Privacy Policies Are Essentially Impossible To Understand, Study Finds (nytimes.com) 69
The data market has become the engine of the internet, and privacy policies we agree to but don't fully understand help fuel it. From a report: To see exactly how inscrutable they have become, I analyzed the length and readability of privacy policies from nearly 150 popular websites and apps. Facebook's privacy policy, for example, takes around 18 minutes to read in its entirety -- slightly above average for the policies I tested. Then I tested how easy it was to understand each policy using the Lexile test developed by the education company Metametrics. The test measures a text's complexity based on factors like sentence length and the difficulty of vocabulary. To be successful in college, people need to understand texts with a score of 1300. People in the professions, like doctors and lawyers, should be able to understand materials with scores of 1440, while ninth graders should understand texts that score above 1050 to be on track for college or a career by the time they graduate. Many privacy policies exceed these standards.
[...] The vast majority of these privacy policies exceed the college reading level. And according to the most recent literacy survey conducted by the National Center for Education Statistics, over half of Americans may struggle to comprehend dense, lengthy texts. That means a significant chunk of the data collection economy is based on consenting to complicated documents that many Americans can't understand. [...] Airbnb's privacy policy, on the other hand, is particularly inscrutable. It's full of long, jargon-laden sentences that obscure Airbnb's data practices and provides cover to use data in expansive ways. Things weren't always this bad. Google's privacy policy evolved over two decades -- along with its increasingly complicated data collection practices -- from a two-minute read in 1999 to a peak of 30 minutes by 2018.
[...] The vast majority of these privacy policies exceed the college reading level. And according to the most recent literacy survey conducted by the National Center for Education Statistics, over half of Americans may struggle to comprehend dense, lengthy texts. That means a significant chunk of the data collection economy is based on consenting to complicated documents that many Americans can't understand. [...] Airbnb's privacy policy, on the other hand, is particularly inscrutable. It's full of long, jargon-laden sentences that obscure Airbnb's data practices and provides cover to use data in expansive ways. Things weren't always this bad. Google's privacy policy evolved over two decades -- along with its increasingly complicated data collection practices -- from a two-minute read in 1999 to a peak of 30 minutes by 2018.
Night Before Christmas In Legalese (Score:5, Funny)
" Whereas, on or about the night prior to Christmas, there did occur at a certain
improved piece of real property (hereinafter "the House") a general lack of
stirring by all creatures therein, including, but not limited to a mouse.
A variety of foot apparel, e.g. stocking, socks, etc., had been affixed by and
around the chimney in said House in the hope and/or belief that St. Nick a/k/a/
St. Nicholas a/k/a/ Santa Claus (hereinafter "Claus") would arrive at sometime
thereafter.
The minor residents, i.e. the children, of the aforementioned House, were
located in their individual beds and were engaged in nocturnal hallucinations,
i.e. dreams, wherein vision of confectionery treats, including, but not limited
to, candies, nuts and/or sugar plums, did dance, cavort and otherwise appear in
said dreams.
Whereupon the party of the first part (sometimes hereinafter referred to as
"I"), being the joint-owner in fee simple of the House with the parts of the
second part (hereinafter "Mamma"), and said Mamma had retired for a sustained
period of sleep. (At such time, the parties were clad in various forms of
headgear, e.g. kerchief and cap.)
Suddenly, and without prior notice or warning, there did occur upon the
unimproved real property adjacent and appurtent to said House, i.e. the lawn, a
certain disruption of unknown nature, cause and/or circumstance. The party of
the first part did immediately rush to a window in the House to investigate the
cause of such disturbance.
At that time, the party of the first part did observe, with some degree of
wonder and/or disbelief, a miniature sleigh (hereinafter the "Vehicle") being
pulled and/or drawn very rapidly through the air by approximately eight (8)
reindeer. The driver of the Vehicle appeared to be and in fact was, the
previously referenced Claus.
Said Claus was providing specific direction, instruction and guidance to the
approximately eight (8) reindeer and specifically identified the animal
co-conspirators by name: Dasher, Dancer, Prancer, Vixen, Comet, Cupid, Donder
and Blitzen (hereinafter the "Deer"). (Upon information and belief, it is
further asserted that an additional co-conspirator named Rudolph may have been
involved.)
The party of the first part witnessed Claus, the Vehicle and the Deer
intentionally and willfully trespass upon the roofs of several residences
located adjacent to and in the vicinity of the House, and noted that the Vehicle
was heavily laden with packages, toys and other items of unknown origin or
nature. Suddenly, without prior invitation or permission, either express or
implied, the Vehicle arrived at the House, and Claus entered said House via the
chimney.
Said Claus was clad in a red fur suit, which was partially covered with residue
from the chimney, and he carried a large sack containing a portion of the
aforementioned packages, toys, and other unknown items. He was smoking what
appeared to be tobacco in a small pipe in blatant violation of local ordinances
and health regulations.
Claus did not speak, but immediately began to fill the stocking of the minor
children, which hung adjacent to the chimney, with toys and other small gifts.
(Said items did not, however, constitute "gifts" to said minor pursuant to the
applicable provisions of the U.S. Tax Code.) Upon completion of such task, Claus
touched the side of his nose and flew, rose and/or ascended up the chimney of
the House to the roof where the Vehicle and Deer waited and/or served as
"lookouts." Claus immediately depa
Re: (Score:2)
I know you probably just got that from the internet somewhere but that was actually pretty great for something so very off-topic.
Re: (Score:2)
Hot damn that's a terrifying bit of bloat.
What's not to understand (Score:5, Insightful)
Frankly I don't care. I've said it before, but as an American I've got bigger fish to fry. Healthcare (not universal here), the drug war, the 8 real wars, stagnant wages, Gerrymandering & Voter Suppression. Privacy is so far down the list of worries for me it doesn't even register.
Re: (Score:3)
Re: What's not to understand (Score:2)
Re: (Score:3)
all your data will be sold at the drop of a hat if you so much as buy a drink from a lemonade stand.
Frankly I don't care. I've said it before, but as an American I've got bigger fish to fry. Healthcare (not universal here), the drug war, the 8 real wars, stagnant wages, Gerrymandering & Voter Suppression. Privacy is so far down the list of worries for me it doesn't even register.
You have my sympathies.
But I live in a place where a right to privacy is a real thing. For years now, privacy policies have been unenforceable and definitely not a legal defence if you've done something wrong with people's data. I could put in a privacy policy that by accepting this brick though your window I take possession of your first born.
Regardless of whatever privacy policies I consent to, you will still fall foul of the law (GDPR in my case) if you violate it.
You need to reform contract law, not privacy (Score:2)
Uh, yeah... (Score:5, Insightful)
Re: (Score:3)
Typical Libertarian. Just showed the truth of my sig.
"I'm right, but I can't explain why". Morons, the lot of them. Perhaps idealists, too, but not smart enough to realize that their ideals are flawed.
Re: (Score:2)
GDPR has a nice fix for this. The user has to be informed in order to consent. If the privacy policy is too complex for an average person to understand, any consent obtained is void.
This is why Canada has strong Privacy (Score:2)
Privacy policies are basically meaningless, and contrary to both the Canadian Constitutional Right of Privacy (which is literally enumerated, unlike in the UK and the US), and to various State Constitutions, like that of Washington State.
The more complex and unreadable you make it, the more likely a sound and wise court is to strike privacy policies down.
Adapt or die.
Re: (Score:2)
Re: (Score:2)
Not since the World's Fair in Seattle.
Pay attention or soon our trained attack polar bears will stream south of the border (offer not valid in Alaska or Hawaii).
Privacy policiies are opaque... (Score:2)
And? (Score:1)
Let me summarize every EULA (Score:2)
Fuck You Very Much, and Have A Nice Day.
TL; DR - You get what you pay for.
And your insurance policy? (Score:2)
We respect your privacy (Score:3)
What's there to understand? They respect our privacy until it gets leaked. And it will be leaked or stolen...and the only recourse is for them to say "we're so sorry - we take your privacy/security seriously" Pessimistic self says - this is what always happens. So privacy policy be damned. Those who steal it offer no policy.
I rarely read them - certainly not to the end. I like to know if they have big stated plans for my data, like sell it etc.
I use the platform, they use me. we all win.
Re: Kill all the Lawyers and Judges (Score:2)
I prefer Mao's approach: Expropriate their wealth. Then parade them through town on wagons, wearing dunce caps. Encourage workers and peasants to throw rotten fruit at them. Observe thereafter the decimation of their class's _social_ power.
Privacy Policies Are Impossible (Score:2)
We completely own anything and everything that you do with our program/platform.
We give you very limited rights to transmit and share _our _ pictures, text, and sound, until we don't.
We don't owe you anything, ever.
If our stuff breaks other stuff you have or otherwise malfunctions, too bad.
If some word or phrases are found to be invalid in a court of law, don't worry -- the other words and phrases become more mandatory and will easily co
What's to understand? (Score:1)
You have no privacy. The policy is a lie. It's not that they're impossible to understand, they're impossible to verify. It's best to simply not believe them.
Same as Terms of Service (Score:1)
Written in dense legalese.
Basically says we value your privacy, very much. So much that we use your data for all sorts of things including stuff you and we haven't imagined yet, but all of which has value - to us, who are selling it.
You can't change what we do with your data (except, possibly, as provided by law in a few locations, but don't worry we're lobbying hard to change that).
To the extent possible, you waive the applicability of such law.
Thanks you very much for your data.
Oh, and like with our TOS,
Privacylabel.org (Score:2)
I'm part of a non-profit team developing a Privacy Label. It's like a one page summary of your privacy policy.
www.privacylabel.org [privacylabel.org]
The goals are:
- Non-judgemental. It's not a label that judges whether a company or project is ethical. It just aims to summarize.
- Open source. Feel free to implement it. Feel free the change the visual style to match your website's style.
It's still in development, but if you're interested in being an early adopter or tester please let us know.
Oh, come on. It's trivial. (Score:2)
Here is the short, comprehensible version:
Bend over.
We value your privacy (Score:3)
Which is why we're going to sell it for cash.
Works as designed (Score:3)
Privacy policies are not supposed to be understood by the user, they're supposed to cover the company's ass.
How hard can it be? (Score:2)
1) We own everything you do on the site forever, including deleted posts, posts you typed and then didn't submit, and how long your mouse hovered over ads. No taksie-backsies.
2) We'll do whatever we want with it. So will whatever soulless megacorp buys our assets out of bankruptcy.
3) You can't sue us, you have to go to "binding arbitration" which is a process where you pay $1500 for some guy who isn't a judge to tell you you're wrong about the law.
There, done.
Needle in haystack (Score:2)
Most common issue I see is a company with a number of different products and services will post a single privacy policy where it becomes impossible to disambiguate what is or is not applicable to any one specific product or service.
This is why we always click "I Agree" (Score:2)
We all know it's just a bunch of words that say we don't have any privacy. We all know there is no real alternative. So why NOT agree?