Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Businesses The Internet Technology

Privacy Policies Are Essentially Impossible To Understand, Study Finds (nytimes.com) 69

The data market has become the engine of the internet, and privacy policies we agree to but don't fully understand help fuel it. From a report: To see exactly how inscrutable they have become, I analyzed the length and readability of privacy policies from nearly 150 popular websites and apps. Facebook's privacy policy, for example, takes around 18 minutes to read in its entirety -- slightly above average for the policies I tested. Then I tested how easy it was to understand each policy using the Lexile test developed by the education company Metametrics. The test measures a text's complexity based on factors like sentence length and the difficulty of vocabulary. To be successful in college, people need to understand texts with a score of 1300. People in the professions, like doctors and lawyers, should be able to understand materials with scores of 1440, while ninth graders should understand texts that score above 1050 to be on track for college or a career by the time they graduate. Many privacy policies exceed these standards.

[...] The vast majority of these privacy policies exceed the college reading level. And according to the most recent literacy survey conducted by the National Center for Education Statistics, over half of Americans may struggle to comprehend dense, lengthy texts. That means a significant chunk of the data collection economy is based on consenting to complicated documents that many Americans can't understand. [...] Airbnb's privacy policy, on the other hand, is particularly inscrutable. It's full of long, jargon-laden sentences that obscure Airbnb's data practices and provides cover to use data in expansive ways. Things weren't always this bad. Google's privacy policy evolved over two decades -- along with its increasingly complicated data collection practices -- from a two-minute read in 1999 to a peak of 30 minutes by 2018.

This discussion has been archived. No new comments can be posted.

Privacy Policies Are Essentially Impossible To Understand, Study Finds

Comments Filter:
  • by Anonymous Coward on Thursday June 13, 2019 @05:14PM (#58758112)

    " Whereas, on or about the night prior to Christmas, there did occur at a certain
    improved piece of real property (hereinafter "the House") a general lack of
    stirring by all creatures therein, including, but not limited to a mouse.

    A variety of foot apparel, e.g. stocking, socks, etc., had been affixed by and
    around the chimney in said House in the hope and/or belief that St. Nick a/k/a/
    St. Nicholas a/k/a/ Santa Claus (hereinafter "Claus") would arrive at sometime
    thereafter.

    The minor residents, i.e. the children, of the aforementioned House, were
    located in their individual beds and were engaged in nocturnal hallucinations,
    i.e. dreams, wherein vision of confectionery treats, including, but not limited
    to, candies, nuts and/or sugar plums, did dance, cavort and otherwise appear in
    said dreams.

    Whereupon the party of the first part (sometimes hereinafter referred to as
    "I"), being the joint-owner in fee simple of the House with the parts of the
    second part (hereinafter "Mamma"), and said Mamma had retired for a sustained
    period of sleep. (At such time, the parties were clad in various forms of
    headgear, e.g. kerchief and cap.)

    Suddenly, and without prior notice or warning, there did occur upon the
    unimproved real property adjacent and appurtent to said House, i.e. the lawn, a
    certain disruption of unknown nature, cause and/or circumstance. The party of
    the first part did immediately rush to a window in the House to investigate the
    cause of such disturbance.

    At that time, the party of the first part did observe, with some degree of
    wonder and/or disbelief, a miniature sleigh (hereinafter the "Vehicle") being
    pulled and/or drawn very rapidly through the air by approximately eight (8)
    reindeer. The driver of the Vehicle appeared to be and in fact was, the
    previously referenced Claus.

    Said Claus was providing specific direction, instruction and guidance to the
    approximately eight (8) reindeer and specifically identified the animal
    co-conspirators by name: Dasher, Dancer, Prancer, Vixen, Comet, Cupid, Donder
    and Blitzen (hereinafter the "Deer"). (Upon information and belief, it is
    further asserted that an additional co-conspirator named Rudolph may have been
    involved.)

    The party of the first part witnessed Claus, the Vehicle and the Deer
    intentionally and willfully trespass upon the roofs of several residences
    located adjacent to and in the vicinity of the House, and noted that the Vehicle
    was heavily laden with packages, toys and other items of unknown origin or
    nature. Suddenly, without prior invitation or permission, either express or
    implied, the Vehicle arrived at the House, and Claus entered said House via the
    chimney.

    Said Claus was clad in a red fur suit, which was partially covered with residue
    from the chimney, and he carried a large sack containing a portion of the
    aforementioned packages, toys, and other unknown items. He was smoking what
    appeared to be tobacco in a small pipe in blatant violation of local ordinances
    and health regulations.

    Claus did not speak, but immediately began to fill the stocking of the minor
    children, which hung adjacent to the chimney, with toys and other small gifts.
    (Said items did not, however, constitute "gifts" to said minor pursuant to the
    applicable provisions of the U.S. Tax Code.) Upon completion of such task, Claus
    touched the side of his nose and flew, rose and/or ascended up the chimney of
    the House to the roof where the Vehicle and Deer waited and/or served as
    "lookouts." Claus immediately depa

  • by rsilvergun ( 571051 ) on Thursday June 13, 2019 @05:19PM (#58758128)
    all your data will be sold at the drop of a hat if you so much as buy a drink from a lemonade stand.

    Frankly I don't care. I've said it before, but as an American I've got bigger fish to fry. Healthcare (not universal here), the drug war, the 8 real wars, stagnant wages, Gerrymandering & Voter Suppression. Privacy is so far down the list of worries for me it doesn't even register.
    • Yeah. Privacy policies tend to be very straightforward. You don't have it, and you give permission for them to do anything with your data.
    • by mjwx ( 966435 )

      all your data will be sold at the drop of a hat if you so much as buy a drink from a lemonade stand.

      Frankly I don't care. I've said it before, but as an American I've got bigger fish to fry. Healthcare (not universal here), the drug war, the 8 real wars, stagnant wages, Gerrymandering & Voter Suppression. Privacy is so far down the list of worries for me it doesn't even register.

      You have my sympathies.

      But I live in a place where a right to privacy is a real thing. For years now, privacy policies have been unenforceable and definitely not a legal defence if you've done something wrong with people's data. I could put in a privacy policy that by accepting this brick though your window I take possession of your first born.

      Regardless of whatever privacy policies I consent to, you will still fall foul of the law (GDPR in my case) if you violate it.

  • Uh, yeah... (Score:5, Insightful)

    by timeOday ( 582209 ) on Thursday June 13, 2019 @05:22PM (#58758134)
    The libertarian "freedom of contract" ideal is a big farce. One side is a team of lawyers with nothing better to do than constantly re-write lengthy, arcane contracts in their own best interest; the other is an individual offered "take it or leave it" terms on every necessary good and service a dozen times per day. A big farce.
    • by AmiMoJo ( 196126 )

      GDPR has a nice fix for this. The user has to be informed in order to consent. If the privacy policy is too complex for an average person to understand, any consent obtained is void.

  • Privacy policies are basically meaningless, and contrary to both the Canadian Constitutional Right of Privacy (which is literally enumerated, unlike in the UK and the US), and to various State Constitutions, like that of Washington State.

    The more complex and unreadable you make it, the more likely a sound and wise court is to strike privacy policies down.

    Adapt or die.

    • }}} The more complex and unreadable you make it, the more likely a sound and wise court is to strike privacy policies down. {{{ --- I've not seen that.
  • Great. So they have met their desired goal.
  • /sarcon But it's free, so there is no cost, right? Free! Besides, who wants to know about little old me? My life is so boring and dull. /sarcoff
  • Fuck You Very Much, and Have A Nice Day.

    TL; DR - You get what you pay for.

  • Have you read your insurance policies lately? Car--homeowners--health--commercial liability? I haven't. It's all meaningless abstraction. There are no examples--they're taken for granted, all buried in mountains of case books known as "common law," which is, naturally, hidden behind a paywall. If you had just one concrete example for each paragraph, all that abstract language would immediately crystallize into a reality; and the document would become a series of tiny narratives that people might actually en
  • by ripvlan ( 2609033 ) on Thursday June 13, 2019 @08:16PM (#58758754)

    What's there to understand? They respect our privacy until it gets leaked. And it will be leaked or stolen...and the only recourse is for them to say "we're so sorry - we take your privacy/security seriously" Pessimistic self says - this is what always happens. So privacy policy be damned. Those who steal it offer no policy.

      I rarely read them - certainly not to the end. I like to know if they have big stated plans for my data, like sell it etc.

    I use the platform, they use me. we all win.

  • They're supposed to be inscrutable. After all, they're just:

    We completely own anything and everything that you do with our program/platform.
    We give you very limited rights to transmit and share _our _ pictures, text, and sound, until we don't.
    We don't owe you anything, ever.
    If our stuff breaks other stuff you have or otherwise malfunctions, too bad.
    If some word or phrases are found to be invalid in a court of law, don't worry -- the other words and phrases become more mandatory and will easily co
  • You have no privacy. The policy is a lie. It's not that they're impossible to understand, they're impossible to verify. It's best to simply not believe them.

  • by Anonymous Coward

    Written in dense legalese.

    Basically says we value your privacy, very much. So much that we use your data for all sorts of things including stuff you and we haven't imagined yet, but all of which has value - to us, who are selling it.

    You can't change what we do with your data (except, possibly, as provided by law in a few locations, but don't worry we're lobbying hard to change that).

    To the extent possible, you waive the applicability of such law.

    Thanks you very much for your data.

    Oh, and like with our TOS,

  • I'm part of a non-profit team developing a Privacy Label. It's like a one page summary of your privacy policy.

    www.privacylabel.org [privacylabel.org]

    The goals are:
    - Non-judgemental. It's not a label that judges whether a company or project is ethical. It just aims to summarize.
    - Open source. Feel free to implement it. Feel free the change the visual style to match your website's style.

    It's still in development, but if you're interested in being an early adopter or tester please let us know.

  • Here is the short, comprehensible version:

    Bend over.

  • by nagora ( 177841 ) on Friday June 14, 2019 @02:04AM (#58759648)

    Which is why we're going to sell it for cash.

  • by Opportunist ( 166417 ) on Friday June 14, 2019 @05:20AM (#58760012)

    Privacy policies are not supposed to be understood by the user, they're supposed to cover the company's ass.

  • 1) We own everything you do on the site forever, including deleted posts, posts you typed and then didn't submit, and how long your mouse hovered over ads. No taksie-backsies.

    2) We'll do whatever we want with it. So will whatever soulless megacorp buys our assets out of bankruptcy.

    3) You can't sue us, you have to go to "binding arbitration" which is a process where you pay $1500 for some guy who isn't a judge to tell you you're wrong about the law.

    There, done.

  • Most common issue I see is a company with a number of different products and services will post a single privacy policy where it becomes impossible to disambiguate what is or is not applicable to any one specific product or service.

  • We all know it's just a bunch of words that say we don't have any privacy. We all know there is no real alternative. So why NOT agree?

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...