Proposed Law: Privacy Policies Must Be Less Than 100 Words (Says 336 Word Bill)
from the lawyers-are-not-good-at-being-brief dept
I've stated in the past, that the whole concept of "privacy policies" is a failed concept. No one reads them, those who do read them don't understand them, and most people incorrectly think that if you have a privacy policy, it means you keep information private. That's not the case. Since the only way you get into legal trouble is by violating your privacy policy, the incentives are totally screwed up: sites have the incentive to make their privacy policies as broad as possible, allowing them to do as much as possible. Since users think any privacy policy means they're safe, then the "ideal" privacy policy is one that says "we don't care about your privacy, we give away or sell all your data, and we laugh all the way to the bank" (more or less). The user thinks their data is secure, while the site has nothing to worry about since they won't "violate" the policy.And, yet, politicians still seem to focus on privacy policies, as if they're a legitimate replacement for actually doing something to protect privacy. In pointing out how silly privacy policies are, a year ago, we noted that you'd need to take a month off from work each year to actually read all the privacy policies you encounter on a normal basis. It appears that California Assemblymember Ed Chau has a solution to all of this (as pointed out by Eric Goldman): just pass a law that requires all privacy policies to be less than 100 words. Seriously.
This bill would require the privacy policy to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.While I'm all for having things like terms of service and privacy policies be more simplified, I still don't see how it's particularly useful to legislate this. Also, lawyers aren't exactly known for their ability to be pithy. Having worked on a couple of privacy policies with lawyers in the past, finding someone who can get such a policy under 100 words would be very, very tricky.
And, not to be snarky or anything, but the text of the law itself (removing the digest explanation and preamble) clocks in at 336 words. So... if your law saying that all privacy policies must be under 100 words can't be written in under 100 words, perhaps you've highlighted the problem with your own law.
Filed Under: 100 words, california, privacy, privacy policies
