Why Don’t We Have Simplified Data Privacy Labels Yet!

As I continue to research this topic of data privacy concerns as a barrier to mentaltech adoption, I have found proposals for a simplified format in much the same way as we have simplified food labels. One is a 2006 paper from the Center for Information Policy Leadership about multilayered privacy notices. The other is a 2009 paper about a study to design a “Privacy Nutrition Label” done at the CyLab Usable Privacy and Security (CUPS) Laboratory at Carnegie Mellon University by Patrick Gage Kelley et al (2010). They designed a tabular format to enhance user understanding of privacy practices, increase the speed of information finding and facilitate policy comparisons.

The findings of this research can be summarized in the following points:

  1. “Standardized privacy policy presentations can have significant positive effects on accuracy and speed of information finding and reader enjoyment with privacy policies”.
  2. Current policy formats are challenging and time-consuming and would account for about $781BN if every internet user read every privacy policy for each site they visited over the course of a year, “admittedly unrealistic”.
  3. Policy language is written at too high a reading level and uses language that is not consumer-friendly.
  4. There is also a widespread consumer belief that there are no choices when it comes to privacy and that they do not have the ability to limit or control companies’ use of their information.
  5. “Not so much tabular format as holistic standardization of the information that leads to success.”

A version of the recommended format is displayed below:

See sharper image on page 3 in the article at this link: https://www.dropbox.com/s/deodvn5vvmcd4x5/Kelly%20-%20Standardizing%20Privacy%20Notices.pdf?dl=0

You can see how this format takes a number of questions which policies are intended to answer and simplifies them in a format that codes how information is being collected, used and shared.

On reading this I wondered why this format has not been implemented by any association, consortia or authorities which set or enforce standards for digital health. And by the way, if such regulation is occurring, please let me know.

Given the barrier this concern poses for consumers, it is a wonder that industry, or at the very least, companies who consider themselves leaders in the digital health space, have not proactively initiated these formats on their sites and apps. It seems this would be a great complement to the American Psychiatry Association’s App Evaluation Framework, in their effort to make the mentaltech space more safe. All we leaders in this space need to think about our own role in instigating format like this. I certainly am.

If you enjoyed this post, a) share with relevant colleagues, b) subscribe if you have not already, and c) sign up for our StressTech Literacy Series.

Be well.

Leave a Reply

Your email address will not be published. Required fields are marked *