Your privacy policy (probably) sucks

Many of us have one. All of us have agreed to one. And they pretty much all suck.

I’m talking privacy policies here. And the reason I think they suck is because of all the ones I’ve read (and I’ve read quite a few), they’ve all taken liberties that go beyond their core needs. But, they then say, we’ll take real good care of your data. Hey, here’s an idea: why not just not save it in the first place?

For true privacy protection, policies aren’t enough. Policies change. And even when the policies are solid and don’t change, any data you have is data that can be leaked or hacked.

A better solution than privacy-by-policy? Privacy-by-design. Design your services to gather as little data as possible, even when it actually might inconvenience you, and even the user, a little bit. Use tokenization. Run processes locally on a device, rather than in a cloud setup (doesn’t always work, but hey, Snips can run voice recognition on a Raspberry Pi), or simply do not offer a service element that isn’t key to your service if it requires additional data.

Yes, I know a lot of startups love to gather data to make sure they have it for future development, to avoid the dreaded cold-start situation of in particular machine learning, but there are ways around that, like synthetic data.

True privacy isn’t keeping people’s secrets secret, it’s respecting those secrets enough to leave them alone in the first place. As the old saying goes, if you want to keep a secret, tell no one. Second best option is tell one person, if you must. There is no third best option.

While you’re here, check out The Tech Pledge, which covers 12 ethical rules for tech people should follow, including a few on privacy.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s