The Privacy Policy is dead - the arrival of the surveillance policy.
Thesis: Disrupting the privacy policy to make it do what it says on the tin.
we need to shift from the ‘privacy policies’ of companies, which springs from data protection laws, to enabling citizens to gain visibility of what they are signing up to, in regards to their data, and provide ‘privacy’ of individuals, as contemplated by human rights laws.Context
- Privacy pertains to the person; “privacy” is the state of being free from public attention and unwanted intrusion;
- Data is not privacy, but data from or about the person can be private or not private depending on how it’s used, who is using it, and who has control of it;
- In the digital world a person’s privacy policy is like the clothing that one puts on to signal what data they consider private, and what is not private;
- The view is that companies who respect their customers privacy will be able to build relationships and trust over time - which will create growth, sustainability and deference
How: policies that do what they say!
Privacy Policy:
Focus on the person and
aligned to human rights. Protective rights
Surveillance Policy: Disclosure on what you are collecting, for what
reason and how it will be used.
Data Policy: Delete,
erase, protection, security, storage location. Just data and rights
Consent Policy: What you are agreeing
that the company can do with your data, how it can be shared, with whom
and what controls you are given.
Terms
& Conditions: as normal and by law