OpenConsent with a Public Privacy Profile

A Privacy Policy, is meant to represent what operational privacy looks like for an organisations when they collect and process personal data.  The outcome, however, is not a meaningful privacy policy for people. Privacy policies were invented for companies as internal documents, and when repurposed for online use don’t function operationally, are not used correctly,  and today they simply don’t work.

Almost all privacy policies fail to a) manage the expectation or understanding of people’s privacy b) informs people in a meaningful way about what privacy they have.   

In 2019, protecting people is a big focus, cyber security issues are hitting epidemic proportions highlighting a key problem that data protection is failing to protect privacy.  The security industry itself needs to fundamentally address the lack of privacy security for people, not just companies.

Key to understanding privacy focused security, is that a privacy policy is not opt-in.  Any website or company who takes the advice of a lawyer who advocates to put in an opt-in privacy policy, or to put in a notice that the users agree they  ‘understand changes to a privacy policy’ are red flags you are looking at effectively a fake privacy policy. This is not how privacy or a it’s policy works.  Lawyers originally added a contract clause to a privacy policy to fill a gap to get e-commerce on the internet working, it was a band-aid 20 years ago. Today it is critical to evolve the privacy policy, so in fact we can have privacy that can be used by people.   



EditorialMark LizarMain