Does It Really Matter How Complex Privacy Policies Are?
from the not-really dept
Filed Under: complexity, privacy, privacy policies
Comments on “Does It Really Matter How Complex Privacy Policies Are?”
Privacy policies, EULAs… It’s all legalese and, let’s face it, who wants to read legalese unless they’re a lawyer, right?
Recently I’ve even come across software where you actually had to scroll down to the end of the EULA before the Next button was enabled. Clever trick, but except for the very first time when I was stumped for a good 10mins., now it’s just become one more (irritating) step in the routine.
So while readability does indeed make a difference and following the KISS principle would make it more likely to be read, I’m not too sure what can be done about the fact that we all seem to be in a tearing hurry nowadays for some reason…
It might be nice if they were intended to inform the user first but,
I think that most privacy policies are written to cover the website owner’s @rse first and inform their hapless audience second.
It doesn’t matter how complex they are as long as it helps some judge to decide that X did enough to inform the user that X was selling email addresses to the highest bidder.
I completely agree. I try to read the privacy agreements b/c I want to make sure they’re not throwing in some killer clause. But most of the time it’s a bit of a pain. I just assume they’re going to sell my contact info and then just wait for GMail to let me mark it as spam.
Honestly, I’d feel safer agreeing something that said,
“We value your privacy while using our service. However, we do need to make money because we’re giving you a free service and the only way to do that is to sell some bits of personal information like First name, Last name, Email address only. Because we value your privacy, you have the option (below) to NOT allow your personal information to be shared with third-party services. You can change your options at anytime from your Account preferences. Thanks for understanding and realizing we need to make a buck or two to keep this service free…otherwise we’d be charging you…and you wouldn’t really keep using it if it wasn’t free, now, would you? We thought so.
Check to keep your personal information (name and email) safe
It is a classic corporate “dirty trick”.
RE: a better solution
Like everything else in the Internet world privacy must be regulated by a an arbitrary and agreed upon standard. Think of DNS spoofing. In order to stop man in the middle attacks and phishing companies like verisign popped up who were able to verify the validity of a web page. The next market segment seems to be privacy policies which are verified and certified by a third party.
Internet Education 101
And people wonder why they get tons of spam after signing up to one of these sites.
Note: Take the opposite approach to the quoted line above and you’ll be alright.
Companies realize that your private information is valuable and now the company has another revenue stream; selling your private information.
Be Ware, Beware, be afraid; there is no privacy.
Certainly some percentage start reading and give up, but I’d put my money on the majority not even trying to read it.
I think commenter Govy said it all. The only thing I can add is if EULAs and Privacy Statements are not on purpose written to be hard to understand – and I think that is true – maybe we should blame the reading level of the average user, which is, in turn, a vilification of the education system, insofar as the proper teaching of the English language.
This is a bit off topic, but having several foreign co-workers and having been a military linguist I am fairly confident that the vast majority of native American English speakers drench their speech in colloquialism and jargon to the point of making much of what they say ambiguous, albeit understandable to fellow native speakers.
In other words, we have allowed our language to diverge from what we now call “legalese.”
Until There's Something Better
We should absolutely be looking for a better solution, but while it’s likely that technology will provide it, law still has a place.
The policy is primarily for the protection of the web site or service provider and only secondarily for the user, and in that they are useful.
If privacy policies are a relic of the legal system, what are possible solutions to protecting user privacy (assuming that’s a goal) or at least informing users about what information is collected and what is done with it?
“I think that most privacy policies are written to cover the website owner’s @rse first and inform their hapless audience second.”
yep! So if no one reads them and they aren’t really good for anything until a site gets big enough to sue BASED on them if a violation occurs (and let’s see someone try and prove it in 90% of the cases) what are they good for?
Most sites on the web don’t make any or much money. So if they violate their own “policy” what real recourse does the offended party have?
Privacy policies are governed in good part by contract law. Contract law is a two-way street. Just as banks, web administrators and software vendors can communicate to visitors/customers what they assert to be the legal terms, customers can communicate back!
In principle, contract law does not favor either businesses or customers/users. As the future of privacy law unfolds, individuals may be able to use contract law to assert their legal terms on other parties, such as search engines or advertisers. Why shouldn’t a consumer be able to broadcast what she expects to be the legally binding terms under which she does business? –Ben http://hack-igations.blogspot.com/2008/05/google-privacy-policy-terms-of-service.html My ideas are not legal advice for any particular situation; they are just ideas for public discussion.
Ben, I like your Idea, but the pessimist in me says it is more likely that Europe’s privacy laws will mirror America’s than vice versa.
For one thing the user is caught in a bind, they have nothing to bargain with besides their business and with current trends there is no real competition in terms of privacy standards, you either want to use their service badly enough that you sign or you go without.
complexity = uneforceable = problems
So, this may not mean much for users, but it should mean a lot to websites/companies and their attorneys who draft these things.
At least making them more understandable for people in general.
You got a point here!!