Accessible data policies

We believe that data policies need to be accessible and understandable, to protect both your rights as a user, and our abilities to develop and innovate as developers and designers.

We think that this might be achieved through a standardised graphical ratings system, which allow users to immediately see, understand, and opt-in to, any usage of their data.

We created ourselves a brief, and a data policy framework, which explains to a user what data is pulled from, where it is being sent, what is it being used for, and how long it will be stored. From this, a graphical representation of that framework is being developed.

The CLARITY system

The CLARITY system combines each of the elements of the policy framework to create a graphical boilerplate, which can be presented to the user upon install (or earlier), so they're able to easily review the data policy without having to read the entire legal document.

Each policy item exists as a graphical element, which, when displayed to the user, clearly explains how their data may be used.

The boilerplate is interactive to allow the user to understand each element, and make an informed judgement call on installing or continuing to use the application.

We are currently designing these elements based upon our framework.

The policy framework

The policy accessibility framework aims to describe:

What are the sources of data are being used by the app, and how aware will you be when they're collected?

Sources include:

address book
some applications will access individual records, or the entirity of your address book, for their names, email addresses and phone numbers, or any other details you have on your network. actively, the application would show you a list of your contacts to choose from. passively, the application would select data from your address book in the background.
accessing the microphone allows the application to record and interpret sounds. this might be for voice control, recording, measuring the volume of your environment, or what kind of environment you're in. actively, you'd be asked to record or capture a sound. passively, it would be capturing audio data without your direct awareness.
the camera on most devices can capture images, but also light levels, record movement, and generally record a great deal of data. it could in theory recognise individuals, the place you're in, or near by objects. actively, you'd be asked to point the camera at something. passively, it would be capturing visual data in the background.
text messages
an application could access the text messages messages on your device. actively, it would ask for you to select messages. passively, it could read and store any of the messages, along with who they were sent to/from, and times and dates.
the images stored on your device may be accessible to the application, along with any meta data within the images, for example, time, date, and location. the image data could also be explored, to recognise people, places and objects. actively, you'd be asked to select which images you'd like to share. passively, it would do this without your direct awareness.
an application could 'listen' in to your phone call, and use the call as an audio source, along with the person who is calling, their number, duration, time of day, etc. actively, you'd need to allow the application to eavesdrop. passively, it could do this without asking each time.
call logs
an application could review your call logs, the list of who you called and received calls from, and at what time of day, duration of call, and whether it connected or not
other applications
an application could review what other applications you have on your device, and potentially share data with those applications, or read data from those applications. actively, you'd be asked which applications you'd want to share with. passively, it would do this without asking
an application can find your current history, and by taking a series of measurements, calculate your velocity and direction of travel. actively, the application would need to ask for your location. passively, it would do this in the background.
location history
an application could log or access a log of all of your locations over a period of time. actively, the application would ask you for this list. passively, it would access or create its own list silently
device ID
devices have a number of uniquely identifying attributes, like IMEI numbers, hardware serial numbers, SIM card addresses, and so on. these are often used to identify a device when a user has not registered. whilst it may not identify you with personally identifable information, it does mean the application knows it is the same device each time, and together with location or contact data, can be used to build a profile of you as a user, even if you didn't register
payment accounts
as mobile and micro payments become more common, your device will store payment account information, which could be accessed by the application. accessing this information passively could be extremely risky. actively, it would ask you to confirm payment or access of your payment details. passively, you may not be aware the application is reading your payment details
Near Field Communications, or NFC allows your device to interact with other physical devices which are near by. this can be used for many reasons. actively, you would be asked to touch against an NFC device. passively, the device might just wait until it comes in contact with an NFC device and react silently
the accelerometers are able to measure the orientation and movement of your device in space. actively, your device might ask you to get ready to move. passively, which is more common, the device would react to accelerometer changes in some way without your direct intervention
your device may have temperature sensors, and use these to measure the ambient temperature. actively, you may be asked to take a temperature reading. passively, the application could capture and record this data silently
your application may be able to connect to other devices wirelessly via bluetooth. actively, you will be asked to pair with another device. passively, it may search for or connect to other devices without your awareness
your application may be able to scan for, connect to or access previous connected wireless networks, along with their usernames and passwords. actively, you'd be asked to connect to a network. passively, this data may be accessible without your intervention
and, whether you're actively prompted to okay the source being used (at time of use) or whether it passively accesses the data (perhaps on install).

What are the destinations the data will be sent to?

Destinations include:
read only (ie. not stored), our servers for this app only, our servers for any of our apps, anonymised and shared with other companies, shared with other companies, public (actively aware), public (passive)

How long will this data be held?

Durations include:
session only, application lifetime, 6/12/18/24 months, indifinitely, mixed

How will the data be used?

Uses include:
advertising, usage patterns, network matching, context setting, other

And a boilerplate including:

some standardised links, ie. URL to a plain english version of the policy, and the full legal policy statement; what countries this policy applies to; what local agencies potentially have access to this information (ie. courts, police); a data policy contact email address; contact details for the company. etc.

Iconography System

This is an early version of the iconography we're looking at using, broken into sections as per the policy.

icon suite

We're also looking at boilerplate designs currently too



We'd love to hear your comments and thoughts on the policy framework, and when it is ready, the design elements too.

Made by yarned