This startup uses AI to help companies comply with privacy rules
Common Sense Privacy harnesses AI to help businesses of all sizes draft and evaluate privacy policies.
Originally published by Fast Company, December 13, 2023
Common Sense Privacy, an AI Fund-backed, for-profit spinoff of the nonprofit content and privacy rating organization Common Sense Media, debuted on Wednesday a new set of AI-enabled tools that aim to help startups and other small businesses keep up with ever-changing privacy regulations. Among those tools is a so-called privacy policy wizard that uses large language model (LLM) AI to generate draft privacy policies and offer advice on filling out the privacy “nutrition labels” now required by app stores.
“We take them through a TurboTax-like online guided interview process that really helps identify what their practices are, and essentially helps them create some of those artifacts that are being required right now,” says Common Sense Privacy CEO Daphne Li.
The wizard arrives at a time when companies of all sizes are under pressure to develop robust policies in order to comply with a growing number of privacy laws and requirements by platforms like Apple’s App Store and Google Play.
“If you look at a lot of the very new regulations, frankly, it’s challenging for small startups without the massive compliance machinery to comply with them,” says Andrew Ng, the cofounder of Google Brain and Coursera who’s now managing general partner at AI Fund, which just led a $5 million funding round for Common Sense Privacy. “And what that means, frankly, is many startups are unfortunately not able to reasonably comply with these.”
Common Sense Privacy is also now offering a privacy dashboard and scorecard. While the wizard helps document what companies are already doing, the dashboard evaluates what they’re currently doing against various regulations and industry norms, offering recommendations as to how they might improve. “We offer practical suggestions, we try to meet people where they are, and offer some suggestions on how they might close those gaps,” says Li.
Common Sense Privacy also plans to offer a public-facing seal for organizations that score high on the privacy scoreboard. Access to all of the services is currently waitlisted.
The company offers its services on a subscription basis. Clients can also use the tools to see how potential decisions — like monetizing aspects of customer data — would impact their legal compliance and scorecard ratings.
Multimedia discussion platform VoiceThread, which frequently works with educational institutions like school districts and colleges and emphasizes user privacy, was one of Common Sense Privacy’s early customers. Cofounder and CEO Steven Muth says he found the scorecard process helpful even given his experience working on privacy matters, and imagines it would be at least equally useful for organizations just getting started on privacy questions.
“The dashboard is just a very usable way for a novice product manager [or] product developer to look and go, ‘Oh, that’s how this is going to impact our score,’ and then you get to make a decision,” Muth says.
Li emphasizes that any privacy policies suggested by the wizard tool should be considered drafts. Like with many AI-generated documents, it can still be helpful to have a human review them. “Sometimes you might fill things in and then when you actually see it on paper, it might actually spark additional questions,” she says. And some companies may still wish to have their lawyers review the policies before they’re published.
Li imagines that after working with the initial set of customers and refining the AI systems and questionnaires, users will need to make fewer and fewer modifications to their generated policies. So far, Common Sense Privacy has found AI is fairly adept at understanding the nuances of privacy rules.
“Fortunately, we found that LLMs are actually pretty good at helping to automate some of these assessments,” says Ng.