Can We Just Admit That The Idea Of A 'Privacy Policy' Is A Failed Idea?
from the no-one-reads-it,-it's-meaningless dept
At our Insight Dinner Salon on Privacy the other night, I got into a conversation about privacy policies, and how silly the concept has become. At this point, it's commonly accepted that very, very few people ever read a privacy policy. Furthermore, there's this bizarre belief that a privacy policy actually means a company will respect your privacy. Studies have shown that people will say that if a site has a privacy policy, it means that the site will protect their data, even if the policy makes it clear that the site operator can spread your data far and wide. In fact, the incentives are to write a "privacy policy you can't violate," by having it state you can do whatever the hell you want with the data you collect. It's the "best of all worlds," in which users think (incorrectly) they're protected, because a "privacy policy" exists... and the companies who use them can't get in trouble because it says the company can do whatever they want.So forgive me for not being at all impressed with the Future of Privacy Forum complaining that so many mobile apps have no privacy policy. And things like the following statement don't do the FPF many favors:
FPF believes that a fundamental element of protecting the privacy of consumers using Apps is the availability of a readily-accessible, written privacy policy.Honestly, this feels like the requirement for a talisman, rather than a deeper look at the actual privacy issues (of which there are many) in the world today. Calling for more privacy policies doesn't really do anything to keep people's data more private. It's just something that can be done in the belief that it must help, even if there's scant evidence to support it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: privacy, privacy policies
Reader Comments
Subscribe: RSS
View by: Time | Thread
My new credit card company
Hmm. Wonder what terms they'll change to get their £billion stake back.
The new privacy policy was online as a PDF so I read it.
There were three sections in effect
- the ways we collect your data relating to you
- the uses it can be put to
- the groups of people we can share it with
And if you take the worst from each category and make a sentence it would read something like
We gather tons of data including every transaction you ever make and your IP address whenever you connect to our site,
and we use this for any purpose that in our view helps our business, and we may share it with absolutely anyone it suits us to share it with.
As an exercise I tried to copy the worst bits, stitch them together with a few "..." between and paste into an email back to their customer service dept and ask them to clarify.
But the PDF of their terms is not possible to copy from. I tried it lots of ways. In the end I thought maybe I'd print it to another PDF then copy from that. But CutePDF couldn't print it (weird error).
When they put that much effort into stopping you quoting their privacy policy in an email, it HAS to be time to move on !
[ link to this | view in chronology ]
Re: My new credit card company
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Binds when "I Agree" is clicked
+3 Time Wasting
+5 Social Networking
+8 "Productivity"
+24 Angry Bird Levels
+24 Bikini Wallpaper
-14 Actual Working
-7% Available Storage Space
Requirements:
Level 30 or higher
Classes: Wizard, Dark Elf, Early Adopter, Charlatan/Middle Manager
Equip: Sends personal geodata along with A/S/L to ChatRoulette, Groupon & Foursquare. Auto-generates unbeatable deals on mutually pleasurable adult bookstore items/Mother's Day Cards.
Cannot be unequipped. All data collected is the sole property of Apple, Disney and 4chan.
[ link to this | view in chronology ]
Intuit's Cumbersome Privacy Policy
Well, by the way it is structured, Intuit makes it complicated for the consumer to opt-out. First when when updating/upgrading there is NO indication that your prior privacy selection would remain in effect. Strike 1.
Second, when opting out, you have to re-enter all the information that you previously entered (from the act of registration and from prior years). Strike 2.
Third, when you opt out there is a confusing message concerning whether you would continue to actually receive valid program updates. I assume that Intuit wants you to believe that by opting out of marketing junk mail that you would no longer receive program updates. Strike 3.
Computers are supposed to make live easier by eliminating the necessity to re-certify your preferences and by eliminating the need to re-enter duplicate data. I assume that Intuit is abusing computer technology in the hopes that people won't re-certify their decision to opt-out.
On the positive side, I have not been receiving any spam from Intuit.
[ link to this | view in chronology ]
Re: Intuit's Cumbersome Privacy Policy
[ link to this | view in chronology ]
As a general rule of thumb, the longer the policy is, the more nasties are in it. They need all the extra words to have a hiding place for those nasties.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
:)
[ link to this | view in chronology ]
Re:
"A periodic gathering of people of social or intellectual distinction"
So, reading the first sentence, "At our...." Can somebody say EGO!!!!
[ link to this | view in chronology ]
Changing privacy policies
[ link to this | view in chronology ]
Privacy policies
[ link to this | view in chronology ]
Re: Privacy policies
[ link to this | view in chronology ]
south park
Basically Steve Jobs wanted to make the most advanced piece of technology possible - an iPad/iPhone that can also read and walk. He sews 3 subjects together from mouth to anus a la The Human Centipede, and attaches an iPhone to the head of the first guy and an iPad on the ass of the last guy.
But still he is unable to get the device to read his EULA.
I know, EULA and privacy policy are completely different but I just lump it in with documents that you're told you must read but aren't expected to.
[ link to this | view in chronology ]
Adobe's EULA and Privacy Policy
To Griff's comment - I had a similar experience with Adobe, described here: http://paymentsjournal.com/Blogs/Mercator_Blog/Adobe_%28and_Other_Un-named_Offenders%29__I_Expect_Be tter/
This focuses on Flash, but I repeated the exercise with Acrobat Reader, with similar outcomes. Why worry? The disclosure PDF format is either not printable or not savable...and yes, says they can do virtually anything. Nearly every bank and financial co. uses Acrobat to format your downloadable bank statements. Is that safe and private? Who knows?....Does the bank take responsibility? Not at all.... So - if consumers DO try to read those policies, they get nowhere. I hope the evolution of the technology will lead to better, clearer choices for consumers.
[ link to this | view in chronology ]
that's an outrage....
[ link to this | view in chronology ]
Privacy Policies are a good first step
We (the Future of Privacy Forum - FPF) are agreed that privacy policies are a failure as a consumer communication tool.
That is why we helped pioneer the use of privacy icons on the internet, particularly with online advertising.
But a privacy policy is a must for any sort of accountability as privacy enforcement is limited unless a company has made a public formal commitment that the FTC can hold them to. And as all of us who have drafted privacy policies know, the process of doing so forces you to actually map in detail practices that you may not have otherwise fully documented.
And until you know what you are doing, you can't possibly start to communicate about it.
So creating a privacy policy is step ONE.
Of course you can't stop there, you need to figure out how to communicate the key elements to users.
For many mobile apps today, that isn’t easy, given space constraints and the fact that the mobile platforms manage some key parts of the process.
For example, Apple and Android properly ensure that Apps don’t obtain user location without giving affirmative consent. However, since Apple and Google manage this process, an application developer (in the application) doesn’t have an easy way to explain until later why the application wants location and what it will do with it.
We believe that lots of work to be done here.
So when applications do have privacy policies, FPF will come back and assess how well they are doing at taking the key points and communicating them clearly to the user.
The FTC has just kicked off a new look at its Dot Com Disclosures for Advertising guidance so they are following this issue closely and are in particular looking at apps and the mobile space.
So don’t wait for our next survey! Our new site for developers, www.applicationprivacy.org, should provide some assistance.
Feedback is much appreciated.
Shaun Dakin
Fellow
The Future of Privacy Forum
Application Privacy Project
[ link to this | view in chronology ]