For a while there was a big push to get corporations to make sure they had a privacy policy online. So what did they do? They went to their lawyers, who wrote up the most carefully worded, legalistically confusing, hedge-filled privacy policy they could come up with. Almost no one reads most of these things - and the people who do, don't understand what they're reading. So, is it any surprise really that most people are confused by online privacy policies? The scariest finding is that many people believe that if a company has a privacy policy in place (no matter what it says), then they must not sell or trade their personal information. In other words, companies could put together a privacy policy that says "we will take your information and sell it to the highest and lowest bidder - as well as everyone in between" and most people will think their information is being kept private because there's a "privacy policy" in place. The folks behind the study are suggesting that more sites adopt a plan to translate their privacy policies into the P3P format that almost no one is using. At the very least that would give people a more standardized way of determine what's being done with their info. The problem is that this is just too confusing for most people. They don't understand what P3P is, and they don't want to know. They just want their data protected.