seeks to identify and explain these deficiencies and obstacles that have hampered past and current attempts. With these lessons, the article then offers criteria that will need to be established in law and policy for trustworthy indicators to be successfully deployed and adopted through technological tools. The lack of standardization prevents user-recognizability and dependability in the online marketplace, diminishes the ability to create automated tools for privacy, and reduces incentives for consumers and industry to invest in a privacy indicators. Flawed methods in selection and weighting of privacy evaluation criteria and issues interpreting language that is often ambiguous and vague jeopardize success and reliability when baked into an indicator of privacy protectiveness or invasiveness. Likewise, indicators fall short when those organizations rating or certifying the privacy practices are not objective, trustworthy, and sustainable.

Nonetheless, trustworthy privacy rating systems that are meaningful, accurate, and adoptable can be developed to assure effective and enduring empowerment of consumers. This paper proposes a framework using examples from prior and current attempts to create privacy indicator systems in order to provide a valuable resource for present-day, real world policymaking.

First, privacy rating systems need an objective and quantifiable basis that is fair and accountable to the public. Unlike previous efforts through industry self-regulation, if lawmakers and regulators establish standardized evaluation criteria for privacy practices and provide standards for how these criteria should be weighted in scoring techniques, the rating system will have public accountability with an objective, quantifiable basis. If automated rating mechanisms convey to users accepted descriptions of data practices or generate scores from privacy statements based on recognized criteria and weightings rather than from deductive conclusions, then this reduces interpretive issues with any privacy technology tool. Second, rating indicators should align with legal principles of contract interpretation and the existing legal defaults for the interpretation of silence in privacy policy language. Third, a standardized system of icons, along with guidelines as to where these should be located, will reduce the education and learning curve now necessary to understand and benefit from many different, inconsistent privacy indicator labeling systems. And lastly, privacy rating evaluators must be impartial, honest, autonomous, and financially and operationally durable in order to be successful.

Keywords: data privacy, information law, information privacy, trust, grades, certifications, scores, dashboards, labels

JEL Classification: K00, K1, K19, K20, K30

Suggested Citation

Reidenberg, Joel R. and Russell, N. Cameron and Herta, Vlad and Sierra-Rocafort, William and Norton, Thomas, Trustworthy Privacy Indicators: Grades, Labels, Certifications and Dashboards (February 26, 2019). Washington University Law Review, Vol. 96, No. 6, 2019. Available at SSRN: https://ssrn.com/abstract=3342747

Joel R. Reidenberg (Contact Author)

Fordham University School of Law ( email )

140 West 62nd Street
New York, NY 10023
United States
212-636-6843 (Phone)
212-930-8833 (Fax)

HOME PAGE: http://faculty.fordham.edu/reidenberg

N. Cameron Russell

Fordham Center on Law and Information Policy (CLIP) ( email )

Fordham Law School
140 West 62nd Street
New York, NY 10023
United States
212-930-8878 (Phone)

Vlad Herta

Fordham Center on Law and Information Policy ( email )

Fordham Law School
140 West 62nd Street
New York, NY 10023
United States

William Sierra-Rocafort

Fordham Center on Law and Information Policy (CLIP) ( email )

Fordham Law School
140 West 62nd Street
New York, NY 10023
United States

Thomas Norton

Executive Director ( email )

Fordham Law School
140 West 62nd Street
New York, NY 10023
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
104
rank
252,465
Abstract Views
852
PlumX Metrics