Terms of Service; Didn't Read (https://tosdr.org) is a project aiming to achieve what you describe, but it's mainly for websites and web applications.

They need much more contributors though.

With a much more clearly defined set of items they measure this is fairly close to an initial version of what I was describing. With that and a standardized legend for the rating for each item (save the specifics for a mouse-over) it would be fairly easy to create a service matrix of selected services.

TOSDR isn't just a good service, it has some momentum and an excellent dataset already. If the right people were to start contributing it could gather quite a lot of steam.

Thanks for posting this-I was unaware. I'll add my new site when it comes online.

How about the EFF's https://www.eff.org/who-has-your-back-government-data-reques...? If you have specific items you think should be on the list, why don't you reach out to them and suggest it?

Besides being too broad, it tracks only a few items. I outlined five possible states above for how a company deals with a subject, a sixth would be "unknown". The EFF just has a star, which considering their goal, which is similar but not quite the same, is fine. They are looking to encourage companies to change by influencing the consumers as well, but I think they are going for a more emotional influence, while I am espousing a more informational influence. Make it easier to see the specifics in a more granular fashion so consumers can be informed.

Additionally I'm not entirely sure how to split out all the different things to track with regard to privacy, which is why I think it's a big project. But I see a need, and I think someone could do well for themselves filling that need.

I think expanding this EFF project would be both easier and better than starting your own, if they were interested. You get added publicity for free plus credibility.

They could have an expanded version with more details, which satisfies both goals.

I agree, but I'm not sure how amenable they are. It really depends on their goal for that page, and whether they think it achieves it better in it's current state.

Unfortunately, I'm far too burdened with commitments to do this myself, so it's more a call to arms than a statement of intent. :/

You really can't create a matrix of how different companies handle the information, because there is no practical way for you to determine that. You could, however, create a matrix of what different companies claim they do with the information. While this might be helpful to those who are inclined to believe that companies always do exactly what they say, it isn't going to be very helpful to those who want to protect information in a reliable way.

If you want reliable protection, you eliminate or block those mechanisms which expose information to others. You could create a matrix which identifies different types of exposures and shows which can be avoided when using a given product or service. It would be a major task though, because technical details that are often not well documented can have a big impact on exposures. You couldn't afford to miss something like a user identifier that accompanies phoned home data.

Of course, the available information is what's presented. But what I outlined isn't any less effective because the specific actions are unknown. You have to assume if they say they can/may do something with regard to your data, it's being done (or can/will be done in the future). Privacy policy violations are actionable, so what they say they are allowed to do is what should be started with. If there's specific credible information that they do otherwise, them you use that.

The whole point is making it easy to judge how companies interact with their customers in regard to data and privacy so market pressure can do it's thing.

I like your idea at the end there. Any known examples of this? Or maybe a proof of concept?

Maintaining it would be a pain. I'd like to see each company maintain their own table of terms and policies.

Other than maintenance, I'm concerned about how conditional sharing would be expressed succinctly... of course it's just a watered down version but you'd have to do it carefully.

From your sibling comment, https://tosdr.org/ seems like it gets partly there. The items listed don't seem to be standardized for the initial view though. Then again, I just visited it for the first time in years (I had heard of it, but completely forgotten), so I don't claim to have a good idea of exactly what it offers.

The first step would be getting a formalized set of metrics, which is in itself a bit project. Once you have that, a framework to crowd source the specific answers from users (hopefully with references to a TOS/Privacy policy section) would be the easiest way to keep it up to date. Allowing comments and annotations for further info on a specific company's rating for an item that could be expanded would let people drill down on the details.