I direct the usable security and privacy group at the International Computer Science Institute.
How would you define Transparency?
I would define transparency as giving people the information they need to make informed decisions about how companies and other entities handle their personal data.
What are the last trends related to Data Transparency?
I would say that recently over the past 10 years or so there’s been kind of a realization that existing mechanisms, like notice and choice, which generally means website privacy policies, or written privacy policies, aren’t very functional. So, this has been the regime for the past several decades, companies post their policies online, as text that’s written by lawyers that’s often very ambiguous and there’s the expectation that people will read that and understand what their choices and rights are, but we know, that’s empirically not true. Most of these documents are very hard to understand and as a result, the current trends in you know data transparency, are to come up with better tools so that people don’t have to read these documents to understand what their choices are, as well as giving them tools in general to manage their choices online. So, the extensions or programs, apps that allow them to regulate the flow of personal data.
I think there’s this growing realization that people actually do care about privacy and how their data is handled and some companies are getting more attuned to that realizing that by offering people more transparency in privacy choices this could actually make them more competitive
Do companies really care about data transparency? And users?
I think that’s a difficult question. I mean most companies are motivated by financial incentives so as long as their financial incentives for gathering user data and not being transparent about it outweigh the benefits of transparency, companies are going to do that. That said, I think there’s this growing realization that people actually do care about privacy and how their data is handled and some companies are getting more attuned to that realizing that by offering people more transparency in privacy choices this could actually make them more competitive, which is why we see a lot more privacy tools and some business models surrounding these tools because there is genuinely a demand.
It’s pretty obvious in this day and age that users actually do care about privacy, so there’s been a lot of research over the past 30-40 years that has looked at public perceptions of privacy and then consistently shows that people do care about privacy. What’s changed is previously it was really hard to understand what the company’s privacy practices were, which made it really difficult for people to act in accordance with their stated preferences. This is known as the privacy paradox. But what we’ve seen, in my research and others as well as, based on demand for privacy related products, is that when people are given the tools for transparency they generally do act in accordance with their state and privacy preferences.
What do you think could be the most significant challenges and developments in the field of personal data transparency online?
I think the biggest challenges have to do with how businesses exchange users personal data behind the scenes. So right now, most of the tools for transparency that we see function because they sit between the user and the company collecting their data so that they can easily monitor and control what data is collected from the user. But once the data leaves your personal device and goes to a company there’s really nothing that prevents that company from sharing it with other companies and so the view that we have of what happens to personal data online is pretty limited and I think that’s going to continue to be a challenge.
Which are your current projects involving data privacy and transparency?
For about five years now my group at Berkeley has been looking at how mobile apps access sensitive user data and what those apps do with it and part of that is giving users controls so that they can actually regulate what happens to their personal data. So, we’ve been modifying the Android operating system to have better user controls and we’ve given these to real users and it found by and large that one in the tools to exert control over personal data people actually will use them and make choices that conform to their stated privacy preferences.
What do you think of the data transparency lab?
It’s great that there’s an organization that’s interested in privacy and transparency and creating tools that can be used by actual users, as opposed to just coming up with academic papers that after getting published don’t necessarily get implemented in widespread. So, having an entity that’s really interested in the spread of transparency tools, I think is a great contribution to the community and is definitely filling a critical need.