Current Insight Community Cases

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Navigating The New Business World After This Recession

Shut Us Up

-- For Only $100 Million

Brought to you by Floor64 and the Techdirt crew.

stories filed under: "privacy policies"
Politics

Politics

by Mike Masnick

Tue, Feb 17th 2009 11:22pm

Share This


Filed Under:
complexity, privacy, privacy policies



People Don't Read Privacy Policies... But Want Them To Be Clearer

from the sounds-good-to-me dept

We already know that people don't read online privacy policies and often (falsely) assume that if there's any such privacy policy it means their data is safe. There are, of course, even questions as to whether or not a privacy policy is even valid if no one reads it. Still, many consumer and privacy activists continue to act as if the privacy policy is a key aspect of online privacy. In fact, regulators in both the UK and the US seem to be admitting no one reads privacy policies, but demanding they are improved anyway. Specifically, a study done by regulators in the UK shows that 71% of people don't read privacy policies, but 62% want them clearer.

Now, you could make the argument that the reason people don't read privacy policies is because they are too confusing and not at all clear. And, there's something to be said for simplifying privacy policies. To be honest, I'm surprised no one has come up with a Creative Commons-like standard setup for privacy policies (pick and choose a few attributes, have nice images, and make it all clear in a single link). However, it seems to be focused on the wrong issue. It seems likely that the uselessness of privacy policies has a lot more to do with the fact that people don't care (or they don't believe any privacy policy, no matter how clear) or that they think no matter what the privacy policy is, it won't matter once the data is leaked or the company changes its policy. So rather than focusing on creating better privacy policies, shouldn't the focus be on what companies actually do rather than what they say they do?

19 Comments | Leave a Comment..

 
Legal Issues

Legal Issues

by Mike Masnick

Wed, Feb 4th 2009 3:06pm

Share This


Filed Under:
breaches, privacy, privacy policies, recourse



What Should Be The Legal Recourse In Cases Of Privacy Policy Breaches?

from the big-questions dept

Privacy is an interesting issue -- where a lot of people have opinions on it that don't match up with either how they act or with what the law actually says. People say privacy is important to them, but then are very open about private things, even to the point of giving out all sorts of private info if someone gives them anything (chocolate, a pen, nothing at all). Yet, at the same time, if you talk to people about privacy, they talk about how important it is, and make silly demands about privacy policies, even though no one actually reads the policies, and assume (incorrectly) that if a site has any privacy policy, it means they'll keep the data completely private.

And, of course, we see privacy breaches on an all too regular basis. They've become a lot more noticeable over the last few years, as new rules required disclosure, but there are still questions about what it means if a company breaches its privacy policy. The traditional recourse has been one free year of credit monitoring service (if the breach included info that could be used for identity fraud). However, there have been some lawsuits over the matter, and as Ethan Ackerman and Eric Goldman discuss, the courts have been very reluctant to reward any damages to those who were "victims" of privacy breaches if there's no clear monetary loss.

This leads to a series of interesting questions. Congress has considered at times creating privacy legislation that could potentially include statutory damages for privacy breaches (and there are a few ideas for such legislation floating around with lobbyists). The problem with this, though, is that in some cases breaches really are inevitable -- and including a monetary reward could clearly (as Goldman notes) "overcompensate the victim or overdeter the defendant." That could have pretty significant unintended consequences, including significantly limiting the availability of certain services as companies don't want to take on the potential liability. At the same time, without any chance of monetary damages, there's a question about leaving little in the way of incentives for companies to actually take privacy seriously.

There's something to be said for the fact that a privacy breach does have a negative reputational impact on the companies who violate people's privacy, but it's reaching a point of saturation, where so many people's private info has been breached so often, that many people don't even register who's involved each time the latest breach comes along. So, it's not clear that there's a really good answer here -- though, I'm sure some folks in the comments will have some strong opinions. Should there be monetary awards for privacy breaches? Should Congress create a privacy law?

17 Comments | Leave a Comment..

 
Overhype

Overhype

by Mike Masnick

Mon, Sep 8th 2008 11:35pm

Share This


Filed Under:
complexity, privacy, privacy policies



Does It Really Matter How Complex Privacy Policies Are?

from the not-really dept

Slashdot points out that a recent study of various privacy policies shows that most are at an extremely high reader level, in some cases ridiculously high. Of course, this is used to suggest that people don't understand the privacy policies they read -- but that's been known for years. But the issue has little to do with the policies themselves, because no one tends to read them, no matter how readable (or not) they are. In fact, many people falsely assume that the very presence of any policy means that their privacy is safe. So, even if a site has a privacy policy that says "you have no privacy, and we'll reveal all your data to whoever pays top dollar," people won't read it and will assume that a site will keep their data private. That's because people assume that any privacy policy means the site takes privacy seriously, even if that's not the case. Given that, it doesn't really matter how readable the privacy policy is, people aren't going to read it and aren't going to pay attention to what it says if they do read it. It seems like privacy policies, in general, are simply a relic of a legal system, rather than anything actually useful. Instead of focusing on the readability of privacy policies, shouldn't we be looking for a better solution altogether?

18 Comments | Leave a Comment..

 
Too Much Free Time

Too Much Free Time

by Mike Masnick

Mon, Jul 7th 2008 8:22am

Share This


Filed Under:
aclu, eff, hype, privacy, privacy policies, privacy theater

Companies:
google



Don't You Feel Safer Now That Google Added A Link To Its Privacy Policy?

from the phew! dept

One of the more idiotic accusations thrown at Google of late was this idea that it was somehow a problem that it didn't link directly to its privacy policy from its home page. It had a privacy policy. That privacy policy was easy to find. Almost no one actually reads its privacy policy -- but a bunch of privacy groups who surely had more important things to spend their time on got all upset that Google refused to link from its front page. It appears that Google has now given in and agreed to link to the privacy policy, oddly removing the word "Google" from its copyright notice and replacing it with a link to the privacy policy.

Perhaps more idiotic is the response from a bunch of privacy groups claiming that this somehow makes a difference. It doesn't. It's privacy theater. It looks good, but it means nothing. People still won't read the privacy policy -- and even if they did, they probably wouldn't even remember what it said. Where a privacy policy is linked from a website is meaningless compared to what a company actually does to take the privacy of its users seriously. Getting up in arms over whether or not Google links to the privacy policy from its front page is a joke. And, oh yeah, some are noticing that just linking to the privacy policy probably does not fulfill the legal obligation required by California's law on linking to privacy policies. Perhaps these "privacy advocate" groups have something else to complain about now.

28 Comments | Leave a Comment..

 
News You Could Do Without

News You Could Do Without

by Mike Masnick

Wed, Jul 2nd 2008 6:11am

Share This


Filed Under:
marketing, privacy policies



Marketing Execs And Privacy Execs Disagree Over What Companies Do With Private Info

from the data-leaks dept

We've already established that privacy policies are pretty much useless, no matter how much some organizations want to pretend they matter. First off, no one reads them -- and if you asked most people, they simply assume that if a site has any privacy policy then it automatically means they won't give away any personal details to others -- even if the privacy policy says exactly the opposite. In other words, someone could put up a privacy policy that says that it will reveal all your personal data to organized criminals, and most people would think that the site was safe. It's "privacy theater" designed to make people feel good, but that has nothing to do with real privacy.

And, of course, it's not just the people reading the policies that don't seem to understand them -- it's those in charge of living up to and enforcing the policies. A new study surveyed a bunch of executives, including both marketing execs and those in charge of enforcing the privacy policy, and quickly discovered that marketers have a very different concept of "privacy" than privacy officers. Not surprisingly, they don't see anything wrong with sharing all sorts of data that seems to horrify privacy officers. So, no matter who controls the policy (or where it's posted on a site), the real issue may be who actually has access to the data and what they're able to do with it.

12 Comments | Leave a Comment..

 
Overhype

Overhype

by Mike Masnick

Wed, Jun 4th 2008 8:01am

Share This


Filed Under:
aclu, eff, hype, privacy, privacy policies, privacy theater

Companies:
aclu, eff, google



Privacy Groups Miss The Point: It's Not Where Google's Privacy Policy Is, It's What It Does

from the focusing-on-the-wrong-thing dept

Last week, we wrote about the ridiculous concerns being raised by a few privacy advocates that (gasp!) Google doesn't include a link to its privacy policy on the front page. This seemed like a really pointless concern since almost no one reads these privacy policies anyway, and those who do often misunderstand the policy anyway. Besides, there are plenty of companies out there that don't even abide by their own privacy policies. In other words, the real issue isn't where the privacy policy is, but whether or not the company actually keeps its promises and treats its users' data properly.

And yet... a bunch of consumer and privacy groups, including ones I respect like the EFF and the ACLU are now trying to turn this into a big deal by publicly demanding that Google add a link to its privacy policy on its home page. This isn't about privacy. This is "privacy theater." It's about putting on a good show that has nothing to do with whether or not Google is doing right by its users. If there's a link to Google's privacy policy on its front page or not, it won't change what Google does with users' info, and it almost certainly won't change the way anyone (other than maybe these groups) view Google. It's all a big show for no reason. There are plenty of important causes that these groups should be working on. Worrying whether or not Google links to its privacy policy from its front page or one page deep is silly pandering.

27 Comments | Leave a Comment..

 
Overhype

Overhype

by Mike Masnick

Wed, May 28th 2008 7:38am

Share This


Filed Under:
privacy, privacy policies

Companies:
google, network advertising initiative



Does Anyone Really Care Where Google Places Its Privacy Policy?

from the isn't-it-more-important-what's-in-it? dept

In the past, we've discovered that most people don't read a website's privacy policy, and many (incorrectly) assume that as long as a site has a privacy policy, then it means that the site will keep their info private -- even if the policy is to say the exact opposite. Basically, what this means is privacy policies are almost entirely meaningless. Yet, some still think they're important for show. Even more than that, they think that where you put the privacy policy matters. And that's put Google into a bit of a bind, as it tries to join the Network Advertising Initiative, a trade group that sets standards relating to how companies collect data for advertising purposes. The problem is that one of the NAI's principles is that the proper thing to do is put a link to your privacy policy on the homepage -- something that Google refuses to do. Google, of course, takes the look and feel of its front page rather seriously, and refuses to clutter it with anything it feels is unnecessary (other than the copyright notice, which was added after tests showed people didn't know if the page had finished loading).

All in all this seems like a totally pointless debate. As Google points out, if you want to find Google's privacy policy from the front page, the easiest thing to do is type "google's privacy policy" into the search box and you'll get there fast enough. Luckily, it looks like the NAI will likely relent and allow Google to join. However, isn't it about time that a trade group like this actually focused on things that mattered -- such as what's actually in a privacy policy, or whether companies live up to it (or whether users care), rather than where the privacy policy is linked?

15 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Friday

1:49am: Winner Takes All, Long Tails And The Fractilization Of Culture (10)

Thursday

10:37pm: The Lobbyists' Ability To Control The Message (29)
8:11pm: In Going Free, London Evening Standard Doubles Circulation While Slashing Costs (26)
6:10pm: Senate Exploring Med School Profs Putting Names On Ghostwritten Journal Articles In Favor Of Drugs (22)
4:52pm: What Does It Say When A Comedy Show Does More Fact Checking Than News Programs? (56)
3:33pm: Nordic Music Week: Optimism Galore And Found Songs (11)
2:10pm: Would Top Sites Really Opt-Out Of Google Based On A Microsoft Bribe? (37)
12:57pm: Intel Lawyers Again Go Too Far In Trademark Bullying (22)
11:43am: Mandelson Wants Gov't To Have Sweeping Powers To Protect Copyright Holders (40)
10:47am: Once Again, Walmart Stops People From Printing Family Photos Due To Copyright Law Claims (42)
9:39am: Essayist Writes Popular Essay... Then Sends 'Non-Negotiable' Invoice To Church Who Posts It Online (59)
8:23am: ASCAP, BMI And SESAC Continue To Screw Over Most Songwriters: 'Write A Hit Song If You Want Money' (78)
7:07am: Kicking People Off The Internet Not Enough In South Korea, Copyright Lobbyists Demand More (26)
5:33am: Are The Record Labels Using Bluebeat's Bogus Copyright Defense To Avoid Having To Give Copyrights Back To Artists? (42)
3:53am: Larry Magid Calls For News Tax To Fund Failing Newspapers (29)
1:35am: Judge Says 'There's An Ad For That...' And It's Ok For Now (14)

Wednesday

11:01pm: Oh Look, Some Police Do Know How To Use Craigslist As A Tool (8)
8:43pm: Netherlands The Latest To Propose Mileage Tax That Requires GPS For Tracking Driving (30)
6:40pm: Spain Says Broadband Is A Basic Right (12)
4:22pm: Entertainment Industry Wants More People To Know About OpenBitTorrent Tracker (25)
3:00pm: It's The TSA, Not CSI: Actions Limited To Security, Not Crime Investigation (25)
1:49pm: The More Innovative You Are, The More You Get Sued; Yet Another Patent Lawsuit Over Shazam (7)
12:36pm: Oh No! Nobody Reads! Oh No! It's Too Cheap For Everyone To Read! (18)
11:15am: We See Your 'Copyright Contributes $1.5 Trillion' And Raise You 'Fair Use Contributes $2.2 Trillion' (17)
9:55am: Cable Industry Joins MPAA In Asking FCC To Allow Them To Stop Your DVR From Recording Movies (45)
8:44am: Sony Pictures Having Its Best Box Office Year Ever... Still Blaming Piracy For Killing The Business (38)
7:30am: Jenzabar Finds 'Expert Witness' Who Will Claim Google Relies On Metatags, Despite Google Saying It Does Not (38)
5:52am: China Says Microsoft Violates IP With Windows, Bars Sales (26)
4:01am: Don't Post Comments On StlToday.com Or They Might Tell Your Boss (46)
1:50am: Recording Industry Making It Impossible For Any Legit Online Music Service To Survive Without Being Too Expensive (45)
More arrow
Quick Links
Close
E-mail It