A crazy idea about privacy

I was skimming through another annoying privacy reminder, and thought to myself...

Why is it me who has to read and accept their privacy policy?

It's my personal data we're talking about, isn't it? Why are they telling me how this is going to work? Shouldn't I be the one calling the shots?

So that was the starting point to reflect on a few 'what if' scenarios.

What if I had my own privacy policy?

Of course, it's not really practical to require businesses to comply with billions of people's individually created privacy policies. But it also isn't realistic to expect individuals to spend more than 200 hours per year to read the dozens of different privacy policies relevant to them.

That doesn't mean we can't give individuals more power over privacy.

What if all privacy policies were standardised?

If every online busines had to create their privacy policy with a prescribed check-box form, privacy policies would stop being such a dreadful chore. Comparing and assessing businesses' privacy practices would become more like comparing apples with apples, rather than (legalese) waffle with waffle.

This raises another what-if...

What if your computer could read all the privacy policies for you?

If there's one thing software is good at, it's comparing apples with apples. Forget elaborate AIs and natural language processing.

Standardising privacy policies turns them from 'wet code' into 'dry code'. It makes them machine-readable.

Machine-readable things can interact with other machine-readable things.

We could plug privacy 'settings' for individuals into businesses' privacy policies. If businesses had to fill in an electronic form explaining who they share information with, you could fill in a mirror-image form, choosing the businesses you don't want to share info with - e.g. a business that has just had a massive data breach.

What if you could make meaningful choices about privacy?

Imagine if your browser told you whenever an online provider's privacy 'setings' didn't match your personal privacy 'settings'.

This is not quite the same as forcing businesses to read and follow your own personal privacy policy. But it would mean that you could make genuinely informed choices about privacy, rather than choices based on a privacy policy you never had the time to read.

Do check out the podcast discussion we had on this subject, and let us know what you think on twitter @code_pact.

To see our early efforts at creating simpler, more standardised privacy policies, check out Treescribe