If I told you that over 90% of consumers accept Privacy Policies without reading them, you probably wouldn’t be surprised. Thanks to the COVID-19 crisis, many of us have collected numerous emails in the last couple of months alone about updated Privacy Policies from companies you hardly knew you’ve ever interacted with.
As we spend increasing time online, we’re continuing to be asked to share our personal data in ways that we don’t understand. Many organizations ask us to accept broad usage agreements because they don’t even know for sure what they’re going to use our data for. Some organizations, like Disney, have multi-site policies that we agree to just by visiting one website out of hundreds covered by that policy. Even organizations with the best of intentions fail to account for how data may be used by their partners. Facebook learned this lesson the hard way when Cambridge Analytica scraped user data and sold personality profiles to political campaigns.
And who could blame us for not reading Privacy Policies? Users are being expected to read multiple policies, and agree to them each regular update. Even more, many of those policies require a higher than college-level reading comprehension to understand. The result is that users usually have no real understanding of how their data is being used from website to website or the repercussions of that data use. Further, organizations must grapple with the potential legal implications that most of their users don’t actually comprehend their policies.
Users need to understand how their data is being used. They need a way to be able to ensure they’re not entering into an agreement that violates their personal privacy preferences. They need clear, understandable policies, but they can’t be asked to read policy after policy. Organizations too need an easy way for their users to comprehend their policies and adjust to changes.
Like many account-based websites, Facebook has, over the years, made improvements to their Privacy Settings in an effort to give users more control over how some of their information is being shared and used on and off their network. Facebook allows users to prevent the serving of ads based on their Facebook activity.
Another approach is from the Firefox browser’s Enhanced Tracking Protection which gives users the ability to set levels of protection against tracking cookies.
While both solutions provide some basic protections, users are still interacting with — and unwittingly providing — data to the websites and apps they interact with.
As part of my Master’s studies at the University of Washington, I designed a concept browser extension that addresses this critical privacy issue.
MonkeyGuard is a browser extension that helps users better understand how their data is being used, better understand site-to-site data usage, and know when site policy changes have been made.
When a site violates a user’s Privacy Preferences, they receive an itemized list of violations. Users learn exactly how their data is being used and decide whether or not to take action.
How It Works
MonkeyGuard scrapes websites for legally required public Privacy Policies and uses AI analysis tools to interpret how policies line up with personal Privacy Preferences set in the extension. When a policy is unknown, a user may submit a URL or policy text for MonkeyGuard to analyze.
What MonkeyGuard Accomplishes
The MonkeyGuard browser extension can take the mystery away from how data is being used by different organizations that we rely on. Users still have the opportunity to decide how they engage with different websites and apps, but they would be going in equipped to understand their choices and better understand personal data security. It may encourage organizations to more effectively communicate their policies as well.