thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Wednesday, May 16, 2007

Icons of Privacy

Analogue to the Creative Commons licenses that use lawyer-readable, machine-readable and human-readable formats, there has been some movement towards developing a similar approach for data privacy. The P3P protocol already combined the lawyer-readable plus machine-readable approaches, and the privacy bird browser extension was a first raw attempt to graphically display if a web site's P3P privacy policy is conform with your own privacy preferences.

More recently, there have been attempts to design more meaningful icon sets that symbolize the different uses of personal data by web services. The first example I am aware of was presented by Mary Rundle from the Identity Commons Working Group on Identity Rights Agreements last year at the UN Internet Governance Forum (see the pdf of her presentation here, the icons and the idea are on slides 7 and 8).

Now (apparently inspired because I told him about this), Matthias Mehldau from the popular German blog has designed a whole set of private data usage symbols. It's spreading heavily in Germany's blogosphere at the moment, and he calls for designers and privacy experts to develop this version 0.1 further. It's licensed under a creative commons by (not: nc) license. Click on the picture to enlarge.

Disclaimer: I also blog at

Update, 6 November 2009: Christopher Parsons from the University of Victoria is now also thinking about this. Worth a read.

Update, 14 January 2010: Now some folks around in Washington, DC are also working on this.

Update, 3 October 2012: Alexander Alvaro, liberal Member of the European Parliament and in charge of the upcoming data protection regulation for his group, has proposed privacy icons in a conceptual blogpost titled "data protection lifecycle management".

Update, 7 October 2012: Aza Raskin presents the alpha release of an icon set based on the work around the activities.

Update, 9 October 2012: The rapporteur of the European Parliament for the new data protection regulation, Green MEP Jan Philipp Albrecht, has endorsed the idea of layered policies and privacy icons in his Working Document 2, which summarises the state of debate in the lead civil liberties committee. Disclaimer: I am senior policy advisor for him and work on data protection, among other things.

Update, 22 November 2012: The icon set from Mozilla has been finalised in a hackathon. A few hundred websites' privacy policies have already been categorised and inconised. Several browser plugins now allow you users to get a quick overview of which data is collected, for how long, and what happens with it: Firefox, Safari, Chrome.

Update, 14 January 2013: I just discovered another icon set, this time from May 2012 and from some folks at Yale University.


Anonymous Anonymous said...

I'm guessing that German bloggers have better short-term memory from using much longer words than Americans. It would take me at least 30 minutes to tag something with those icons, and 15 minutes to decipher someone else's.

Ralf -- how do you propose these icons be used? Points to the designer for scope, but i can't see anything so complicated catching on, excepting among those few who tagged their signatures with Geek Code a few years back.

17/5/07 03:14

Blogger Ralf Bendrath said...

Jeff, it is certainly time-saving compared to privacy policy statements written in legalese. And geek code is really more - well- geeky. I think it could be used like the CC license icons, but I am also not sure if all data usages can really be modelled in a few icons. But this fits into the general discussion among data protection experts on layered privacy policy statements, where the legalese is only the layer you see if you click on "details", while the first statement that is displayed is more brief and accessible to normal humans.

Oh, and Dick's last name is "Hardt", I've corrected the typo.

17/5/07 03:33

Anonymous newnomad said...

Any progress on this?
I would like to extend the idea into ecommerce; not just privacy and TOS, but also sales and shipping terms.

18/3/10 13:44


Post a Comment

<< Home