Optimizing cross-channel marketing for compliance part III: Evolving the privacy policy

My final quote comes from privacy pro Ben Isaacson: “Engaging on privacy is not a retardant [to innovation], it’s just part of the evolution”[1]. In part two of this series I discussed the need to educate consumers about your data integration efforts. In part three, I will describe ways you can optimize the privacy policy itself.

Your privacy policy is a one-stop shop for consumers

wikiUntil the industry develops a better privacy education infrastructure, your privacy policy is still the go-to place for all privacy information.

An index of questions presented in the header of a privacy policy remains the most common style and is widely accepted in the privacy community. However, one growing trend to consider is the creation of a ‘short form’ or ‘layered notice’ where you present short excerpts of the policy and highlight the important points for consumers to reference, with options to click-through to the full policy for more information.

The key topics to include in an abridged policy are PII collection, data sharing, cookies, security, and updates. Examples of short form policies can be found in the footer.[2] If you’ve ever browsed Wikipedia on your smartphone you are already familiar with this economic content delivery method.

Your privacy policy can be as engaging as the rest of your digital content

If the goal is to inform consumers about everything that you do with their data, it should be done with the user experience (and future) in mind.

There are numerous creative efforts underway to simplify the way privacy information and other necessary disclosures are delivered. And while many websites and apps today continue to use standard formats for how they introduce, index and hyperlink their policy categories, emerging methodologies aim to increase the clarity and transparency of privacy policies through graphical or other unifying means. Some concepts being developed include:

Graphical short notice. A creative example of a short notice design that is both engaging and informative can be seen here. Consider giving your text-based privacy policy a graphical “face-lift.”

Privacy scores. Another interesting visualization experiment is the PrivacyChoice platform, which combines objective privacy risk scoring capabilities of PrivacyScore (a Firefox add-on), browser Do-Not-Track customization, and the wizard-based PrivacyMaker.


Privacy icons. A couple of years ago the Disconnect Privacy Icon project was launched to help consumers understand a website’s key privacy practices through icons populated into the browser’s address bar.


Short URLs and badges. As the line between personal expression and advertising continues to blur on social networks, startups like CMP.LY are innovating ways to generate “links and badges that provide clear and conspicuous notice directly in the body of a social post.”


Ensure your privacy policy and disclosures are accessible from any device or platform

If “the disclosure cannot be made clearly and conspicuously on a device or platform, then that device or platform should not be used.”[3]

mapsIn October of 2012, the California AG warned a number of companies that their privacy policies were not “readily accessible” to consumers as required by law. Two months later the AG offered privacy best practice recommendations to app developers, stressing the need for privacy by design.[4] In January of 2013 the California Attorney General published Privacy on the Go recommendations for the mobile ecosystem. In March of 2013 the FTC revised their Dot Com Disclosures to highlight similar concerns arising from the rapid adoption of mobile technology and social networking, particularly among children.

One common theme among regulators is the need for “enhanced measures” such as ‘just-in-time’ geo-location access requests. Another is the need for disclosure mediums that address channel-specific challenges such as limited character space within SMS and Twitter messages.

Putting it all together to strengthen and NOT break your privacy policy

Given the rapid online/mobile convergence, when developing your privacy policies and disclosures be aware of how that information may be accessed and read.

Here’s a recap of what you can do to ensure that your brand and marketing efforts keep up with privacy expectations and obligations.

  • Discuss all channels within your privacy policy. It’s a one-stop resource.
  • Your privacy policy can be visually engaging, educational and meaningful.
  • Ensure privacy policies and other disclosures are clear and “readily accessible.”
  • Put Parts I, II and III together. Mix and repeat.

[3] See FTC’s press release summarizing their revised Dot Com Disclosures

[4] For help with developing a mobile/app privacy policy, take a look at the MMA’s Mobile Application Privacy Policy Guidelines and the Future of Privacy Forum’s guide to privacy policy generators.