Privacy icons similar to Creative Commons icons

Jabberwocky writes, "Privacy policies are complicated, and we believe that you should know what's happening with your data when you use a service. In order to help, we've created a set of icons which cover the core components of any policy. We are a group of Yale students taking Control, Privacy, and Technology, and this is our final project. In an ideal world, every website would include these icons."

This is an attempt to use icons to express privacy policies, the same way that Creative Commons licenses express copyright restrictions and permissions. This set is a lot more complex than CC, though the creators have done a good job of narrowing the privacy policies down to the meaningful set of terms:

CHANGES: This website will alert you to material changes/This website may or may not alert you to changes

CONTROL: You, the user, can always access all of your data, export all of your data/You, the user, may or may not be able to access your data, export your data

INFORMATION: This website only collects and uses enough data to provide any necessary services/This website might collect and use more information than is strictly necessary.

SHARING: This website may be collecting data about you. However, they are not selling or trading your data, and they will only share your data with other organizations in order to complete the intended transaction/This website is collecting data about you and may be selling or trading it with another organization, government, or person.

SECURITY: This website encrypts your data/This website does not encrypt your data

LAW ENFORCEMENT: Statutory Process: When an organization receives a phone call, letter, or other legally insufficient request for your data, they don't comply because the law requires the government to take additional steps before getting your data. This website requires the government to comply, at a minimum, with the legal process provided by the law before getting users' data./Compliance: This organization might provide your data to a government that asks for it without following the legally required process.

However, without a compliance mechanism, it's likely that any site that adopts this will only display the icons for their "good" policies and not show the "bad" ones.

Privacy Simplified (Thanks, Jabberwocky!)


  1. Green vs red for does/does not aren’t going to work for colour-blind users or for sites that may want symbols that don’t clash with their colour scheme. Better to go with the traffic sign standard of a diagonal bar across the symbol for “doesn’t” and keep the symbols red and black or monochrome.

    1. I’m red/green colourblind, and this was my first thought. Surely they could’ve grabbed someone from the graphic design department, who would have pointed that out immediately?

      1. I’m honestly curious how you noticed there are two different colored circles if you are red/green colorblind.

        Also, color seems to be quite secondary to the actual shape of the icon, so does the color even matter matter here? They may as well all be black.

  2. I do like the idea of making important privacy-related variables more visible. My concern is that privacy policies aren’t incomprehensible and largely hidden under the fold because expressing them concisely is fundamentally hard; but because their contents are generally dire for the user…

    You could probably boil it down to an ‘eyeball’ icon. If present, “Eyeballs, we sell them, you are product.”

  3. The idea is a good one, but it needs work. As @nelc:disqus  said, the icons should be distinct in monochrome to suit any colour scheme and help those who are colour blind. The icons need to be backed up by rigorous privacy policies written by lawyers (though rolling this out worldwide would not be trivial) so they would stand up better in court. (And then summarise these with bullet points.) And I’d suggest there should be fewer icons, much as CC bundles a number of ideas together in one licence. 

  4. You could deal with sites that want to hide their bad policies by mandating that all the icons in the set be displayed together. Or you could add a tiny number to the corner of each icon to make it obvious that something was missing (users may not remember if the ‘full set’ contains 6 or 7 icons, but if the numbers jump from 4 to 6, they’ll wonder what isn’t being shown).

    The biggest problem is that, as someone pointed out when I suggested CC-style standard privacy policies in another comment thread here a couple of weeks ago, many companies/sites will simply choose not to take part. And given that icons are probably non-contractual, it’s hard to see what you could do about a site that displays one set of policy icons and then does something different. 

  5. Someone like the EFF, with the help of these students and others, could put out a browser extension or addon that rates sites accordingly, regularly updates a database of this information, in the same way the adblock lists are maintained, to display these icons somewhere along the frame of the browser window.

    I would have said status bar, but I know Firefox has done away with that a while ago, and other browsers are probably in the same situation.

    The maintainers for the database should provide a  way for websites to request reviews of their ratings in a transparent way (the way I see it, discussions in this process should be public, and I’d be curious to see any justifications as to why they shouldn’t be public.)

    1.  There is already an extension that modifies page display, based on a community of interested parties whose decisions inform the developers’ list of modifications: AdBlock Plus. I can see no reason why a similar model couldn’t be used here; perhaps by adding the icons to the bottom of the page, or along the side in the case of never-ending sites (such as facebook, reddit under RES, or even boingboing).

      To be more explicit, what I imagine would be a group of users who would scour the site’s information collection and usage, and then report their findings to the developers, who would adjust that site’s display accordingly. It’s the kind of thing that makes me wish I knew how to make browser plugins, myself.

  6. I actually had this exact idea myself. I wanted to model it after the CC icons. Very cool to see it come to being.

  7. Looks a lot like Mozilla Privacy Icons by Aza Raskin which is a great start, but needs more work.

    CommonTerms is working on a tabular approach ( for privacy and other terms of service, inspired by Raskin and many other similar proposals.

  8. Great idea, but they need some serious graphic design advice.  Some of the icons are ridiculously generic (exclamation mark, restroom stall guy).  Other posters noted colorblindness issues.  Their coding also seems very inefficient–there are far too many icons.  They should have maybe one icon (e.g., a checkmark) for the ‘all clear’, and increase the number of icons as things become sketchier.

Comments are closed.