Privacy Policy By Interface Design

How could a privacy policy not be a privacy policy (a legalistic document stored away at a siloed URL on a website) — but be woven into the user experience of a the site? Are there ways that interface design can do the work of the privacy policy — giving users a sense of what is happening with their data + how they can exert control over it?

There’s been some academic work around this, especially emanating out of Carnegie Mellon University.

One idea is the “Expandable Grid”, from Rob Reeder, “a visualization technique for displaying policies in a two-dimensional grid.”


It is getting at something precise and clear for the user to know what is going on with each datum she is sharing — but the interfaces may be too overwhelming for the average social networker.  But there is something promising here in granular + discernible information about each bit of info that’s shared — (1) who can see it and (2) how it may be used.


Reeder explains the advantages he sees in this display:

Expandable-Grids-based policy-authoring interfaces promise to be an improvement over list-of-rules interfaces for the following reasons:

  • They show effective policy, rather than merely the rules that make the policy;
  • They integrate group membership information into the display of the policy;
  • They show a large portion of a policy all at once, rather than showing just one rule at a time, thus enabling operations that require comparing different parts of a policy;
  • They are scalable to large policies;
  • Anomalies in policies “pop out”, enabling authors to identify potentially problematic parts of a policy quickly.

Certainly no average (or even above-average) user could be expected to manage the grid as it is presented in the research. It is overwhelming in detail and options. But it could be a first draft to be edited, redesigned, and streamlined into a privacy dashboard interface that any site involving content sharing could provide its users.

The dashboard — in addition to providing the user flexible and clear ways to manage who sees what of her content — could also indicate what the privacy practices of the site are, towards the user’s data. Just as it presents a clear vision of how the user will share to other users, it will do so with how the site will treat the user.

More work is needed to refine and test this prototype from Reeder, but it certainly is moving in the right direction to empower and inform users of social sites.