A
privacy proposal calling for mobile app developers to provide consumers with so-called “short-form notice,” which explains data collection practices in one or two words, seems to be
gaining traction at the Commerce Department. But Carnegie Mellon University researchers say in a new paper, published this week, that the proposal in its current form could confuse consumers.
The Commerce Department's short-form notice proposal, which is still in draft form, calls for developers to describe the information collected in a single word, or very short phrase -- like
“biometrics,” “health information,” “location,” and “browser history.” The proposal also says developers should use short phrases to describe the
third-parties that will receive the data -- like “ad networks” or “social networks.”
But researchers at Carnegie Mellon say a new study shows that the proposed
terminology is ambiguous. For the study, researchers asked 800 consumers and four experts which of the short-form terms they would use to categorize certain types of information.
“These terms are somewhat problematic,” Lorrie Cranor, the Carnegie Mellon computer scientist who oversaw the research study, tells
Online Media Daily. “They're not
well-defined, even the experts weren't sure how to apply them.”
For instance, researchers asked people to consider a fictional app called HipClothes, which requests that users provide
their waist size, inseam and location. HipClothes app then recommends clothing and shows people nearby stores where they can purchase the items.
Participants in the study were not sure
whether to categorize data about the measurements as “biometrics” or “health information.”
The experts -- participants in mobile-privacy meetings convened by the
Commerce Department -- also didn't agree about how to characterize the measurements.
The study authors say that the correct answer is unclear, given that proposal defines biometrics as
“information about your body” and “health info” as “information used to measure health or wellness. Weight, body fat, inseam, and waist size are 'information about your
body' and could therefore be considered Biometrics. However, they can also indicate health status, such as obesity, and therefore can reasonably be considered Health, Medical or Therapy
Information,” the paper says.
Also, it's possible that neither answer is correct. “Arguably, in the context of a clothes shopping app, inseam and waist size would not be
considered either Biometrics or Health,” the paper says.
Cranor says she hopes that the Commerce Department conducts more tests with consumers, and refines the terms' definitions,
before issuing a final recommendation. “When you have a bunch of lawyers and policy people coming up with the consumer tools, they're not going to come up with something that is necessarily
usable,” she says.