People Don't Read Privacy Policies... But Want Them To Be Clearer
from the sounds-good-to-me dept
We already know that people don't read online privacy policies and often (falsely) assume that if there's any such privacy policy it means their data is safe. There are, of course, even questions as to whether or not a privacy policy is even valid if no one reads it. Still, many consumer and privacy activists continue to act as if the privacy policy is a key aspect of online privacy. In fact, regulators in both the UK and the US seem to be admitting no one reads privacy policies, but demanding they are improved anyway. Specifically, a study done by regulators in the UK shows that 71% of people don't read privacy policies, but 62% want them clearer.Now, you could make the argument that the reason people don't read privacy policies is because they are too confusing and not at all clear. And, there's something to be said for simplifying privacy policies. To be honest, I'm surprised no one has come up with a Creative Commons-like standard setup for privacy policies (pick and choose a few attributes, have nice images, and make it all clear in a single link). However, it seems to be focused on the wrong issue. It seems likely that the uselessness of privacy policies has a lot more to do with the fact that people don't care (or they don't believe any privacy policy, no matter how clear) or that they think no matter what the privacy policy is, it won't matter once the data is leaked or the company changes its policy. So rather than focusing on creating better privacy policies, shouldn't the focus be on what companies actually do rather than what they say they do?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: complexity, privacy, privacy policies
Reader Comments
Subscribe: RSS
View by: Time | Thread
Most people don't read criminal laws either
[ link to this | view in chronology ]
Anything more complicated than that is, people assume, cunningly-written legalese for "This looks like we're saying we don't own your stuff, but we really do. Suckers."
Legalese is pretty much at the point where it's easier to guess what it says without reading it at at all and rely on an "I could not have possibly understood this, I am not a lawyer and I'm not a Swede; you wouldn't be allowed to tell me my rights in Swedish, so nobody should be able to tell me their policies in Legalese and expect me to understand those either" defense.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Privacy Policies
What might be needed is a HIPA for the Internet. where you must do as you say and can't just change things when the company changes owners. Or debt load. Where there is a cost if you do not do what is right.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Gobbley Gook
Anyway they all read: We respect your privacy so we will sell/give/rent/trade or whatever your personal information to anyone who asks (pays) so that they can send you even more junk mail. Oh, by the way, if the personal information that we sold to some unknown entity is used to "steal" your identity, it isn't our fault since you failed to sign-up and pay for this protection even though we said that we "protect" your data.
What also gets me, if you want to opt-out of having your information broadcast to the world, these companies make it purposely difficult. If privacy/security really mean something, the trading/selling/renting of data that a company collects should be made illegal.
[ link to this | view in chronology ]
Certification System
1. Completely Private
2. No Personally Identifiable Info
3. Sign Up for Spam Here!
This way, once you were familiar with the certifications, you would not have to spend 30 minutes readin through legal jargon.
[ link to this | view in chronology ]
"In fact, regulators in both the UK and the US seem to be admitting no one reads privacy policies...." also nonsense - ehat they actually said was that 71% did not read or understand privacy policies, not understanding is clearly not the same as not reading, and lets face it even the genius Masnicks don't understand them.
"...uselessness of privacy policies has a lot more to do with the fact that people don't care..." typical of the Masnicks - big business should be free to do what ever it wants without interference because nobody cares anyway.
[ link to this | view in chronology ]
Re:
Hardly anyone read that. A very small amount of people did, took a misleading excerpt and blew it out of proportion all over the blogosphere (do people even use that term anymore...). Basically, most people read a tiny portion of the changes and started freaking out, because they thought Facebook was going to start selling user-content.
"'In fact, regulators in both the UK and the US seem to be admitting no one reads privacy policies....' also nonsense - ehat they actually said was that 71% did not read or understand privacy policies, not understanding is clearly not the same as not reading, and lets face it even the genius Masnicks don't understand them."
They're interrelated. You don't read them because they're overly long and difficult to understand. You have to muddle through a bunch of ambiguous garbage to understand any of the basic concepts. I make an effort to skim through them and get what I can, but that's more than I can say for most people I know. I mean, I think it's safe to say most people don't even read instruction manuals unless they're absolutely stuck, and those usually are much easier to read (and often come with pretty pictures!)
"'...uselessness of privacy policies has a lot more to do with the fact that people don't care..." typical of the Masnicks - big business should be free to do what ever it wants without interference because nobody cares anyway."
That's not what Mike was saying; you're taking it out of context. It's ironic how you insult his ability to grasp things when you can't even grasp the simple things he's saying. What he's saying is privacy policies are rendered useless when no one cares to navigate through them, or don't trust that the company is going to hold true to the policy anyway.
[ link to this | view in chronology ]
may YOU don't
[ link to this | view in chronology ]
Privacy Policies, A Neccessary Evil?
Second thing, the free internet in all its wonder, is made possible by advertising. Advertising, while annoying sometimes, is arguably, not very harmful, and our surveys show that users prefer relevant advertising.
[ link to this | view in chronology ]
Re: Privacy Policies, A Neccessary Evil?
That is what they want you to believe. In truth, the only ones that are being held to the "contract" are the users.
These EULAs and TOSs are just a means for the corps to justifiy their bad behavior. If you continue to use their service, then you have implicitly agreed to their terms. This is unconscionable and therefore not binding.
[ link to this | view in chronology ]
it has been done
The PDF: http://netzpolitik.org/wp-upload/data-privacy-icons-v01.pdf
[ link to this | view in chronology ]
Privacy-Iconset Beta
as mentioned in the comment above, I already proposed this idea 2007 and heard afterwrds that Mary Rundle (former Harvard/Bergman-Center, now Oxford) propsed already in 2004.
We restarted working on it!
A small Kick-off-Meeting will take place, as a workshop, on the conference "Privacy OpenSpace" in beginning of April in Berlin. Here the preperation / overview:
https://www.privacyos.eu/wiki/index.php/PrivacyRightsAgreements
We have mailinglist for this circle, feel free to contact me with any question or support you may have concerning this project:
wetterfrosch@einmachglas.info
Best,
Matthias
[ link to this | view in chronology ]
Re: Privacy-Iconset Beta
http://bendrath.blogspot.com/2007/05/icons-of-privacy.html
And other receiptions, as in this english-speaking blog:
http://konrad.foerstner.org/2007/06/google-privacy-again-and-how-to-improve-privacy-communi cation/
[ link to this | view in chronology ]
Facebook
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Dig Deeper
[ link to this | view in chronology ]
[ link to this | view in chronology ]