An In-Browser Solution for Privacy Policy Confusion

Photo by Glen Carrie on Unsplash

If I told you that over 90% of consumers accept Privacy Policies without reading them, you probably wouldn’t be surprised. Thanks to the COVID-19 crisis, many of us have collected numerous emails in the last couple of months alone about updated Privacy Policies from companies you hardly knew you’ve ever interacted with.

As we spend increasing time online, we’re continuing to be asked to share our personal data in ways that we don’t understand. Many organizations ask us to accept broad usage agreements because they don’t even know for sure what they’re going to use our data for. Some organizations, like Disney, have multi-site policies that we agree to just by visiting one website out of hundreds covered by that policy. Even organizations with the best of intentions fail to account for how data may be used by their partners. Facebook learned this lesson the hard way when Cambridge Analytica scraped user data and sold personality profiles to political campaigns.

And who could blame us for not reading Privacy Policies? Users are being expected to read multiple policies, and agree to them each regular update. Even more, many of those policies require a higher than college-level reading comprehension to understand. The result is that users usually have no real understanding of how their data is being used from website to website or the repercussions of that data use. Further, organizations must grapple with the potential legal implications that most of their users don’t actually comprehend their policies.

Users need to understand how their data is being used. They need a way to be able to ensure they’re not entering into an agreement that violates their personal privacy preferences. They need clear, understandable policies, but they can’t be asked to read policy after policy. Organizations too need an easy way for their users to comprehend their policies and adjust to changes.

Existing Solutions

Like many account-based websites, Facebook has, over the years, made improvements to their Privacy Settings in an effort to give users more control over how some of their information is being shared and used on and off their network. Facebook allows users to prevent the serving of ads based on their Facebook activity.

Another approach is from the Firefox browser’s Enhanced Tracking Protection which gives users the ability to set levels of protection against tracking cookies.

Firefox’s Privacy settings.

While both solutions provide some basic protections, users are still interacting with — and unwittingly providing — data to the websites and apps they interact with.

Introducing MonkeyGuard

As part of my Master’s studies at the University of Washington, I designed a concept browser extension that addresses this critical privacy issue.

After developing the concept, I initially sketched out UI wireframes.

MonkeyGuard is a browser extension that helps users better understand how their data is being used, better understand site-to-site data usage, and know when site policy changes have been made.

MonkeyGuard allows users to establish their own personal Privacy Preferences through a short questionnaire once the extension is downloaded. Users will be asked in simple language to provide their preferences about what information they want to share and how they’d like their personal data to be used. MonkeyGuard saves those preferences and alerts users when they arrive at a website that does not meet their personal privacy standards rather than being forced to read a Privacy Policy they don’t understand.

Monkey Guard uses a set of simple Yes/No questions to assess a user’s privacy preferences. Users are prompted to set their preferences on install and can update at any time.

When a site violates a user’s Privacy Preferences, they receive an itemized list of violations. Users learn exactly how their data is being used and decide whether or not to take action.

An angry monkey indicates that a site has violated a user’s Privacy Preferences. Clicking the angry monkey reveals specific issues that can be expanded for more detail. Users are also prompted to take action if they’d like to.

A happy monkey lets users know that their Privacy Preferences have not been violated.

How It Works

MonkeyGuard scrapes websites for legally required public Privacy Policies and uses AI analysis tools to interpret how policies line up with personal Privacy Preferences set in the extension. When a policy is unknown, a user may submit a URL or policy text for MonkeyGuard to analyze.

MonkeyGuard user flow map.

What MonkeyGuard Accomplishes

The MonkeyGuard browser extension can take the mystery away from how data is being used by different organizations that we rely on. Users still have the opportunity to decide how they engage with different websites and apps, but they would be going in equipped to understand their choices and better understand personal data security. It may encourage organizations to more effectively communicate their policies as well.