How Lawyers Can Help Developers Design for Privacy

Recently, the Stanford Center for Internet and Society and the Future Privacy Forum hosted an App Developer Privacy Conference. The event brought together technologists, lawyers, and business people giving them the chance to communicate their challenges and understand what really needs to happen in privacy from every side.

One of the more interesting issues raised at the conference came from developers: they want clear guidelines from lawyers explaining what they can or cannot do. The challenge, however, is that technology is constantly changing. Nonetheless, there are some constants that will not change which lawyers can communicate to developers to keep in mind to design for privacy.

Notice

Although the privacy policy is the “gold standard” required by law, lawyers can go a step further in providing notice to both consumers and developers. By putting a company’s privacy practices in an easy to read format, similar to a “nutrition label,” map, or chart, consumers and developers will be given better notice.

This approach enables consumers to easily understand what data is being collected and make more informed choices. Additionally, developers will be able to understand what they are permitted to do under the privacy policy and code accordingly. If the developer notices a practice that runs afoul the easy to read privacy policy when creating the product, the developer can bring attention to the lawyers to update accordingly or fix the collection practice. In sum, all parties will have a more clear understanding of company privacy practices and where to adjust for business and legal needs.

Choice

Choice is very important, but sometimes too much choice can confuse users. Developers, entrepreneurs, attorneys, or whichever party within a company is responsible for the privacy policy must collaborate with other stakeholders to make a strategic decision on how to present choice to users and strategically select the aspects of the product users may choose.

Data Context and Sensitivity

The context in which data is collected and the sensitivity of data are two essential areas to address. Prioritize notice and choice for more sensitive data based on context of data collection. Convey this importance to developers so they may appropriately respond to legal needs and provide users with choice or ensure security.

Be Consistent

Unfortunately, there is not much consistency across the industry on the meaning of important terms for privacy. However, attorneys have the ability to use consistent terms across different policies in a single company. If developers understand what terms mean in one policy, they will more easily be able to later design in line with other relevant policies as well.

 

 

This entry was posted in Events, Privacy and tagged by Charles Belle. Bookmark the permalink.

About Charles Belle

Charles Belle received both his AB (Economics and Political Science) and AM (International Relations) from the University of Chicago. Following graduate school, he was a technology consultant with Booz Allen Hamilton in the Modeling and Simulation Group. A graduate of Hastings, he concentrated in Intellectual Property, has published a paper on declaratory judgment in patent litigation, interned at the Center for Democracy &Technology, and co-founded and served as Editor-in-Chief of the Hastings Science & Technology Law Journal (now the first peer reviewed law journal at Hastings).

Comments are closed.