To Read All Of The Privacy Policies You Encounter, You'd Need To Take A Month Off From Work Each Year
from the get-busy-reading dept
We’ve discussed the stupidity of privacy policies many times in the past. Honestly, it’s an idea that serves no useful purpose, yet most sites are required to have one, and if you don’t, people get all upset. But no one reads them, and most people incorrectly assume that if a site has any privacy policy, they must keep data private.
The reality is that the incentives of a privacy policy are to not use it to keep your info private. In fact, the incentives are to make a privacy policy as permissive as possible. Because the only time you get in trouble is not if you fail to protect someone’s privacy… but if you violate your own privacy policy. So companies have the incentive to write a privacy policy that is as permissive to the company as possible, so that they’re less likely to avoid violating their own privacy policy. That is, conceptually, the best privacy policy for a company is one that says “we don’t take your privacy seriously at all and share all your data,” because then they’ll never break that policy. Of course, companies don’t go that far, because that’s pretty extreme — but it does lead to vague privacy policies that no one reads anyway. Oh, and even when people do read them, almost no one understands them.
In fact, a new report notes that if you actually bothered to read all the privacy policies you encounter on a daily basis, it would take you 250 working hours per year — or about 30 workdays. The full study (pdf) by Aleecia M. McDonald and Lorrie Faith Cranor is quite interesting. They measure the length of privacy policies, ranging from just 144 words up to 7,669 words (median is around 2,500 words) and recognize that at a standard reading pace of 250 words per minute, most privacy policies take about eight to ten minutes to read. They also ran some tests to figure out how long it actually takes people to read and/or skim privacy policies.
They put all of this together and estimated that it would normally take a person about 244 hours per year to read every new privacy policy they encountered… and even 154 hours just to skim them. They used some variables to create a lower and upper bound estimate as well:
And, here’s the thing: that’s only for privacy policies. Imagine if you read terms of service and end user license agreements too… Of course, sometimes those include little hidden gems. Like the time a company put a clause in its EULA that the first person to read that clause and contact them would get $1,000. It only took four months for someone to actually spot it.
Filed Under: eula, privacy policy
Comments on “To Read All Of The Privacy Policies You Encounter, You'd Need To Take A Month Off From Work Each Year”
Hell I feel like I have to take the same amount of time to read the HOA agreements of the house I’m buying.
Seriously I would never get that $1000 but I found a lot of job offers in the HTML code of websites 🙂
Re: Re:
I haven’t seen any in HTML code yet, but I have seen a few in HTTP headers.
Re:
HOA’s are a lot like the coypright police. I got a ticket for bringing beer into my house.
Re:
That is what you get for living in the suburbs LoL
The ‘cancel’ button is useful many times with these. Then you can keep your money too.
I’m finding there are better ways to waste time than sit in front of a TV screen trying to figure out legalities of using new technology to watch/listen to Media.
And there are better ways to waste money than give it to these greedy media companies.
Get out. Buy a new bike, ride it, etc.
At least you really own it then.
I can understand the the need for nearly unreadable privacy policies of most sites in that there is NO way to keep people’s people’s data completely and totally private. Things like buggy code and too many people’s tendency to share far too much of their own information making it easy to trace or track them. But, as Mike says, the whole idea is to make it as permissive as possible so that some “helpful” employee doesn’t violate them.
That and they’re written up in dense legalese that satisfies judges, privacy commissioners and so on that they’re actually doing the minimum allowed by law.
They’re kinda like the parking stub that says they’ll rent you a space for a couple of hours but the owners of the lot aren’t responsible if someone drives off with your Jag.
Re:
Moving into a place with a HOA is a suckers bet. Gee let me have some ahole with nothing better to do than call the police because i put my trash out on Saturday because I was not going to be home on Sunday, or have some cop put a notice on my door because he thinks my grass is too high, or when they put no parking signs on a street that a fire truck could do a 3 point turn on, or they cut all the trees and grass on the hill behind me to make what my wife and myself called the ass-hill. Yeah, no thanks, if I wanted to be a renter I would still do so. Glad I sold that beautiful house in a communist community. Never again.
Companies don’t put up “we don’t take your privacy seriously at all and share all your data” in their privacy policy because then the rare visitors who bother to click on it would raise a stink.
Instead, they put up 50 pages of legalese that translates to: “we don’t take your privacy seriously at all and share all your data,” ensuring even the one in a million guy who’s actually bored enough to try to read it probably won’t understand a word.
Re:
It’s funny how some of these agreements make you scroll all the way to the bottom first, check the I accept checkbox, and click the next button before they allow you to continue. Since this is an attempt to ensure I actually read the agreement, the software must think I read really fast.
No one really reads these things. Maybe next time they can ensure a minimal amount of time elapses before I click the next button to ensure I’ve had time to actually read it. Then I can leave the screen and go get some tea while the time is elapsing and when the time has elapsed, I’ll come back and click next. Unless they figure out a way to make sure I’m not idle by ensuring mouse movement within the application. Then that would suck and I’ll have to figure a work around.
I cringe thinking about it, but perhaps there needs to be a bit of government regulation on what is required in a privacy policy.
All the more reason to have a real public privacy policy set by the government that all companies must abide by.
Not all are complex.
I feel the privacy policy on my personal site is one that many companies could emulate, copy, and, in the case of the RIAA and MPAA, steal.
http://xpda.com/junkmail/privacy.htm
(no rights reserved.)
Cue the trolls hatin’ on Fllor64 (Mike)’s own privacy policy…
Re:
From Snowcrash regarding the Gov and a similar idea:
“Y.T.’s mom pulls up the new memo, checks the time, and starts reading it. The estimated reading time is 15.62 minutes. Later, when Marietta does her end-of-day statistical roundup, sitting in her private office at 9:00 P.M., she will see the name of each employee and next to it, the amount of time spent reading this memo, and her reaction, based on the time spent, will go something like this:
Less than 10 mm. Time for an employee conference and possible attitude counseling.
10-14 min. Keep an eye on this employee; may be developing slipshod attittide.
14-15.61 mm. Employee is an efficient worker, may sometimes miss important details.
Exactly 15.62 mm. Smartass. Needs attitude counseling.
15.63-16 mm. Asswipe. Not to be trusted.
16-18 mm. Employee is a methodical worker, may sometimes get hung up on minor details.
More than 18 mm. Check the security videotape, see just what this employee was up to (e.g., possible unauthorized restroom break).
Y.T.’s mom decides to spend between fourteen and fifteen minutes reading the memo. It’s better for younger workers to spend too long, to show that they’re careful, not cocky. It’s better for older workers to go a little fast, to show good management potential. She’s pushing forty. She scans through the memo, hitting the Page Down button at reasonably regular intervals, occasionally paging back up to pretend to reread some earlier section. The computer is going to notice all this. It approves of rereading. It’s a small thing, but over a decade or so this stuff really shows up on your work-habits summary.”
There’s a business opportunity here for someone to monitor privacy statements, summarize them, and mobilize against the worst of them.
Re:
HOAs are not communist. They are Fascists. BIG difference.
Median
Wrong. Median is defined as exactly halfway between the minimum and maximum observed value. So, in this case, 3906.5 words, which I’d be much more likely to approximate as “around 4000 words” than as “around 2500 words”.
Mean is the average of all the values. It’s more likely that this is what was “around 2500 words”.
Mode is the individual number that comes up the most often.
If you had 99 copies of a document saying “the quick brown fox jumped over the lazy dog” and one document of 100,000 words, you’d have these values for word count statistics:
Median: 49,995.5
Mean: 1008.91
Mode: 9
Median
Hi! I’m a scientist who uses statistics every day.
The median is found by sorting all results, and picking the middle one.
If you had 99 copies of a document saying “the quck brown fox jumped over the lazy dog” and one document of 100,000 words, you’d have these values for word count statistics:
Median: 9
Mode: 9
Mean: 1008.91
“Around 2500 words” sounds like a very plausible median to me.
tl;dr Learn basic stats.
Median
You could probably learn the definition of median in a place like the U of Florida Computer Science Dept. Oh, wait…
Median
The median of a finite list of numbers can be found by arranging all the observations from lowest value to highest value and picking the middle one. If there is an even number of observations, then there is no single middle value; the median is then usually defined to be the mean of the two middle values.
Hi I make up definitions to words and attack you for not knowing the meaning of them
Re:
No thats what he gets for living somewhere with a HOA. Suburbs != HOA community
Median
You are wrong.
Creative Commons for Licensing?
Maybe standardization could help here. Most people don’t read the full-text of a CC license, but they might check out the “short” version or recognize the icons floating around.
But all in all, a hard problem. People’s privacy expectations on websites are informed by a mix of the UI design and their experiences with other websites. And the idea of being used over a misleading UI would terrify any designer.
Re:
Communists own the house and let you live in it as long as you behave. Fascists let you own the house, and let you live in it as long as you behave.
Re:
Where most of the HOA’s are located?
I see HOA’s as a symptom of the culture underlying the American society, one that believes everybody can be forced to comply if you push hard enough.
This is exactly why I don’t think the politics will change anytime soon because to change them you need to change the culture and that takes decades.
Those people truly believe they can mandate others to conform to all kinds of stuff, which in some cases is good but seriously most of the time is just bad.
Re:
the only problem is, in the USA you dont own you home or land, you rent it from the govt.
doubt my words, try not paying your property taxes for a few years, see what happens…..
sorry but in this country its getting more and more so you dont own anything, that you pay for the right to use it as long as the govt/big content see fit….
Median
well said.
I was going to correct the poster myself but you did it quite well.
my method of avoiding my personal info being given out is to give it as rarely as possible.
I have followed this policy since the 90’s when i first got online, and will continue even if they make it illegal(as some people would like)
owning houses
You don’t own properties in the UK in a sense either, technically you lease it for 128 years.
It’s about time that a universal, standard privacy policy is developed that sites can all use.
Re:
You could get the USB mouse jiggler http://www.amazon.com/WiebeTech-30200-0100-0011-MOUSE-JIGGLER/dp/B000O3S0PK
rofl
Re:
There actually are a few. It’s just that each country’s laws on privacy (if any) differ on specifics, yet none are required or compelled to follow that of another aside from their own.
Median
But the median is the middle observed value in the results, not the actual middle. If the inter quartile range was down in the 2500 word region (for the sake of argument between 1500 and 2800) and between there and 7669 words were just a few results, then the median could be significantly lower than 4000.
owning houses
WTF?
You’ve clearly never been to the UK, let alone bought a house here.
Response to: Overcast on Apr 23rd, 2012 @ 7:42am
i do in fact own one and hav much better things to do but ty so much for the explination and for letting me know you watch/fallow what we do in our home. good to know and ty again
I read some but not most