Uh Oh! Slack Got in Trouble for its Privacy Policy. Here’s How to Avoid the Same Mistake

Rebecca // May 24 // 0 Comments

Last week Slack was caught off-guard when someone read their privacy policy.  When a software engineer read it and complained on Hacker News, the policy got attention and Slack suffered a reputational hit in the privacy and data community.  Let’s see what went wrong and how to avoid this situation for your own tech startup.

What Happened with Slack?

Slack lets companies chat online. These chats can include anything from someone’s lunch plans to secret company ideas. Basically, the chats can be both boring everyday stuff and really important secrets. Both companies and employees want to keep their chats private.

Last year, Slack updated its privacy policy, but then added new features that used artificial intelligence (AI) and Large Language Models (LLMs). The problem was, the privacy policy didn’t mention this new AI stuff, but it could be interpreted to include it. People got confused and worried that Slack wasn’t protecting their data properly.  At first Slack tried to point to their technical blogs to explain what they were doing.  Of course, people didn’t buy the idea that a blog is more binding that the privacy policy.  Slack has now addressed the issue more explicitly

Why Did This Happen?

There are a few reasons why Slack messed up. Here are the main ones:

  • Out-of-date Policy: Slack’s policy was like an old instruction manual. It explained how things MIGHT be done in the future, but not how they were actually done NOW. This suggests that different teams at Slack weren’t talking to each other.
  • Confusing Tech Talk:  Slack uses terms like “AI” and “machine learning” (ML) in its policy. This can be confusing because there are multiple ways these terms are being defined.  Furthermore, Slack has different policies for different types of AI and ML, which makes it even more confusing to any external person.
  • Focusing on Tech, Not People: When Slack tried to fix the problem, they talked about the technology they used, but not how it affected people. People care more about their privacy than about what kind of cloud storage a company uses!

How to Avoid This Mess

So, how can your tech startup avoid a privacy policy mess like Slack? Here are some tips:

  • Team Up! Get your multiple teams talking to each other about privacy, reputation, and trust. This means people from marketing, engineering, security, and legal should all work together. This way, everyone is on the same page.  I recommend monthly or quarterly meetings with trained privacy advocates.  
  • Talk Like a Normal Person: Explain things in a clear and simple way. Avoid confusing tech jargon and focus on how your policy affects people’s privacy.  To learn more about this, I highly recommend this book on risk communication:  Morgan, M. & Fischhoff, Baruch & Bostrom, Ann & Atman, Cynthia. (2001). Risk Communication: A Mental Models Approach. 
  • Listen to Your Users: Find out what kind of privacy concerns your customers have. You can do surveys, talk to them directly, or even look at research papers on what people worry about regarding AI and privacy.  
  • Hire a Privacy Pro: Consider hiring someone who understands both privacy and technology. This person can help you write a clear and up-to-date privacy policy based on what is actually happening with the data.

 

Interested in privacy testing for your organization?

We offer AI auditing and privacy red teams.

About the Author Rebecca

Dr. Rebecca Balebako builds data protection and trust into software products. As a certified privacy professional (CIPP/E, CIPT, Fellow of Information Privacy) ex-Googler, and ex-RANDite, she has helped multiple organizations improve their responsible AI and ML programs.

Our Vision

 We help companies build data protection that their users love.

Privacy by Default

respect

Quality Process

HEALTH

Inclusion

>