20 Hours a Month Reading Privacy Policies 161
Barence sends word of research out of Carnegie Mellon University calling for changes in the way Web sites present privacy policies. The researchers, one of whom is an EFF board member, calculated how long it would take the average user to read through the privacy policies of the sites visited in a year. The answer: 200 hours, at a hypothetical cost to the US economy of $365 billion, more than half the financial bailout package. Every year. The researchers propose that, if the industry can't make privacy policies easier to read or skim, then federal intervention may be needed. This resulted in the predictable cry of outrage from online executives. Here's the study (PDF).
Re:Solution: Standardized policies (Score:5, Informative)
Wasn't that the idea behind P3P [wikipedia.org]
Re:Solution: Standardized policies (Score:3, Informative)
But nobody was proposing that they regulate anything new. The proposal was that they make a set of standard licenses available, not that they enforce them.
Re:fp (Score:2, Informative)
Ozphx makes a well balanced critique of the Cowards work.
A must read, two thumbs up.
The ultimate agreement (Score:2, Informative)
"End User License Agreement
EndUserAgreementText"
Well, at least I guess there is no significant legal risk in accepting it.
I sent a mail asking if they could not simply remove the license agreement, since it was even clearer than usual that it did not serve any useful purpose. To my surprise, they actually took the time to write a personal reply and explain why they needed to have it. Apparently, the original text was lost in a site update.
According to their mail, over 2000 new users had joined since the text was lost, and I was the first one to notice. I'm not sure how much legal weight these agreements actually have.
Privacy policies aren't legally enforcable anyway (Score:4, Informative)
The Bush administration tried to broker a compromise allowing Toysmart.com to sell their database as long as it was to a company in the same industry. One of the shareholders in Toysmart.com didn't want to be responsible for that decision so he bought the database himself and destroyed it. No precedent was set and the Bush administration hasn't tried to prosecute anyone for violation of privacy policy since.