Sunday 24 July 2011

Another nudge for privacy icons

I’ve been so busy recently that I have not had time to properly record a significant development in what I’m sure later historians will call the evolution of privacy iconography. On July 14th our chums at Speechly Bircham formally unveiled the results of some research that Professor Andy Phippen, of Plymouth Business School, had carried out, into the behaviours and attitudes of young people toward online technology and privacy.

Some 4,115 schoolchildren in the Plymouth area took part in a survey on Data Protection Day 2011. And, just like their parents, it’s clear that they readily engage with online social media, sometimes they struggle with the policies that are supposed to be in place to protect them, and they are aware of the need to protect their data, but are not always equipped to do so.

The report is worth reading because it gives a valuable insight into the minds of people for whom the internet is going to play an overwhelming role in their lives. But when reading some of the findings, I did have to pinch myself to remind myself that I was reason about a group of schoolchildren, rather than adults. After all, read this (abridged) summary, and tell me whether their parents would be any more likely to offer different views. To be honest, I think the responses would be very similar:

“Our respondents were asked whether they had ever read a privacy policy. In total 40% of respondents had, meaning 60% of young people have not read the privacy policies of the web sites they use. Boys are likely to have a more relaxed attitude toward data and data sharing, although this is far from irresponsible with the vast majority still believing their data should only be seen by friends and family and parental consent was necessary all scenarios presented about where their data might be exposed. When those who had not read a policy were asked why not, there were a variety of responses. 32% said they didn’t know what a privacy policy was, with 23% saying they didn’t know where to find it. A quarter felt they were too complicated, and another quarter did not feel it important.

Those who do engage in privacy policies may understand what is presented and think they are important. However, the majority of our respondents hadn’t seen a policy for a number of reasons. They were also asked what might be done to improve privacy policies and a large number of children said privacy policies should be made more simple with “less words”.

However, it was also clear that our respondents felt that privacy on social networking was important, with the vast majority (85%) saying that social networks should have the strongest privacy settings by default and an even larger majority (94%) feeling that clear rules were needed to help with the removal of photos and videos posted without consent.

What our data does clearly highlight is the need for education at a primary school level. While the use of social networking used to be considered something for secondary aged pupils our data shows that the majority of primary aged pupils also engage. However, it also shows that primary aged pupils are potential more vulnerable as a result of not being aware of privacy policy or where to find it. While they are generally more protective of their data, the change in attitude at secondary age does suggest that without effective education at a primary school level, there is potential for more risky behaviours in adolescent life.

The data also shows that while not all of our population felt privacy policies were complicated there was a great deal of confusion around them. They were also very clear that service providers should provide the most private settings by default.

While our population did not come across as naive around data protection issues, they were clearly not as well informed as they could be, and felt they needed help from service providers in ensuring “their” data was protected.”

This ought to be taken as a wake-up call for the data controllers to try harder to make their policies clearer to everyone. How? Simple – with more pictures. If IKEA can explain how to put a chest of drawers together in a series of cartoons, surely soon will come the day when the more responsible data controllers will develop a common set of images to explain some of the more basic data processing concepts.

But, and this is a huge but, how on earth can group some of the largest (and most responsible) data controllers, whose very DNA prevents them from working closely with other data controllers, ever come together and work on such a hugely important project in an atmosphere of mutual respect? I doubt whether there is an area large enough to accommodate the egos, which naturally will have to be left outside of the negotiating room if any meaningful progress is to happen. It could even be thought unlawful, in EU competition terms, for some of them ever to be seen in the same room together. So how will they get to agree on sets of common images?

These largest data controllers are organisations controlled by people whose every instinct is to offer the very best service to their customers. But in a fiercely competitive way. So, if the concept of privacy iconography is really going to fly, I can see it taking off because a group of stakeholders who are not data controllers have come together and shown the way.

Do I mean a group of regulators? Not necessarily. But perhaps groups of consumers.

Let’s have some competitions , say in the art schools, for privacy icons that could be taken up by the global players. Let’s not leave it up to the likes of Google, Facebook, Microsoft, Apple or Yahoo. Let’s see what the customers come up with.

Today’s customers – or tomorrow’s customers – the very young people who contributed to this fine report.