How Lawyers Can Help Developers Design for Privacy

Authors:

Recently, the Stanford Center for Internet and Society and the Future Privacy Forum hosted an App Developer Privacy Conference. The event brought together technologists, lawyers, and business people giving them the chance to communicate their challenges and understand what really needs to happen in privacy from every side.

One of the more interesting issues raised at the conference came from developers: they want clear guidelines from lawyers explaining what they can or cannot do. The challenge, however, is that technology is constantly changing. Nonetheless, there are some constants that will not change which lawyers can communicate to developers to keep in mind to design for privacy.

Notice

Although the privacy policy is the “gold standard” required by law, lawyers can go a step further in providing notice to both consumers and developers. By putting a company’s privacy practices in an easy to read format, similar to a “nutrition label,” map, or chart, consumers and developers will be given better notice.

This approach enables consumers to easily understand what data is being collected and make more informed choices. Additionally, developers will be able to understand what they are permitted to do under the privacy policy and code accordingly. If the developer notices a practice that runs afoul the easy to read privacy policy when creating the product, the developer can bring attention to the lawyers to update accordingly or fix the collection practice. In sum, all parties will have a more clear understanding of company privacy practices and where to adjust for business and legal needs.

Choice

Choice is very important, but sometimes too much choice can confuse users. Developers, entrepreneurs, attorneys, or whichever party within a company is responsible for the privacy policy must collaborate with other stakeholders to make a strategic decision on how to present choice to users and strategically select the aspects of the product users may choose.

Data Context and Sensitivity

The context in which data is collected and the sensitivity of data are two essential areas to address. Prioritize notice and choice for more sensitive data based on context of data collection. Convey this importance to developers so they may appropriately respond to legal needs and provide users with choice or ensure security.

Be Consistent

Unfortunately, there is not much consistency across the industry on the meaning of important terms for privacy. However, attorneys have the ability to use consistent terms across different policies in a single company. If developers understand what terms mean in one policy, they will more easily be able to later design in line with other relevant policies as well.