Home > Articles

This chapter is from the book

This chapter is from the book

Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best PracticesInformation Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices

Learn More Buy

This chapter is from the book

This chapter is from the book

Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best PracticesInformation Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices

Learn More Buy

8.6 Privacy Notices

The most fundamental requirement for users to be able to make informed online privacy decisions is that they need to be aware of and understand the data practices of the service or company, including what personal information is collected, used, retained, and shared. The principal vehicle by which companies provide this information is the privacy notice. For web-based services, virtually all web pages have a privacy link at the bottom of their main page that goes to a page that states the privacy policy, which is focused on disclosure issues.

For mobile apps, this type of privacy information is generally less available. Comparatively smaller screens and other device restrictions constrain how users can be given notice about and control over data practices.

A number of studies have demonstrated that most current privacy notices are ineffective at informing users and providing choice, although recent regulations such as GDPR are tending to correct this. These studies cite a number of factors as likely reasons for the ineffectiveness of current privacy notices [SCHA17]:

  • Conflating requirements: Companies are faced with a number of requirements in the design of their online privacy notices. Users want clear, easy-to-understand, and brief statements about a company’s privacy practices and privacy controls. Companies need to comply with legal and regulatory requirements concerning the content of the privacy notice, such as defined in Europe’s General Data Protection Regulation (GDPR), the U.S. Health Insurance Portability and Accountability Act (HIPAA), and the California Online Privacy Protection Act (CalOPPA). In addition, companies use privacy notices to demonstrate compliance with privacy laws and regulations other than those related to the privacy notice itself and in an attempt to limit liability by promising more than they are legally required to promise.

  • Lacking choices: Most privacy notices offer little choice, especially for mobile apps and IoT devices. Many websites and apps interpret user access as consent to use, regardless of whether the user has seen, read, or understood the privacy policy.

  • High burden/low utility: Most users are not willing to invest the time required to read and understand all of the privacy notices they routinely encounter, much less take the time to make choices via user controls. This problem is compounded by the lack of user-friendliness and the lack of choices.

  • Decoupled notices: Privacy notices are generally separate from normal user interaction. Websites only link to a privacy policy at the bottom of the page; mobile apps link to a privacy policy in the app store or in some app submenu; privacy policies for IoT devices are only available on the manufacturer’s website.

Notice Requirements

ISO 29184 (Online Privacy Notices and Consent) provides a list of requirements that an organization should satisfy in developing a notice policy, consisting of the following:

  • Obligation to provide notice: The organization must determine what circumstances require that notice be provided to PII principals. This includes conforming to regulatory and legal requirements, contractual obligations, and concerns with corporate image.

  • Appropriate expression: The notice should be clear and easy to understand by the targeted PII principals.

  • Multilingual notice: The notice should be provided in the language(s) most appropriate to the context.

  • Appropriate timing: Typically, organizations should provide notice just prior to the collection of PII.

  • Appropriate locations: It should be easy for PII principals to find and access privacy notices.

  • Appropriate form: The notice structure should be clear and appropriate for the context, taking into account the means by which PII principals access notice information. For example, a mobile phone presents a limited interface and may call for a different structure of notice compared to access via a PC. Notice structure is discussed subsequently.

  • Ongoing reference: Organizations should retain versions of notices for as long as they are associated with retained PII.

  • Accessibility: Organizations should accommodate PII principals who have accessibility issues (e.g., vision-impaired or blind individuals).

Notice Content

There is broad agreement among a number of organizations about the required topic coverage of a privacy notice. See for example [CDOJ14], [MUNU12], [OECD06], and [BBC19].

Table 8.4 lists the topics covered by three representative policies: those of Google, which provides a variety of online applications and services (see https://policies.google.com/privacy?hl=en&gl=us); JPMorgan Chase Bank, which provides online banking services (see https://www.chase.com/digital/resources/privacy-security/privacy/online-privacy-policy); and the International Association of Privacy Professionals (IAPP), which is a membership organization (see https://iapp.org/about/privacy-notice/).

TABLE 8.4 Privacy Notice Topics

Google

JPMorgan Chase Bank

IAPP

Introduction

Information Google Collects

Why Google Collects Data

Your Privacy Controls

Sharing Your Information

Keeping Your Information Secure

Exporting and Deleting Your Information

Compliance and Cooperation with Regulators

About This Policy

Related Privacy Practices

Data Transfer Frameworks

Key Terms

Partners

Overview

Use of Information

Disclosure of Information

Understanding Cookies, Web Beacons, and Other Tracking Technologies

Opting Out of Online Behavioral Advertising

Linking to Third-Party Websites

Updating Your Information

Changes to This Online Privacy Policy

Introduction

Data Protection Officer

How We Collect and Use (Process) Your Personal Information

Use of the iapp.org Website

When and How We Share Information with Others

Transferring Personal Data from the EU to the US

Data Subject Rights

Security of Your Information

Data Storage and Retention

Changes and Updates to the Privacy Notice

Questions, Concerns, or Complaints

The California Department of Justice has developed one of the clearest statements of what topics to cover in an online privacy notice [CDOJ14]. Its recommendation covers the following topics:

  • Data collection: Describe how you collect PII, including other sources and technologies, such as cookies. Describe the kind of PII you collect.

  • Online tracking/do not track: Make it easy for the user to find the section of your policy that relates to online tracking. Describe how you respond to a do not track (DNT) signal or similar mechanism. Disclose the presence of other parties that collect PII on your site or service, if any.

  • Data use and sharing: Explain how you use and share PII, including:

    • Explain the uses of PII beyond what is necessary for fulfilling a customer transaction or for the basic functionality of an online service.

    • Explain your practices regarding the sharing of PII with other entities, including affiliates and marketing partners.

    • At a minimum, list the different types or categories of companies with which you share customer PII.

    • Whenever possible, provide a link to the privacy policies of third parties with whom you share PII.

    • Provide the retention period for each type or category of PII collected.

  • Individual choice and access: Describe the choices a consumer has regarding the collection, use, and sharing of his or her PII. Consider offering your customers the opportunity to review and correct their PII.

  • Security safeguards: Explain how you protect your customers’ PII from unauthorized or illegal access, modification, use or destruction.

  • Effective date: Give the effective date of your privacy policy.

  • Accountability: Tell your customers whom they can contact with questions or concerns about your privacy policy and practices.

ISO 29184 includes the following, more comprehensive, list:

  • Collection purpose: The organization should provide the following information relevant to the purpose of collection of PII:

    • The purpose(s) for which the PII is collected.

    • Information about the plausible risk to the PII principal from the processing of the PII.

    • If different purposes apply to different items of collected PII, the organization should make this clear to the PII principal.

  • PII controller: The organization should provide the identity and contact details for the PII controller. Typically, this is not an individual, but a department or office within the organization.

  • Specific PII elements: The organization should indicate what specific PII is being collected (e.g., name, address, and telephone number). It may be appropriate to display the actual value of an item to the principal prior to its collection.

  • Collection method: The PII principal should understand how his or her PII is being collected. Possibilities include:

    • Directly collected from the PII principal, such as through a web form.

    • Indirectly collected. For example, the organization may collect information from a third party, such as a credit agency, and combine that with PII collected directly.

    • Observed by the PII controller. Examples include browser fingerprint and browser history.

  • Timing and location of collection: For PII that is not directly collected, the notice should inform the principal of the timing and location of the collection.

  • Method of use: The organization shall indicate how the PII will be used. ISO 29184 gives the following examples:

    • Used as is

    • Used after some processing (e.g., derivation, inference, de-identification, or combining with other data)

    • Combined with other data (e.g., geo-localized, via the use of cookies, from third parties)

    • Used by automated decision-making techniques (e.g., profiling, classification)

  • Geo-location and jurisdiction: The organization should indicate where PII will be stored and processed and the legal jurisdiction(s) that govern the handling of the data.

  • Third party transfer: The organization should provide detailed information about any transfer of the PII to a third party.

  • Retention period: The organization should indicate how long the PII will be retained and its disposal schedule.

  • Participation of the PII principal: The organization should indicate what rights the PII principal has with respect to collected PII, including consent, access to the PII, ability to correct PII, and ability to revoke permission.

  • Inquiry and complaint: The organization should inform the PII principal about how to exercise his or her rights and how to file a complaint.

  • Accessing the choices for consent: The organization should provide a means for a PII principal to review what permissions he or she has granted.

  • Basis for processing: The organization shall provide information about the basis by which the PII will be processed, which may be by consent, contractual requirements, or legal/regulatory obligations.

  • Risks: The organization should provide specific information about plausible risks to PII principals, where the impact to privacy and likelihood of occurrence (after mitigations are considered) are high or those risks cannot be inferred from other information provided to the PII principal.

Notice Structure

The structure of a privacy notice is a key factor in its readability and usability. Traditionally, privacy notices have consisted of a single long document divided into sections to cover the various topics. The web privacy notice of JPMorgan Chase (at the time of this writing) is an example. Such a structure tends to discourage the reader and make it difficult to find anything useful. Increasingly, companies are opting for various types of layered privacy notices to provide users with a high-level summary of a privacy policy. One approach is to use short sections with “to learn more” links to more detailed information. The IAPP web privacy notice is of this type. Another approach is to display a list of tabs with descriptive titles, which the user can select for a description of each topic. The current TDBank web privacy notice is of this type (see https://www.td.com/us/en/personal-banking/privacy/).

Mobile App Privacy Notices

Readability and accessibility of privacy notices are significant challenges for mobile apps. The California Department of Justice makes the following recommendations [CDOJ14]:

  • Post or link to the policy on the application’s platform page so that users can review the policy before downloading the application.

  • Link to the policy within the application (e.g., from the application configuration, “About,” “Information,” or settings page).

The Mobile Marketing Association has released the Mobile Application Privacy Policy Framework [MMA11], which serves as a recommended template for the contents of a privacy notice for mobile apps. It covers the following topics:

  • The information the application obtains and how it is used. This includes user-provided information at the time of download and registration, plus automatically collected information, such as the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the application.

  • Whether the application collects precise real-time location information of the device.

  • Whether third parties see and/or have access to information obtained by the application.

  • Automatic data collection and advertising, such as whether the application is supported via advertising and collects data to help the application serve ads.

  • Opt-out rights.

  • Data retention policy and information management.

  • Children. Avoiding soliciting data from or marketing to children under age 13.

  • Security procedures.

  • How users are informed of changes to the privacy policy.

  • Consent to the processing of user-provided and automatically collected information as set forth in the privacy policy.

  • Contact information.

This list is quite in line with recommended topics for web-based privacy notices. But organizations need to be concerned about effectively presenting this information on the small screens of mobile devices. To that end, the National Telecommunications and Information Administration has developed a recommended short form privacy notice [NTIA13]. The short form should provide brief information in the following categories: types of data collected, sharing of user-specific data, means of accessing a long form privacy notice, and the identity of the entity providing the app.

With respect to the types of data collected, the short form notice should state which of the following data categories the app collects:

  • Biometrics: Information about your body, including fingerprints, facial recognition, signatures, and/or voice print

  • Browser history: A list of websites visited

  • Phone or text log: A list of calls or texts made or received

  • Contacts: A list of contacts, social networking connections or their phone numbers, postal, email, and text addresses

  • Financial info: Credit, bank, and consumer-specific financial information such as transaction data

  • Health, medical, or therapy info: Health claims and other information used to measure health or wellness

  • Location: Precise past or current location of a user

  • User files: Files stored on the device that contain the user’s content, such as calendar, photos, text, or video

The short form notice should state whether the app shares user-specific data with any third-party entity that falls within any of the following categories:

  • Ad networks: Companies that display ads to you through apps

  • Carriers: Companies that provide mobile connections

  • Consumer data resellers: Companies that sell consumer information to other companies for multiple purposes, including offering products and services that may interest you

  • Data analytics providers: Companies that collect and analyze your data

  • Government entities: Any sharing with the government except where required by law or expressly permitted in an emergency

  • Operating systems and platforms: Software companies that power your device, app stores, and companies that provide common tools and information for apps about app consumers

  • Other apps: Other apps of companies that the consumer may not have a relationship with

  • Social networks: Companies that connect individuals around common interests and facilitate sharing

The National Telecommunications and Information Administration also provides guidance concerning how and when to display this data [NTIA13].

Privacy Notice Design Space

The content of a privacy notice is only one aspect of good privacy notice design. The article “Designing Effective Privacy Notices and Controls” from IEEE Internet Computing [SCHA17] presents a design space for privacy notices that encompasses four dimensions: the notice’s timing (when it is presented), channel (how it is presented), modality (communication model used), and control (how are the choices provided), as illustrated in Figure 8.6.

FIGURE 8.6

FIGURE 8.6 Privacy Notice Design Space

Timing

The effectiveness of a privacy notice depends a great deal on the timing of its presentation. If the web service or app presents the notice at a time that is inconvenient for the user, the user is apt to ignore it. “Designing Effective Privacy Notices and Controls,” from IEEE Internet Computing [SCHA17] lists six timing opportunities:

  • At setup: A mobile app can present the privacy notice once when the user is about to install the software. This enables the user to make an informed decision about purchasing the software. Typically, the app that uses this timing also provides a means for the user to review the privacy notice subsequently.

  • Just in time: A mobile app or web service can show the privacy implications of a requested transaction. This has the advantage that the user need only be shown privacy information related to that transaction.

  • Context dependent: A mobile app or web service can present a privacy notice triggered by certain aspects of the user’s context, such as location (e.g., in proximity to a data-collecting sensor) or who will have access to the information, or can warn about potentially unintended settings.

  • Periodic: A mobile app or web service may repeat a privacy notice periodically as a reminder. For example, iOS periodically reminds users of apps that access the phone’s location in the background.

  • Persistent: Persistent notices alert the user of ongoing data activity with privacy consequences. For instance, Android and iOS display a small icon in the status bar whenever an application accesses the user’s location; if the icon is not shown, the user’s location is not being accessed. Privacy browser plugins typically place an icon in the browser’s toolbar to inform users about the data practices or third-party trackers of the website visited.

  • On demand: Systems should enable users to access particular portions or all of a privacy notice on demand. A simple example of this is the standard practice of providing a privacy link at the bottom of each web page.

Channel

The channel dimension refers to how the privacy notice is presented to the user. A primary channel is the one in which the privacy notice is presented on the same platform as the one the service itself is provided with. For example, if a service is provided through a web interface, then the policy notice will be integrated as part of the web interface. A secondary channel uses another method, such as email, and a public channel utilizes publicly available platforms such as billboards and posters.

Modality

Modality specifies the way in which the privacy notice is communicated to the user (e.g., visual, auditory, haptic [vibration], machine readable). For online services, the most common modalities are visual presentation of the policies as texts and graphics. The other modalities may represent a supplemental effort to ensure that the user is aware of the privacy implications of various actions. An example of the machine-readable modality is IoT devices that broadcast their machine-readable privacy notices to smartphones or other devices, which then use other modalities for presentation to the user.

Control

Control means providing users with decisions on possible control of their data. Options to opt in and opt out of data activity may be available to a user. A user might need to pause and make choices and therefore provide consent. Controls may wait for user action (blocking) or not (non-blocking), or they can be separate from the main notice (decoupled).

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020