Data Privacy Misleader Board seeks to influence change through shaming
Osano, a champion for data privacy transparency and the B Corporation behind Privacy Monitor, recently published the first Data Privacy Misleader Board, revealing eight websites with privacy issues that should be flagged for users.
As part of the process that informs the Privacy Monitor service, Osano’s team of licensed attorneys has been dissecting the terms and conditions at some of the world’s most popular websites. The rigorous policy review process and resulting reputation scores given to each site are based on more than 150 criteria as well as how the company gathers and utilizes users’ data, where and with whom they share it, how it’s stored and whether they comply with regulations. In a monthly Misleader Board, Osano will share some of the most notable offenses and the companies behind them.
Information Management spoke with Arlo Gilbert, chief executive officer and founder of Osano about the motivation for the Misleader Board, and what organizations can learn from those that have been named to the initial round.
Information Management: Privacy Monitor recently released its first Data Privacy Misleader Board. What exactly is that?
Arlo Gilbert: Osano is building a unique data set of data privacy practices and relationships between vendors. As our team of attorneys research the privacy practices, we generate scores that rank the practices of companies as it relates to data collection and management.
For Privacy Monitor, we expose the scores to consumers through a variety of browser plugins and mobile apps. As our attorneys were doing their research however, they kept filling our Slack chat with comments like "Can you believe that?" and "Wow this is terrible!"
It occurred to us that end users would benefit from seeing some of these terrible practices and so we decided to curate the most entertaining and awful practices that they find each month into the monthly misleader board.
IM: What does the board track?
Gilbert: The board tracks the eight most entertaining and awful data privacy practices that our attorneys found during the prior month.
IM: Who were some of the organizations/websites that grabbed your greatest attention, and why so?
Snap Chat stood out for us as well due to the schizophrenic nature of the policy.
IM: What are the greatest type of offenses that get an organization or website named to your board?
Gilbert: Sneaky stuff is what we primarily focus on. Did they hide something in the fine print that is outside of what an average person would expect?
IM: With regard to the majority of organizations that make it to your board results, are they acting maliciously or deceivingly with regard to data privacy and security practices, or is it more a case of carelessness?
Gilbert: These companies are for the most part trying to balance competing interests. Their attorney's write these policies for the purpose of protecting their client, not for the purpose of creating fair and balanced privacy practices with clear language for the average reader.
Sometimes the policies are malicious and intentionally awful. We found one policy that claimed that you owe them $250 per site visit if you haven't agreed to their terms. Others we find pretty regularly just show a complete lack of understanding the basics of how to inform consumers. So overall it's a pretty good mix of intentional deception and over-lawyering.
IM: What was the motivation for starting the Misleader Board?
Gilbert: Privacy is not a sexy topic. Data sharing is generally a pretty dry subject. Since the privacy monitor tools are focused on helping the average Internet user from ages 13 to 100, we are always looking for ways to make a dry subject interesting and highlight why a tool like ours needs to exist.
IM: What gets an organization or website a favorable (or less-unfavorable) ranking in your view versus an unfavorable one?
IM: What do you hope will be the long-term impact of the Misleader Board results?
Gilbert: We hope that the companies who get called out take this as an opportunity to revisit and improve their privacy practices. Of course, it's entirely possible that somebody will beat their chest and take us to court, but the truth is an absolute defense, and conveniently we have dozens of attorneys on staff.