Share/E-mail This Story

Email This



People Don't Read Privacy Policies... But Want Them To Be Clearer

from the sounds-good-to-me dept

We already know that people don't read online privacy policies and often (falsely) assume that if there's any such privacy policy it means their data is safe. There are, of course, even questions as to whether or not a privacy policy is even valid if no one reads it. Still, many consumer and privacy activists continue to act as if the privacy policy is a key aspect of online privacy. In fact, regulators in both the UK and the US seem to be admitting no one reads privacy policies, but demanding they are improved anyway. Specifically, a study done by regulators in the UK shows that 71% of people don't read privacy policies, but 62% want them clearer.

Now, you could make the argument that the reason people don't read privacy policies is because they are too confusing and not at all clear. And, there's something to be said for simplifying privacy policies. To be honest, I'm surprised no one has come up with a Creative Commons-like standard setup for privacy policies (pick and choose a few attributes, have nice images, and make it all clear in a single link). However, it seems to be focused on the wrong issue. It seems likely that the uselessness of privacy policies has a lot more to do with the fact that people don't care (or they don't believe any privacy policy, no matter how clear) or that they think no matter what the privacy policy is, it won't matter once the data is leaked or the company changes its policy. So rather than focusing on creating better privacy policies, shouldn't the focus be on what companies actually do rather than what they say they do?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Yosi, Feb 18th, 2009 @ 12:06am

    Most people don't read criminal laws either

    So now what, let's get rid of them too?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Frosty840, Feb 18th, 2009 @ 12:20am

    The privacy policy people want to see is "We don't own your stuff, we won't give away your stuff, we won't sell your stuff and we won't use your stuff."

    Anything more complicated than that is, people assume, cunningly-written legalese for "This looks like we're saying we don't own your stuff, but we really do. Suckers."

    Legalese is pretty much at the point where it's easier to guess what it says without reading it at at all and rely on an "I could not have possibly understood this, I am not a lawyer and I'm not a Swede; you wouldn't be allowed to tell me my rights in Swedish, so nobody should be able to tell me their policies in Legalese and expect me to understand those either" defense.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    simon, Feb 18th, 2009 @ 12:35am

    I know people don't read them, but I thought it was to cover your ass?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    bob, Feb 18th, 2009 @ 2:51am

    Privacy Policies

    Privacy Policies really do not matter as they can be changed on a whim. There is nothing that allows you to enforce them.
    What might be needed is a HIPA for the Internet. where you must do as you say and can't just change things when the company changes owners. Or debt load. Where there is a cost if you do not do what is right.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Chraos, Feb 18th, 2009 @ 6:07am

    Re:

    @Frosty840 - excellent comment, I think you captured the sentiment of many.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Jesse, Feb 18th, 2009 @ 6:09am

    I think what people want is a simple, one line thing, "We collect your information and sell for beer money." or "We don't sell your information."

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Steve R. (profile), Feb 18th, 2009 @ 6:44am

    Gobbley Gook

    We just received a bunch of these privacy notices from the credit card companies, since they seem to be all changing their policies. I wonder why!?!?!?! (sarcasm).

    Anyway they all read: We respect your privacy so we will sell/give/rent/trade or whatever your personal information to anyone who asks (pays) so that they can send you even more junk mail. Oh, by the way, if the personal information that we sold to some unknown entity is used to "steal" your identity, it isn't our fault since you failed to sign-up and pay for this protection even though we said that we "protect" your data.

    What also gets me, if you want to opt-out of having your information broadcast to the world, these companies make it purposely difficult. If privacy/security really mean something, the trading/selling/renting of data that a company collects should be made illegal.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    BK, Feb 18th, 2009 @ 9:08am

    Certification System

    Something similar to the ISO9001 certification for privacy would be a nice replacement or even a standard privacy rating system, so that basically there are only a couple of variations on privacy agreements. Something like:
    1. Completely Private
    2. No Personally Identifiable Info
    3. Sign Up for Spam Here!

    This way, once you were familiar with the certifications, you would not have to spend 30 minutes readin through legal jargon.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Feb 18th, 2009 @ 10:51am

    "People Don't Read Privacy Policies... But Want Them To Be Clearer" clearly nonsense since if people didn't read tehm they wouldn't care, but they do care as has been demonstrated often - recently by the latest facebook climb down.

    "In fact, regulators in both the UK and the US seem to be admitting no one reads privacy policies...." also nonsense - ehat they actually said was that 71% did not read or understand privacy policies, not understanding is clearly not the same as not reading, and lets face it even the genius Masnicks don't understand them.

    "...uselessness of privacy policies has a lot more to do with the fact that people don't care..." typical of the Masnicks - big business should be free to do what ever it wants without interference because nobody cares anyway.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Cap'n Jack (profile), Feb 18th, 2009 @ 11:30am

    Re:

    "'People Don't Read Privacy Policies... But Want Them To Be Clearer' clearly nonsense since if people didn't read tehm they wouldn't care, but they do care as has been demonstrated often - recently by the latest facebook climb down."

    Hardly anyone read that. A very small amount of people did, took a misleading excerpt and blew it out of proportion all over the blogosphere (do people even use that term anymore...). Basically, most people read a tiny portion of the changes and started freaking out, because they thought Facebook was going to start selling user-content.

    "'In fact, regulators in both the UK and the US seem to be admitting no one reads privacy policies....' also nonsense - ehat they actually said was that 71% did not read or understand privacy policies, not understanding is clearly not the same as not reading, and lets face it even the genius Masnicks don't understand them."

    They're interrelated. You don't read them because they're overly long and difficult to understand. You have to muddle through a bunch of ambiguous garbage to understand any of the basic concepts. I make an effort to skim through them and get what I can, but that's more than I can say for most people I know. I mean, I think it's safe to say most people don't even read instruction manuals unless they're absolutely stuck, and those usually are much easier to read (and often come with pretty pictures!)

    "'...uselessness of privacy policies has a lot more to do with the fact that people don't care..." typical of the Masnicks - big business should be free to do what ever it wants without interference because nobody cares anyway."

    That's not what Mike was saying; you're taking it out of context. It's ironic how you insult his ability to grasp things when you can't even grasp the simple things he's saying. What he's saying is privacy policies are rendered useless when no one cares to navigate through them, or don't trust that the company is going to hold true to the policy anyway.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Michael, Feb 18th, 2009 @ 12:04pm

    may YOU don't

    I always read the privacy policy, EULA, and any other legal documentation that comes with my software or accompanies any online accounts. So because the vast majority of people are idiots, the few that have some common sense should not be protected? Ya F*ck you.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Carolyn Hodge, Feb 18th, 2009 @ 12:11pm

    Privacy Policies, A Neccessary Evil?

    I think people are missing the point slightly here. Privacy Policies, as they exist, are an important contract (like terms of service) to which companies are held legally accountable. Unfortunately because they are often, exhaustive, they have become a lazy way for companies to communicate customer data policies and practices to consumers. Typically the privacy statement is not the location for consumers to manage their preferences about their personal or anonymous information. Facebook is one of the best examples of this. You can manage the exposure of your detailed profile information to a single person or noone. Privacy controls in their best implementation should be seamless to us.

    Second thing, the free internet in all its wonder, is made possible by advertising. Advertising, while annoying sometimes, is arguably, not very harmful, and our surveys show that users prefer relevant advertising.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    IANAL, Feb 18th, 2009 @ 8:33pm

    Re: Privacy Policies, A Neccessary Evil?

    Carolyn Hodge -> Privacy Policies, as they exist, are an important contract (like terms of service) to which companies are held legally accountable.

    That is what they want you to believe. In truth, the only ones that are being held to the "contract" are the users.

    These EULAs and TOSs are just a means for the corps to justifiy their bad behavior. If you continue to use their service, then you have implicitly agreed to their terms. This is unconscionable and therefore not binding.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Name, Feb 19th, 2009 @ 9:39am

    it has been done

    There has been an "Iconset for Data-Privacy Declarations" proposed at influential german blog netzpolitik.org: http://netzpolitik.org/2007/iconset-fuer-datenschutzerklaerungen/
    The PDF: http://netzpolitik.org/wp-upload/data-privacy-icons-v01.pdf

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    weatherfrog, Feb 19th, 2009 @ 10:14am

    Privacy-Iconset Beta

    Hi there,

    as mentioned in the comment above, I already proposed this idea 2007 and heard afterwrds that Mary Rundle (former Harvard/Bergman-Center, now Oxford) propsed already in 2004.

    We restarted working on it!

    A small Kick-off-Meeting will take place, as a workshop, on the conference "Privacy OpenSpace" in beginning of April in Berlin. Here the preperation / overview:

    https://www.privacyos.eu/wiki/index.php/PrivacyRightsAgreements

    We have mailinglist for this circle, feel free to contact me with any question or support you may have concerning this project:

    wetterfrosch@einmachglas.info

    Best,
    Matthias

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    weatherfrog, Feb 19th, 2009 @ 10:19am

    Re: Privacy-Iconset Beta

    There is an english article by the german digital-rights activist Ralf Benrath about it:

    http://bendrath.blogspot.com/2007/05/icons-of-privacy.html

    And other receiptions, as in this english-speaking blog:

    http://konrad.foerstner.org/2007/06/google-privacy-again-and-how-to-improve-privacy-communi cation/

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    coffee, Feb 22nd, 2009 @ 1:19am

    Facebook

    It makes no sense that Facebook would risk messing up a good thing by edging in on people's intellectual property. They had people's trust and then they go and risk losing it; not smart.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Feb 27th, 2009 @ 9:21am

    Ah! An article that addresses the underlying social issues. How refreshing. Although, the rabbit hole is much deeper, there are some very serious epistemological questions about privacy and autonomy, that are completely untouched. Specifically, icons address a piece of the issues but will not be very useful until the deeper issues of transparency are first addressed. Icons are definitely a tool which provides transparency, but a better understanding of contextual values need to be identified and addressed so that icons can be applied on a scale that would be useful. So what are the deeper issues? Control, Power, Access to Information?

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    cybercrack, Feb 27th, 2009 @ 9:22am

    Dig Deeper

    Ah! An article that addresses the underlying social issues. How refreshing. Although, the rabbit hole is much deeper, there are some very serious epistemological questions about privacy and autonomy, that are completely untouched. Specifically, icons address a piece of the issues but will not be very useful until the deeper issues of transparency are first addressed. Icons are definitely a tool which provides transparency, but a better understanding of contextual values need to be identified and addressed so that icons can be applied on a scale that would be useful. So what are the deeper issues? Control, Power, Access to Information?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jan 26th, 2012 @ 9:36pm

    I think if the privacy policies are written in short and bullet style format (briefing very basic points of the context), then it would be rather helpful and easy to read

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This