U.S. patent application number 15/256082 was filed with the patent office on 2017-03-09 for live privacy policy method and apparatus.
The applicant listed for this patent is Swim.IT Inc.. Invention is credited to Christopher David Sachs.
Application Number | 20170068827 15/256082 |
Document ID | / |
Family ID | 58188681 |
Filed Date | 2017-03-09 |
United States Patent
Application |
20170068827 |
Kind Code |
A1 |
Sachs; Christopher David |
March 9, 2017 |
LIVE PRIVACY POLICY METHOD AND APPARATUS
Abstract
A live privacy policy method and system enables enterprises to
update in real-time their privacy policy declaration by monitoring
the third-party activities using the invention described herein.
Once the software is integrated into the website and web
applications, third-party related activities are captured
continuously and used to build a live profile that is also updated
continuously. This allows enterprises adhere to privacy policy
regulations without any delays. This also benefits consumers who
are able to view the data being collected to determine if they want
to opt out.
Inventors: |
Sachs; Christopher David;
(Sunnyvale, CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Swim.IT Inc. |
San Jose |
CA |
US |
|
|
Family ID: |
58188681 |
Appl. No.: |
15/256082 |
Filed: |
September 2, 2016 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
62214786 |
Sep 4, 2015 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04L 61/2069 20130101;
G06F 16/22 20190101; H04L 43/0894 20130101; H04L 51/14 20130101;
H04L 51/34 20130101; H04L 63/205 20130101; G06Q 30/0277 20130101;
H04L 63/0407 20130101; H04W 12/02 20130101; G06F 2221/2141
20130101; G06F 21/31 20130101; H04L 67/104 20130101; G06F 21/6254
20130101; G06F 2221/2149 20130101; G06F 21/121 20130101; H04L
47/125 20130101; H04L 61/1541 20130101; H04L 51/12 20130101; H04L
63/0227 20130101; H04L 51/04 20130101; H04L 67/101 20130101; G06F
21/604 20130101; H04L 45/70 20130101 |
International
Class: |
G06F 21/62 20060101
G06F021/62; G06F 21/12 20060101 G06F021/12; G06F 21/60 20060101
G06F021/60; G06F 21/31 20060101 G06F021/31 |
Claims
1. A method programmed in a non-transitory memory of a device
comprising: a. collecting real-time data associated with a
company's website ecosystem partners and affiliates; and b.
generating a dynamic privacy document which is updated based on the
real-time data.
2. The method of claim 1 wherein the real-time data comprises a
user's privacy data including Personally Identifiable Information
(PII) and Personal Profiling Information (PPI).
3. The method of claim 1 wherein the user's privacy data includes
the user's name, address, phone number, websites visited, location,
or purchase history.
4. The method of claim 1 further comprising displaying the dynamic
privacy document.
5. The method of claim 1 further comprising enabling a user to
provide input regarding the collection of the real-time privacy
data.
6. The method of claim 5 wherein enabling a user to provide input
includes collaborating with the company's advertisement ecosystem
and affiliates regarding private data collection, processing and
storage of private data.
7. The method of claim 5 further comprising enabling a user to
receive personalized content, and enabling the user to control what
information is shared and how the information is used.
8. The method of claim 1 further comprising: identifying personally
identifiable information and personality profiling information; and
forwarding a restriction specified by a user to a do not track
manager based on reviewing the personally identifiable information
and the personality profiling information.
9. The method of claim 1 wherein collecting the real-time data is
with a software developer kit along with a privacy application
programming interface.
10. The method of claim 1 wherein collecting the real-time data is
with a browser extension.
11. An apparatus comprising: a. a non-transitory memory for storing
an application, the application configured for: i. collecting
real-time data associated with a company's website ecosystem
partners and affiliates; and ii. generating a dynamic privacy
document which is updated based on the real-time data; and b. a
processor for processing the application.
12. The apparatus of claim 11 wherein the real-time data comprises
a user's privacy data including Personally Identifiable Information
(PII) and Personal Profiling Information (PPI).
13. The apparatus of claim 11 wherein the user's privacy data
includes the user's name, address, phone number, websites visited,
location, or purchase history.
14. The apparatus of claim 11 further comprising a display for
displaying the dynamic privacy document.
15. The apparatus of claim 11 the application further configured
for enabling a user to provide input regarding the collection of
the real-time privacy data.
16. The apparatus of claim 15 wherein enabling a user to provide
input includes collaborating with the company's advertisement
ecosystem and affiliates regarding private data collection,
processing and storage of private data.
17. The apparatus of claim 15 the application further configured
for enabling a user to receive personalized content, and enabling
the user to control what information is shared and how the
information is used.
18. The apparatus of claim 11 the application further configured
for: identifying personally identifiable information and
personality profiling information; and forwarding a restriction
specified by a user to a do not track manager based on reviewing
the personally identifiable information and the personality
profiling information.
19. The apparatus of claim 11 wherein collecting the real-time data
is with a software developer kit along with a privacy application
programming interface.
20. The apparatus of claim 11 wherein collecting the real-time data
is with a browser extension.
21. A system comprising: a. a client device configured for
collecting real-time data associated with a company's website
ecosystem partners and affiliates; and b. a server device
configured for generating a dynamic privacy document which is
updated based on the real-time data.
22. The system of claim 21 wherein the real-time data comprises a
user's privacy data including Personally Identifiable Information
(PII) and Personal Profiling Information (PPI).
23. The system of claim 21 wherein the user's privacy data includes
the user's name, address, phone number, websites visited, location
or purchase history.
24. The system of claim 21 wherein the client device is configured
for displaying the dynamic privacy document.
25. The system of claim 21 wherein the client device is configured
for enabling a user to provide input regarding the collection of
the real-time privacy data.
26. The system of claim 25 wherein enabling a user to provide input
includes collaborating with the company's advertisement ecosystem
and affiliates regarding private data collection, processing and
storage of private data.
27. The system of claim 25 further comprising enabling a user to
receive personalized content, and enabling the user to control what
information is shared and how the information is used.
28. The system of claim 21 wherein the client device is configured
for: identifying personally identifiable information and
personality profiling information; and forwarding a restriction
specified by a user to a do not track manager based on reviewing
the personally identifiable information and the personality
profiling information.
29. The system of claim 21 wherein collecting the real-time data is
with a software developer kit along with a privacy application
programming interface.
30. The system of claim 21 wherein collecting the real-time data is
with a browser extension.
Description
CROSS-REFERENCE TO RELATED APPLICATION(S)
[0001] This application claims the benefit of U.S. Provisional
Patent Application Ser. No. 62/214,786, filed Sep. 4, 2015, and
titled "PRIVACY AWARENESS APPLICATION, LIVE PRIVACY POLICY, AND
DISTRIBUTED AND MULTIPLEXED PEER TO PEER REAL-TIME MESSAGING
UTILIZING BACK PRESSURE SIGNALLING," which is hereby incorporated
by reference in its entirety for all purposes.
FIELD OF THE INVENTION
[0002] The present invention relates to the field of privacy and
security. More specifically, the present invention relates to
website privacy and security.
BACKGROUND OF THE INVENTION
[0003] Today's websites and web application interaction model
involve a browser retrieving data over the Internet (e.g., WWW)
from advertisers, data collectors, content delivery networks and
enterprise servers. Interaction model refers to the flow of data
and control between various entities. Browsers displaying the web
application or website user interfaces directly interact with many
types of systems on the internet (e.g., advertiser systems). The
common perception is that the website or web application is driven
from the software residing on enterprise servers. This might be the
case for enterprises that are business-centric, but
consumer-centric enterprises work with many partners and affiliates
(e.g., Google Analytics, a data collector), and therefore the data
and control flow is dynamically constructed based on the consumer
activity on the website or web application.
[0004] This dynamic interaction model is important for
implementation of today's business strategies. Unfortunately, there
are people and businesses that are taking advantage of this model
to collect and misuse consumer data that can lead to privacy and
security issues.
[0005] Enterprises are providing free products (e.g., email
application) and services in exchange for the right to collect
user/consumer information. This was the start of consumer data
privacy problems, and today this data collection is being taken
advantage of by third-parties (partners, direct and indirect
affiliates and others) without direct consent of users/consumers.
Key problems associated with data collection are: [0006] 1.
Users/Consumers do not have an explicit understanding of specific
data that is being collected, stored, used, shared and for what
purpose. This data is being monetized by the collecting
enterprises. If consumers are aware of specifics and the associated
opportunity cost then they can make a more informed decision about
using these free products and services. [0007] 2. Consumers have a
very limited or no understanding of data being collected by
third-parties. This data is typically Personally Identifiable
Information (PII) and Personality Profiling Information (PPI). This
data is being monetized and misused by the collecting
third-parties. If consumers are aware of what is being collected by
these third-parties then they can opt-out or inform the enterprises
to stop this data collection.
SUMMARY OF THE INVENTION
[0008] A live privacy policy method and system enables enterprises
to update in real-time their privacy policy declaration by
monitoring the third-party activities using the invention described
herein. Once the software is integrated into the website and web
applications, third-party related activities are captured
continuously and used to build a live profile that is also updated
continuously. This allows enterprises adhere to privacy policy
regulations without any delays. This also benefits consumers who
are able to view the data being collected to determine if they want
to opt out.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] FIG. 1 illustrates a block diagram of the live privacy
policy system according to some embodiments.
[0010] FIG. 2 illustrates a flowchart of an implementation of the
live privacy policy method according to some embodiments.
[0011] FIG. 3 illustrates a block diagram of an exemplary computing
device configured to implement the live privacy policy method
according to some embodiments.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
[0012] A privacy policy is a legal statement made by businesses to
declare their policy regarding collection, use, dissemination, and
maintenance of user/consumer/client ("Consumer") personally
identifiable information (PII) during the course of normal business
conducted using the software applications or website of the
business. Businesses are required to provide this legal statement
to protect Consumer privacy. The United States Federal Trade
Commission, U.S. state government agencies and similar agencies
from other countries have been using a variety of tools to protect
consumers' privacy and personal information.
[0013] Businesses have developed websites and web applications to
support the interactive and highly interconnected environment in
which people live and work today. These implementations involve:
sourcing of content that is displayed in realtime when a user
(e.g., Consumer) is interacting with the software; sourcing of
content that is personalized to a user. Personalizations are based
on: location of a user, profile/personality of the user, usage
history, customer data from other sources and more; sourcing
content from a multitude of sources; first party content where a
first party is the website or web application owner that has the
direct relationship with the user;
[0014] third party content, where a third party (e.g.,
advertisement networks) refers to: a business that is a separate
legal entity from the first party, a business not affiliated by a
common ownership or corporate control with the first party, a
business that has access to first party resources (websites, web
applications and data sources), if that business is authorized to
use the information gathered from the resources for marketing or
other purposes; content generation in realtime using dynamically
generated scripts and other techniques, content personalization in
realtime, customer data collection by first party or third parties,
a large volume of data collection to support profiling and
personalization, execution of range of analytics involving personal
data to provide insights into individual and group trends,
movements, interests, and activities; frequent and complex
interactions among various businesses that involve personal data;
and global availability of personal data, supported by
communications networks and platforms.
[0015] These implementations are leading to many problems such as:
[0016] 1. Privacy profiles that are high level and do not offer
Consumers a precise, transparent and easily understandable
statement about collection, use, dissemination, and maintenance of
PII and Personal Profile Information (PPI). [0017] 2. Involvement
of numerous third-parties results in Privacy profiles that do not
provide a complete purpose specifications that requires disclosure
of authority that permits the collection of PII & PPI, intended
use of PII & PPI, inability to control the PII and PPI data
collection and therefore adhere to the data minimization
requirement which involves: businesses collecting PII that is
directly relevant and required to accomplish a specified
purpose(s), and businesses retaining PII for a duration of time
that is necessary to fulfill the specified purpose(s). [0018] 3.
Dynamic nature and the involvement of third parties causes business
difficulty in tracking, accounting and auditing of PII [0019] 4.
Inability of the businesses to capture and record changes to the
privacy profile in a timeframe that reflects the reality. [0020] 5.
Lack of Consumer participation in a business privacy policy
implementation and maintenance due to lack of awareness regarding
the PII data collection (what, when, where, who, and more) and
inability and lack of technology/tools to offer consent to PII
related activities of a business. [0021] 6. Security of PII is
difficult because of the number of businesses handling the
information and distribution to many geographically diverse
locations. [0022] 7. Inability for industry watchdog groups and law
enforcement agencies to monitor and enforce privacy guidelines and
laws due to lack of information from the dynamic and realtime
network of privacy data collectors and users.
[0023] A live privacy policy system that is generated by the
collaborative efforts of key stakeholders involved in the PII
collection, retention, usage, sharing and maintenance, includes:
realtime data (who, what data, retention policy, usage policy and
sharing policy) for a first party and third parties, consumer
restrictions and business compliance information, and regulatory
requirements and business compliance information.
[0024] The live privacy policy system is tailored to a user and
reflects the true intent of privacy rights. The key stakeholders
responsible for the privacy policy are representatives of the
business, Consumers and Third parties. Each of the stakeholders
contribute to the generation of the Live Privacy Policy using tools
and data that is made available to them.
[0025] FIG. 1 illustrates a block diagram of the live privacy
policy system according to some embodiments. The live privacy
policy system 100 identifies the PII and PPI data collection of a
business. A suite of tools automatically generates PII data from
website and web applications associated with the business. For
applications on the web/desktop/mobile 102 that capture PII and PPI
data, an SDK along with a Privacy API 104 is able to be used to
capture the PII and PPI data transacted using the application. The
first party data is stored in the first party dataset 104 and the
third party data is stored in the third party dataset 106.
[0026] For websites 108, PII and PPI data transacted is able to be
captured by a browser extension 110, and the data is saved in first
party dataset 104 and in third party dataset 106.
[0027] Regulated PII and PPI is captured from the regulations and
saved in a dataset 112.
[0028] Users/consumers 114 view the first party dataset 104, third
party dataset 106, regulatory dataset 112 and specify the consumer
restrictions on the dataset 116. A live privacy policy manager 118
forwards restrictions specified by users 114 to a do not track
manager 120. The do not track manager 120 generates the appropriate
do not track requests to third parties and to the business
applications. In some embodiments, the do not track requests are
managed and monitored by industry entities such as National
Advertising Initiative (NAI) and Digital Advertising Alliance
(DAA). They will contact the appropriate company and request them
to adhere to the user request. Once a confirmation is received from
these entities, the do not track manager 120 will report back to
the Live Privacy Profile Manager 118, and the restriction status
will be updated from Pending to Active or will remain in Pending
status if a response is not received. In some embodiments, the do
not track implementation is automatically executed.
[0029] PII and PPI from business applications is captured in the
business application PII/PPI dataset 122.
[0030] Each time a user 114 requests a live privacy policy from a
business, the live privacy policy manager 118 reads the first party
dataset 104, third party dataset 106, consumer restrictions and the
business apps dataset 122 to generate the live privacy profile
124.
[0031] FIG. 2 illustrates a flowchart of an implementation of the
live privacy policy method according to some embodiments. In the
step 200, data collection is monitored from enterprise mobile and
web applications. The data collection is able to be monitored by
integration of enterprise mobile applications with the privacy API
using the SDK and/or offering consumers using enterprise web
applications and websites to install browser extension. In the step
202, once the software is integrated and installed, users using the
mobile and web applications are able to perform actions regarding
privacy. For example, users are able to observe the data being
collected. This is reflected in the enterprise privacy policy.
Users are also able to restrict the data the enterprise and third
parties are able to collect, use and share. The restrictions are
implemented by the software by forwarding do not track requests.
Users are also able to have a live privacy policy profile generated
which provides privacy information specific to the user. In some
embodiments, fewer or additional steps are implemented. In some
embodiments, the order of the steps is modified.
[0032] FIG. 3 illustrates a block diagram of an exemplary computing
device configured to implement the live privacy policy method
according to some embodiments. The computing device 300 is able to
be used to acquire, store, compute, process, communicate and/or
display information. In general, a hardware structure suitable for
implementing the computing device 300 includes a network interface
302, a memory 304, a processor 306, I/O device(s) 308, a bus 310
and a storage device 312. The choice of processor is not critical
as long as a suitable processor with sufficient speed is chosen.
The memory 304 is able to be any conventional computer memory known
in the art. The storage device 312 is able to include a hard drive,
CDROM, CDRW, DVD, DVDRW, High Definition disc/drive, ultra-HD
drive, flash memory card or any other storage device. The computing
device 300 is able to include one or more network interfaces 302.
An example of a network interface includes a network card connected
to an Ethernet or other type of LAN. The I/O device(s) 308 are able
to include one or more of the following: keyboard, mouse, monitor,
screen, printer, modem, touchscreen, button interface and other
devices. Live privacy policy application(s) 330 used to perform the
live privacy policy method are likely to be stored in the storage
device 312 and memory 304 and processed as applications are
typically processed. More or fewer components shown in FIG. 3 are
able to be included in the computing device 300. In some
embodiments, live privacy policy hardware 320 is included. Although
the computing device 300 in FIG. 3 includes applications 330 and
hardware 320 for the live privacy policy method, the live privacy
policy method is able to be implemented on a computing device in
hardware, firmware, software or any combination thereof. For
example, in some embodiments, the live privacy policy method
applications 330 are programmed in a memory and executed using a
processor. In another example, in some embodiments, the live
privacy policy hardware 320 is programmed hardware logic including
gates specifically designed to implement the live privacy policy
method.
[0033] In some embodiments, the live privacy policy application(s)
330 include several applications and/or modules. In some
embodiments, modules include one or more sub-modules as well. In
some embodiments, fewer or additional modules are able to be
included.
[0034] Examples of suitable computing devices include a personal
computer, a laptop computer, a computer workstation, a server, a
mainframe computer, a handheld computer, a personal digital
assistant, a cellular/mobile telephone, a smart appliance, a gaming
console, a digital camera, a digital camcorder, a camera phone, a
smart phone, a portable music player, a tablet computer, a mobile
device, a video player, a video disc writer/player (e.g., DVD
writer/player, high definition disc writer/player, ultra high
definition disc writer/player), a television, an augmented reality
device, a virtual reality device, a home entertainment system,
smart jewelry (e.g., smart watch) or any other suitable computing
device.
[0035] To utilize the live privacy policy method and system, data
collection is monitored from enterprise mobile and web
applications. Once software is integrated and installed, users
using the mobile and web applications are able to: observe the data
being collected and restrict the data the enterprise and third
parties are able to collect, use and share.
[0036] In operation, live privacy policy method and system provides
many advantages:
[0037] Enterprises will provide an accurate and up-to-date privacy
policy to the consumers and others who they conduct business with.
This will improve the credibility for the enterprise and provide
more confidence to consumers and others while conducting online
business with the enterprise.
[0038] Data trackers and advertisers are able to continue to
provide valuable personalization services to consumers but with
explicit consent from the consumers. This cooperative environment
will enable more accurate personalization and reduce the risks of
inadvertent data leaks and security issues around personal
data.
[0039] Consumers get personalized content while controlling what
they want to share with enterprises providing products and
services.
[0040] Consumer awareness that is context-specific and transparent,
such as identifying: PII and PPI that is collected, third parties
involved and their PII and PPI activities and other data sharing
relationships among third parties that are not directly attributed
to business that have direct consumer relationships. A business is
better able to establish and maintain consumer confidence and
trust, by: enabling consumer participation in PII activities,
viewing PII being collected, providing tools to update or remove
inaccurate data, providing a process to allow users to register,
track and view progress of complaints, enabling business to monitor
and manage data minimization requirements, enabling business to
monitor and manage PII including usage, quality and integrity and
security, and implementing realtime updates to privacy policy.
Businesses and consumers are offered a process to handle Customer
"Do Not Track" requests.
[0041] The present invention has been described in terms of
specific embodiments incorporating details to facilitate the
understanding of principles of construction and operation of the
invention. Such reference herein to specific embodiments and
details thereof is not intended to limit the scope of the claims
appended hereto. It will be readily apparent to one skilled in the
art that other various modifications may be made in the embodiment
chosen for illustration without departing from the spirit and scope
of the invention as defined by the claims.
* * * * *