Our “Public” Private Lives
By Anonymous | October 4, 2019
It used to be that what you did at your previous employer’s, in college, at that New Year’s party a decade ago was all a thing of the past, privy only to your own inner memory (and maybe a photo album or two). But now, in this day and age of Twitter, Snapchat, Instagram, and others, our “public” private lives are not so private anymore.
One danger is that there’s a lot out there that we are not even aware of ourselves. Once in a while I will get an email from a service that has changed their Terms of Service, and I will only then realize that I had an account with them. With some apps and sites, this is not a big deal. With others, like health vaults for instance, the lack of remembering where / when / why I signed up is more concerning. Questions like, what information have I shared with them, what information could I be losing, what information could be leaked, pop up.
Some of these accounts I probably have from testing out for a day and then abandoning ship, or perhaps they are legacy apps from decades ago and I forgot to close my account, or worse, maybe I accidentally spun them up without intending to do so by clicking one too many buttons in an automated onboarding flow.
On the one hand, having these accounts out in public makes me vulnerable to fraud, like account takeover (good thing my name is not super generic, like John Smith!). If my digital presence were to be audited (for instance if my future employer did a digital background check), that might result in unintended negative consequences. And what if my “friends” on these networks I never realized existed were involved in infamous pursuits. On the web, not only is your own persona being judged, but also who is in your extended circle of connections.
Regardless, there are 2 recommendations that I think are vital to at least mitigating any unwanted consequences.
One – Make it very apparent that a user when signing up for a service is signing up for terms and policies as well (this might involve a bit more friction that many one-click onboarding flows have at the moment).
Two – Make the fine print less fine and easier to digest for this limited attention span, TL;DR, and possibly less educated audience (aka mirror the language to that of web copy and marketing materials – which often cater to the reading level of a fifth grader for optimal comprehensibility).
The Belmont Report talks about how we should provide users with informed consent, which means with full information, at an easy to comprehend level, given to them voluntarily. To make it actually given “voluntarily”, we should reduce the amount of automation of opting in to consent. That means building in voluntary consent flows, which companies will likely balk at due to the increase in user friction this may cause.
The other issue that we need to address is that any changes to terms of service and policies should follow these same rules, as friction filled as they may be. These updates can’t just be emailed randomly, lost in spam folders, swiped left in app; they should force manual opt-in for users. This would ensure not just protection for users, but also incentivize companies coming up with these policy changes to make sure they are following the same strict protocol they did in coming up with the original policies to begin with.
In this more and more connected, open world, perhaps as we share more and more, we will care less and less. But for those who do care, let’s keep a transparency through comprehensible policies delivered in a very apparent way so users can truly keep tabs on their private information.