Privacy Settings are a Privacy Failure
The EU GDPR (General Data Protection Regulation) being written into statute this month explicitly calls for those storing or operating on personal data to follow the 7 principles of Privacy by Design. The 2nd principle of which is “Privacy as the Default Setting”.
If you follow the simple logic that all operations on your or my personal data are private by default, then really, there is no need for privacy settings – none. In fact the number and complexity of privacy settings can be directly correlated to the inherent lack of privacy in the platform or product you are using, generally driven by the platform providers business model of the monetisation of you.
As an app developer who fully embraces these principles, it is notable that our Krowd app has no privacy settings function in the app. By starting with respect for peoples data such that we treat it as if owned by the individual, which means maintaining provenance of all data and meta-data and derived (analytic) data, then every share has to become an explicit opt-in decision by the user, plus the app interface should make it clear what is being communicated with whom for what purpose. This is the essence of privacy. Privacy is a function of control of what is shared with whom and why, it is not a lack of sharing.
Maintaining provenance also allows us to follow another GDPR principle – the right to delete. Something incumbent platform providers will find almost impossible to implement in principle without having tracked provenance.