Cronk and Solove win ONC Model Privacy Notice Challenge

June 6, 2016 (Washington, D.C.): Professor Daniel J. Solove and R. Jason Cronk have produced the winning Model Privacy Notice tool in the Privacy Policy Snapshot Challenge, a competition sponsored by the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology (ONC).  According to ONC: “The Privacy Policy Snapshot Challenge is a call for designers, developers, and health data privacy experts to create an online Model Privacy Notice (MPN) generator. The MPN is a voluntary, openly available resource designed to help health technology developers who collect digital health data clearly convey information about their privacy and security policies to their users.”

The MPN was jointly developed in 2011 by the Federal Trade Commission (FTC) and ONC.

 

Cronk and Solove collaborated on developing a tool to help health technology developers generate privacy notices easily and in a way that is understandable to a wide audience.  They designed the generator to produce policies that are clear, comprehensible, and visually appealing.  They also built the generator so that it would be easy to use by developers.

 

As developers input information about their privacy practices in a form on the left side, the tool generates the privacy notice on the right side, showing how it will look to the consumer.  The generator tool breaks down the MPN in a simple and visual way and takes developers through it step by step.

The tool also generates raw HTML that the developers can copy and paste into their website for displaying their finalized notice to consumers, allowing for further customization as desired by the developer. The tool uses open source jQuery UI and Bootstrap CSS and the images are provided under the open MIT license. It is available on GitHub or on Enterprivacy.com.

Cronk and Solove both say that they collaborated to demonstrate how technology and design could be used to enhance privacy, making it easier for organizations to improve their privacy practices and better communicate about privacy with consumers.   “There are many instances of developers not focusing on privacy at all and not providing any notice to consumers,” says Solove.  “Our goal was to create something that would help more developers take time to reflect on privacy and make it easier for them to inform consumers.”

Cronk and Solove are planning to look to expand the tool for more generic use cases outside of health care. “Having an easy-to-use tool that companies can use to create a simple and understandable privacy notice will be extremely helpful to my clients,” says Cronk, whose consulting practice focuses on helping companies design and develop their products and services with privacy in mind.

Cronk, who is also president of Microdesic, a startup in the financial cryptography space, plans on using the privacy notice tool with Privacy Manatee, a premium browser extension which pays publishers, using anonymous micro-payments, to provide ad/tracking free versions of their website.  Privacy Manatee will be launched during a crowd-funding campaign in the coming months.

About Professor Daniel J. Solove

Solove is the John Marshall Harlan Research Professor of Law at George Washington University Law School and the founder of TeachPrivacy, a training company that produces workforce privacy, security, and HIPAA training. He is the author of 10 books and more than 50 articles.  Professor Solove is the organizer, along with Professor Paul Schwartz of the Privacy + Security Forum (Oct. 4-7, 2017 in Washington, DC), an annual event that aims to bridge the silos between privacy and security.  Solove tweets through @danielsolove.

About R. Jason Cronk

Cronk is the founder of Enterprivacy Consulting Group, a boutique privacy consulting firm focused on Privacy by Design. He holds a JD from Florida State University and has been recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy. He is a frequent blogger and speaker on privacy issues and tweets through @privacymaverick