Privacy Commons Icon Set
I decided to take a stab at making a set of icons that would fit the so-called Privacy Commons write-up I did yesterday. Keep in mind I am not a graphic designer by any means, so if someone else wants to give this a shot, go right ahead. Also, there are some still missing, which I will detail at the end of this post.
First up are the icons detailing what information is collected. These are optional, since not every site collects information.
This one is stands for “Collects Personal Information.” You would use it if you collect any information from users that can be used to identify them, including email addresses, home or mailing address, name, phone number, or even some profile information like hobbies and interests.
The second one stands for “Collects Banking Information.” Use this one if your company or organization collects credit card information, bank account information, or pretty much anything dealing with money.
The third in the data collection set is “Collects Aggregate Statistics.” Pretty much every site does this, but it’s not a bad idea to specify that non-personally-identifying information is being collected to make pretty charts for executives.
Next we have the icons dealing with how information is used.
This set stands for “May Disclose” and “Won’t Disclose.” If you reserve the right to disclose any of the collected personal information, you would want to choose “May Disclose.” If you are not giving away access to that information, choose “Won’t Disclose.” Because there is an explicit icon representing each choice, it might be wise to choose one of these.
And the next set is “May Sell” and “Won’t Sell.” Again, I included an option to explicitly sell as some web services make their money this way. It may or may not be the same as disclosing information, and in many cases could be as innocuous as selling the site statistic data. Either way, one of these choices should suffice to communicate how you as a company are planning to use the data you are collecting. Choose one so that you can make this policy explicit.
The final set I have deals with data ownership.
These icons (which don’t look to me so much like databases as they do paint cans) represent the levels of ownership of the user’s data. U is for “Full User Ownership” and means that the user is in complete control of the data and user-generated content. C is for “Full Company Ownership” and means that the company owns the data, including all user-generated content. And S is for “Shared Control,” wherein the company owns the personal information it has collected, but the user owns his or her generated content. There is room for this to have more granularity, but it’s a start.
Wrapping it up
As you can see, the icon set is not complete. Some concepts may not translate well to simple icons, but I also could be missing something. Specifically, we are still missing icon sets for what happens in case the privacy agreement changes (mutability clause) and for the user’s rights of revocation. These are fairly complex when put together, so I don’t anticipate the solution will be quite as easy as the other portions.
The icons themselves might serve well enough, but I can think of some improvements that might enhance their clarity. For instance, I made them all orange, but I would suggest instead that each policy segment have its own color, so that if there is any confusion in the way the icons look (the “Collects Banking Information” and the “May/Won’t Sell” icons could be mistaken for one another), the color will be the factor that sets each apart from similar icons.
As always, I welcome any comment on this posting.
Aaron,
It looks like you’ve done some good work here and on your previous post on privacy policy standardization. I would love to trade notes with you on your thoughts for a Privacy Commons (which we’re actually getting underway). Take a look at http://wiki.privacycommons.org, and let me know if you want a login. We’d appreciate your participation. Mark Blevis is also on my short list for an invitation. Anyone else you think should be involved?
Aaron Titus
July 21, 2009 at 7:36 pm
Thanks, Brock. I think you’ve outlined just a few of the challenges that have kept this from becoming a reality. Simple icons are very important, but it may be that some concepts don’t translate very well to such a simple representation. I will continue working at it, and as long as others are doing the same, I don’t see any reason this won’t happen.
aaronhelton
February 27, 2009 at 6:28 pm
Hey, I jumped here from Ars Technica. I like the design of the icons, but here’s some minor suggestions.
The first three I think should be negative (i.e. with a slash or X through them), as it’s so common for bank sites to collect bank information and for social networks to collect personal information that they would be more likely to adopt the icons if they deviated from this norm. And as you say, they all collect aggregate data.
Or for the first one, I was thinking the letter P with a shield around it for the fact of protecting privacy and NOT collecting data.
The next two, you might want to do traffic-light-style, with green-yellow-red for “will, may, and won’t” disclose/sell info.
The last set isn’t so clear without reading the paragraph below it. Maybe an outline of a person together with a key for “user owns data”, an office building with a key for “company owns”, and both the person and office building with the key for “shared”? Not sure how else to do it.
Going forward, the next step to lower the adoption barrier (laziness) would probably be to make a web form where a webdesigner can just check the boxes for their site’s relevant policies, and the form will output a copyable HTML snippet that codes for a small table full of the appropriate icons.
Hope this helps!
Brock
February 27, 2009 at 5:59 pm