Privacy Icons v0.2
Approach
The privacy icons are intended to be a factual and informative way to represent certain data handling practices. They will focus on key practices of interest to users. The aim is to make these practices easily visible without forcing them to search a privacy policy.
We aim to create a feature that works well for mobile and web apps first, then expand the scope outwards towards more mature and sophisticated general web policies. Depending on performance and feedback, we might expand to a Creative-Commons-style license generator and icon/deed/legal-code model, however that's further down the road. The current plan is to aim for:
- the web-app store,
- addons, and
- mobile apps.
These contexts are particularly well-suited for this type of feature because:
- users have a clear "install time" at which point they must make a decision about whether or not to install the app,
- in these contexts it is typically more difficult to access or read a traditional privacy policy.
Privacy icons should be deployed as an optional components. Although not compulsory, users will be able to search using the icons (e.g., Flickr's Creative Commons search), and apps/addons using the icons may be highlighted in certain areas of the store. The icons are not intended to supplant an addon's/app's privacy policy, just to make it easier for users to see certain aspects of it. A developer must not pick icons that conflict with the practices described in their privacy policy. If a developer misleads users, or picks an icon set that conflicts with their policy or practices, then Mozilla may take down their addon(s)/app(s).
Developers will be able to pick certain privacy icons as part of submitting their addon/app online. In order to use an icon, a developer can modify a short human-readable explanation of the practice indicated by the icon. When users mouse over or click an icon, they'll see this additional explanation.
Icon Set
The icons are currently represented by a letter in a square. This has the benefit of simplicity, but potentially poor cross-language support.
Symbol | Title | Definition |
---|---|---|
N | Non-Personal Information | Data is aggregated, anonymized, or purely technical. |
P | Personal Information | Data is moderately sensitive and individually linkable. |
S | Sensitive Information | Data is highly sensitive or linkable (ex: SSN, CC#, health). |
E | Encrypted | All data transmission and storage is encrypted. |
A | Advertising | Data is used for advertising or marketing purposes. |
G | Geolocation | Location data is collected or used. |
3rd | Third Parties | Other entities have access to your data. |
F | Friends' Information | Data about your friends or social graph. |
O | Opt-In Consent | Whenever data is collected, you're asked for permission first. |
30 | 30-Day Retention | All data is destroyed after 30 days. |
90 | 90-Day Retention | All data is destroyed after 90 days. |
∞ | Unlimited Retention | There is no schedule for the destruction of data. |
Optional | ||
L | Law Enforcement | Data is only provided under a court order, or to prevent imminent danger to the user. |
C | Certified | An independent party has certified the privacy practices of this app. |
Examples
Example 1: Complete set with relevant icons highlighted
This application relies on:
Full Privacy Policy
Example 2: Only relevant icons presented
This application relies on:
Full Privacy Policy
Discussion
Status
This page is intended to facilitate open discussion of a planned feature. Please use make suggestions on the talk page.
Open Questions
- Should the whole set be shown (with relevant icons highlighted), or should we only show icons that apply?
- Should we represent the icons as letters, or symbols; what are the trademark and translation implications?