CCPA Comments, Round Two: The Battle of the Do Not Sell Button

Yesterday I submitted a second set of comments (see the bottom of this post for a copy) to the California Attorney General’s office for the February round of the California Consumer Privacy Act (CCPA) rulemaking process. I had the privilege of working with Tianshi Li, a fourth year Ph.D student in human-computer interaction at Carnegie Mellon University this round, which was useful as our primary topic was one that fit squarely in the intersection of design, usability, and policy: the proposed logo required by the statute to identify a company’s Do Not Sell My Personal Information link.

The statute called for the AG’s office to develop a logo specifically to publicize this new right. While the statute (and the original ballot initiative) was silent on the reasoning, we assume it’s because the drafters of the CCPA felt that this new right was significant enough to the public that it merited a call-out to help draw attention to it among the many disclosure links and other competing visual elements on webpages and mobile apps. I’ve been wary about this requirement since I first learned of it, primarily because the existing mechanisms by which we inform the public about privacy are ad hoc and aren’t a product of strategic thinking informed by research. A “Do Not Sell” logo will compete with privacy policy links, security indicators, e-commerce seals, and, of course, with content. We argue in these comments that we need a rethinking of the entire field of privacy indicators, starting with the California mandated “Privacy Policy” link, which I and colleagues have found is misleading, giving consumers the idea that a privacy policy is something that inherently protects privacy, rather than simply being a statement of a company’s data practices. Rather than adding a Do Not Sell logo to the fray, I’d rather see a concerted strategy to redesign notice, consent, and privacy policies based on how people actually process and understand information, rather than a focus on simply tacking legal notices on to webpages and mobile apps.

Our colleagues at Carnegie Mellon University recently conducted a study to explore how best to communicate the Do Not Sell concept to the public. Their specific recommendation, which was submitted to the Attorney General’s office, was a “toggle” icon with the Do Not Sell My Personal Information” tagline:

If the AG’s office must adopt a logo, we support CMU’s proposed design, which was methodically tested and documented in their report. However, if the AG can dodge the issue of a logo at this juncture, we recommend that path as we think a better approach would be to evaluate the larger landscape of how we present privacy policies and other privacy options rather than tacking on yet another visual signifier. Finally, we do not recommend the AG adopt the option presented in the 2/10 draft regulations: a red toggle button which appears to be based on Apple's iOS user interface guidelines (below).

We outline the reasons in depth in our comments, but in a nutshell: it’s confusing. We argue people are more likely to misconstrue this as an actual interactive toggle switch and not a logo, which can lead them to believe that they are already opted-in to Do Not Sell, and may reduce the discoverability of the actual controls (which, to be clear, would be linked to a separate webpage from this proposed logo; the logo is not intended to be an actual control). Even when paired with a tagline (see below), in a very informal survey I conducted my participants all thought this was an interactive element that conveyed an actual system status (that Do Not Sell on the website was set to "off").

The design of notices, icons, logos and links is an area that requires expertise from visual designers and human-computer interaction experts (including interaction designers and user experience researchers). Done on the fly and without the insights of these professionals, we risk legislating ineffective design that puts consumers at a disadvantage in terms of exercising the very rights these laws are attempting to provide.