Andrei, thanks for getting the discussion going. I didn't want to waste precious words by detailing what could be found on the links to the people that had begun working on some form of a Privacy Commons, but I am happy to address your concerns more explicitly and at greater length here.

(1) I think that the icons would largely indicate what practices a company could do without violating its own privacy policy (and therefore subject itself to FTC scrutiny). A supplemental icon (possibly just overlaid on the corresponding category) might indicate any supplemental and verifiable information that was available about actual compliance with a company's privacy policy (subject to the limitation/concern you raise in (3)).

Mary Rundle enumerates most of the substantive aspects of data collection that the icons should address, sorted into the following categories: 1. Collection Limitations (which kinds of data are collected: sensitive/personal, IP addresses, browsing patterns, etc.?) 2. Data Quality (how much data is correlated, anonymized or simply not collected) 3. Purpose Specification (is the data used for customer databases, internal research, marketing purposes, etc.?) 4. Use Limitation (is the data available to third parties for commercial resale, limited to intra-company data-sharing, or only for uses required to operate the service) 5. Security Safeguards (is the data sufficiently protected from unauthorized third parties) 6. Openness (do developers or users have access to the API/data?) 7. Individual Participation (can users control or view their own data? To that end, who owns the data? The last question may be important enough to many users to be its own icon.) 8. Accountability (is redress for disclosing or failure to protect data available by the terms of the policy itself?)

I am not sure whether or not these elements are already too numerous and need synthesis, but Aaron Helton also raises the following factors that are more concerned with the nature of the policy itself: 9. Policy Mutability/Revocability (is the policy subject to change or revocable unilaterally and without notice to the user?) 10. Policy Version (this might not need to be an icon or anything, but would be useful on the analysis side).

(2) The first effort should be on creating some kind of algorithm that would parse policies to see if they were in one of the standardized forms that a Privacy Commons might develop, but since P3P? has had so much trouble with machine-readable privacy settings, I could imagine that this challenge is not easily overcome. I agree that the natural impulse is to have lawyers parsing the privacy policies, I would also think that a wiki/community could be successful in this particular context, as long as there was some moderation performed by lawyers. If not, why not start a clinic at Columbia Law School or anywhere else people need to complete pro bono hours? I am aware of at least a few professors academically interested in EULAs, which would dovetail nicely with this project.

In terms of alternative funding, I could even imagine Google taking some interest in the project because of the data ownership aspect of the crawling. If Google could have someone else do the work of publicizing the fact that other sites claim proprietary ownership of users' data, in the hopes that those sites' users would demand some policy reversal, it would only make Google's attempts at crawling all that data themselves all that much easier. But maybe that's overly optimistic.

(3) This is a good objection, but I think it is easily solved by couching the icons/terms as "No protection for ___ verified by PrivacyMinder? " and would reinforce the point about adopting standardized privacy policies where it would be easy to verify that such protections were in fact granted. I think we would run into more trouble if we were using "outside information" about actual practices unless that information was absolutely verifiable, thus allowing us an affirmative truth defense to a libel action.

(4) I agree that this would be a monumental task in the absence of machine-readable or standardized policies. Depending on how strongly the advantage of anarchic policy-assessment plays in our favor, the problem might not be so significant. Practically speaking though, going by popularity rank would be a necessary first step until the other tools are solidified.

(5) Getting "pull" to apply rather than "push" is probably the toughest challenge there is here, but I think that upcoming conflicts on sites with a lot of user-generated content might push a data-collection issue like this to the fore. The better answer is that if we also bundle in something like the EasyPrivacy subscription list for AdBlock (which isn't a default subscription in AdBlock, and might be better leveraged to spread this product), then that might actually make the users' experience more enjoyable (by cutting out unnecessary data-collection processes) and create some pull.

If we can't do that, I agree that bundling is the best option. Facing corporate opposition to privacy would probably require either (1) courting favor with those companies that already offer fairly generous privacy (relative to their competitors) or (2) creating some straw men icons that would be easily satisfied by most sites. (1) might be easier than we would prospectively expect, given that Chief Privacy Officers would probably expect to be able to either outmaneuver such an extension or further publicize the company's respect for privacy through it.

I could keep going but I should probably pause and let others join in the fray. Thanks again for your thoughtful response.

-- RickSchwartz - 26 Apr 2009