Privacy Policies Are Great — For PhDs 161
An anonymous reader writes "Major Internet companies say that they inform their customers about privacy issues through specially written policies. What they don't say is that more often than not consumers would need college undergraduate educations or higher to easily wade through the verbiage. BNET looked at 20-some-odd privacy policies from Internet companies that received letters from the House about privacy practices. The easiest to read policy came from Yahoo, at a roughly 12th grade level. Most difficult? Insight Communications, which at a level of over 20 years of eduction officially puts it onto IRS Code territory."
It's Quite Obvious Why They're At This Level (Score:5, Insightful)
And there's not a lot you can do about this, we're going to want to sue the pants off a bastard company if suddenly our name and address is being traded on a disc with 50,000 others on the black market. So they write these policies to be air tight and they use terms that have legal connotations because I'm sure the only time these things are scrutinized are in court anyway. And the second you take away that level of granularity, I'm sure you see yourself as a company open up to lawsuits.
Word length (Score:3, Insightful)
Yes, but it's 5000 words long. Who has time to read 5000 words?
From a lawyer's perspective... (Score:5, Insightful)
I really think something needs to be done about this, because 99.9% of people don't read lengthy EULAs and privacy policies simply because they are too long, boring, and difficult to understand, yet we are agreeing to conditions we probably would never agree to if we knew about them. Perhaps a law stating that the policies must be written at a sixth grade level, use small and non-legal words wherever possible, and come with a 1-page summary of the major rights. I think that would be a fantastic idea.
This is news ...Why? (Score:4, Insightful)
Um, as far as I can understand, privacy policies are there for legal reasons, written in legalese to give them a quasi-legal basis for defending their policies.
Unless you're a lawyer or have a lawyer present each and every time you agree to a privacy policy (assuming you even agree to it, most are just implied to "work"), then it's basically just embedded, textual bullshit to somehow protect the company from lawsuits.
I seriously doubt that a privacy policy would stand up very well in court, unless the judge is completely in the dark on matters of technology, in which case it's simply a matter of presenting the test case as a physical contract and seeing how it would stand up, or limiting the amount of power a privacy policy holds on a public website.
Disclaimer: IANAL
and they're only published in english (Score:3, Insightful)
Once this is taken into account is it any surprise that the vast majority of web users simply click "I agree" to anything they see
BIG NEWS!!! (Score:5, Insightful)
My Ph.D. finally pays off! (Score:3, Insightful)
I knew I was making those student loan payments for SOMETHING.
And, given my experience working with the typical American, it would be impossible to dumb down anything enough for most of them to understand anyway. When I was in college, I took educated friends and co-workers for granted. When I came out into the "real world" it was a bit of culture shock to realize that the vast majority of real people not only don't have college degrees, but also read at about a "See Dick run" level.
Comment removed (Score:5, Insightful)
Re:From a lawyer's perspective... (Score:5, Insightful)
They're mandated by the Children's Online Privacy Protection Act (COPPA).
There's also no reason for them to be hard to read. See, for example, the FTC's privacy policy: http://www.ftc.gov/ftc/privacy.shtm [ftc.gov]
Unfortunately, with Internet T&C, there are a few times where the requirements to be legally binding are at odds with being readable to the layman. For example, if you want to disclaim the implied warranty of merchantability, you generally need to put that disclaimer in all-caps and specifically mention that warranty. But, "Warranty of Merchantability" is really a term of art, and a lay person may not understand what it means.
But, absent those times, the fact that a websites T&C are hard to read is really a problem with the lawyer not drafting them for the appropriate audience. Sometimes that comes from the site operator, who doesn't want to be billed for the extra legal time.
That said, I'm not a big fan of your suggested law -- that's a lot of money spent on documents that nobody really reads. More often than not a typical user who slogged through the T&C will conclude "Yeah, that's about what I expected."
Funny story: my kid signed up for the Ty Beanie Baby on-line service. At the end of the sign-in process (which was clearly intended for children to read), there was a cartoon character that said "Be sure to read the terms and conditions and click accept!" The T&C were in a separate scrolling 4-line text box, and was written in absurd legalese. I have no idea how Ty things that's going to be binding.
Re:It's Quite Obvious Why They're At This Level (Score:5, Insightful)
So we need some standardisation for EULAs, just like foods must list their ingredients in some standard way.
Analyze the available EULAs, 90% of it boils probably down to the same few terms.
Make a list of these terms, label each with a descriptive short name, and maybe a symbol.
Then make a regulation that companies must use those labels if they want to describe terms equivalent to those labels in their EULA.
Every year, make a survey of EULAs to find parts that are not covered by any existing label to find wich new labels need to be added to the system.
Discourage companies from using terms not covered by labels, for example by a tax.
If this leads to mass lawsuits, fix the laws.
You don't need to read much. (Score:1, Insightful)
Just read the part that says "No matter what this privacy policy says, we reserve the right to change any part of it in any way at any time without any notice to anyone, and the new policy will automatically and instantly apply to anyone who ever agreed to any other privacy policy we have ever had" and the part that says "we absolutely positively guarantee that we will not share any of your information in any way with anyone ever, except our business partners, which we define as 'anyone who gives us money'".
Every privacy policy I have ever bothered to read contained both of those provisions. With those in place, why bother reading the rest?
Re:Writing quality... (Score:3, Insightful)
Have you met many recent graduates? I'd say "eduction" sits right up there with the current requirements for a Bachelors :(.
Face it, Masters is the new Bachelors and Bachelors is the new High School diploma.
Can someone explain this to me? I live in the U.S. now, but grew up elsewhere, and I don't get how the university system works here.
When I went through university (outside the U.S.), I studied science: computer science, physics, calculus, etc. My friends who were doing anthropology or commerce studied, well, anthropology and sociology, or accounting and economics and so forth. There seemed to be an implicit assumption that the basics of reading and writing and history and anything else outside of your core degree were, you know, taught at school before you got to university. University was supposed to be where you studied a more specialized course of study.
So how the heck does the U.S. get to the point where, so far as I can tell, pretty much all university students are required to study basic history, or politics, or who knows what else that has nothing to do with their core course of study? (And I haven't even started on the whole "changing majors" yet.) If you haven't learned enough of those fundamentals by the time you're in an institution of higher learning, then what have you been doing at school for the last 12 years and how diluted has the value of that bachelor's degree now become?
Re:From a lawyer's perspective... (Score:4, Insightful)
Because let's face it, if everyone knew that Slashdot's privacy policy allows them to sell your email address and first born child (just kidding!), no one would sign up on the site
You mean you didn't create a once off, disposable email address for the purposes of registering? There's a bin for your geek card on the left as you leave the building, thanks!
On a more serious note, Slashdot is probably one of the few forums of its size where a significant number of members would be able to figure out exactly who leaked/sold thier email addresses, and it probably wouldn't take too many people pointing fingers at SF for doing such a thing before they started leaking subscribers. There's a difference between having no legal recourse and being helpless.
Re:Word length (Score:5, Insightful)
Actually, in most case (although not a legal document, even an illegal legal document like a EULA) the lower the education level needed to read, the more intelligent the writer.
For example, Isaac Asimov's books are written at roughly an eighth grade level, and his nonfiction still managed to educate intelligent, learned people. He was actually called "the great educator". Dr. Asimov held a PhD in biochemistry and taught and did research at (IIRC) Boston University. Asimov was a very intelligent man with a great imagination, and was one hell of a writer.
OTOH I read a paper once by some dimwit PhD who used the word "enumerate" five times in a single paragraph without once using the word "count". Writing like this is intended to obfuscate rather than illuminate, and its sole purpose is usually to impress you with how intelligent the moron is.
In a EULA the obfuscation's purpose is obviously to make you think the damned people won't use your personal information when in fact it actually says the opposite. These people are just slimy.
The thesaurus entry for obfuscate says bewilder, blur, cloud, confuse, darken, dim, garble, hide, muddle, obscure, perplex, puzzle. None are exact synonyms, so sorry; I'm not smart enough to convey this information well.
Re:It's Quite Obvious Why They're At This Level (Score:3, Insightful)
I disagree slightly, while yes their should be a legalese version which is the default, the EULA is an end user license agreement, not a end user lawyer agreement.
It is there specifically for the end user to understand his and her rights with regards to the software the user purchased. Unless software manufacturers expect us all to retain lawyers to purchase our software and products for us, the EULA should be in plain, easily readable to any high school student English (that last bit brings up other issues on the quality of the education system but thats an argument for another day)
Re:It's Quite Obvious Why They're At This Level (Score:1, Insightful)
In some countries an EULA is not even legal and most of them are written for US law. Well, many countries have different laws and if you don't like that, then you should not make the software available there from your website.
Dear houghi:
Your post, #24872527, has violated the laws of the island nation of Madeupexamplia, specifically section #328, subsection 2 that requires all messages to include a translation in Madeupexamplish, the national language of Madeupexamplia. If you do not have the resources to translate your post into Madeupexamplish, you should not make your posts available there via the Slashdot website. If you persist in making your posts available in Madeupexamplia without including a Madeupexamplish translation, you may be subject to fines and/or other penalties. Thank you for your consideration in this matter.
Sincerely,
Someguy Madeupexamplton
Minister of Language Enforcement, Madeupexamplia
Madeupexamplish translation follows:
Blah blah blah...
Re:This is news ...Why? (Score:4, Insightful)
Um, as far as I can understand, privacy policies are there for legal reasons, written in legalese to give them a quasi-legal basis for defending their policies.
All contracts and contractual condutions are. Because in an ideal world they will never be used at all, because both parties have understood what the other party expected of them and are behaving accordingly. Those written things called contracts and conditions and licenses and stuff are there if something goes wrong, to actually define the scope and the limits of the contract or license or whatever.
But exactly because they are defining scope and limits, each party has to actually understand what they are defining as scopes and limits. So yes, on the one hand they are written for the lawyers to sort things out afterwards if something derails. But at first they should give the parties of the contract an idea what behaviour is actually expected of each of them. So it has to be understandable by the signing parties at first, and usable for lawyers as a second thought.
Re:College Education != Intelligence (Score:3, Insightful)
Comment removed (Score:3, Insightful)
Re:Writing quality... (Score:3, Insightful)
Am I the only one who thought that IRS Code territory is actually pretty simple. Pretty much a bunch of 4th grade arithmitic with some logic operators. Disclaimer: I only have ever had to work on my personal taxes, not corporate taxes.
Re:It's Quite Obvious Why They're At This Level (Score:4, Insightful)