In 2003, California passed a law requiring websites to disclose the data they collect on visitors. This created a domino effect, with laws popping up in other parts of the world, and as a result every organization with a website now has a privacy policy on there somewhere. But despite their name, these policies don’t actually have much to say about privacy or what responsibility websites have to avoid collecting data on you. So when you read a privacy policy or a terms of service, (and if you do, frankly, you’d be one of the first outside of the lawyers that wrote it), you aren’t really reading about privacy, but instead just a disclosure of generally what data they’re collecting about you and a vague sense of what they’re doing with it. As Gus Hosein of Privacy International says, privacy policies are the pinnacle of the ‘art of saying nothing.’
At WITNESS, we care about this because we spend a lot of time thinking about technology; specifically, how the proliferation of connectivity and mobile devices technology affects citizen witnessing. As part of our tech advocacy work we talk to companies not just about how they provide tools like blurring for visual anonymity but also how they can design user guidance into their platforms and present the concepts of privacy, consent, and security in a way that is actually accessible for users, whether those users have a law degree or not. The tools are moving so much faster than our understanding of how to use them, especially if we want to be safe, ethical, and effective in our witnessing. And privacy is at the center of that.
That’s why we have signed on to the That’s Not Privacy campaign. The first step is to encourage companies, nonprofits, and website owners of all stripes to call their privacy policies something a little more accurate. You’ll see for example that we don’t have a privacy policy; we have a data use policy. Same goes for Civic Hall, whose founder Micah Sifry kicked off this idea, and the website for Tactical Tech’s great Me and My Shadow project. Others will choose different names, but the idea is the same — to be clear about what data websites are collecting and what they’re doing with it, and to put an honest moniker on that disclosure.
This is a minor change, to be sure, but one we hope will open up bigger conversations about what we mean when we talk about privacy and user control online. These are conversations we need to have if we are truly going to empower everyone around the world to be a human rights witness.