Earlier this month The New York Times published an interactive data-filled article on privacy policies titled "We Read 150 Privacy Policies. They Were an Incomprehensible Disaster."
He tested how easy it was to understand each policy based on factors such as sentence length and vocabulary. Of the sites featured in the article, the BBC's policy was the easiest to understand (although more than 3,000 words). These were among the hardest: CNN, GoDaddy, Walt Disney, Hulu, and M.L.B. (Major League Baseball).
Here's an example Litman-Navarro offered from the BBC's clear policy:
We have to have a valid reason to use your personal information. It's called the ‘lawful basis for processing.’ Sometimes we might ask your permission to do things, like when you subscribe to an email. Other times, when you'd reasonably expect us to use your personal information, we don't ask your permission, but only when: the law says it's fine to use it, and it fits with the rights you have.
Litman-Navarro measured the readability of the first chapter of some classic texts to compare them to the privacy policies. His data shows that:
- Immanuel Kant’s demanding Critique of Pure Reason is easier to read than lots of companies' privacy policies, among them Crunchyroll, Baidu, Zoom, CNN, GoDaddy, Walt Disney, Hulu, and M.L.B.
- Charles Dickens's Great Expectations is easier to read than all but Craiglist's and the BBC's policies.
- Harry Potter and the Sorcerer's Stone is easier to read than all of them.
He also graphed policies by their reading levels, and he shows that the majority of privacy policies–like those of Chase, Citi, eBay, Yelp, Shopify, Apple, and UPS–exceed college reading level.
Litman-Navarro writes that "A significant chunk of the data collection economy is based on consenting to complicated documents that many Americans can’t understand."
But do we have to consent to them? I'm trying my best to reject them.
I had a similar experience last month with Avis. I had wanted to rent a car from them because they listed hybrid cars as an option. But Avis insisted that I acknowledge having read a 13-page 4,270-word policy to create an account. I declined and kept my original National car rental reservation, despite National's not having hybrids. I've probably agreed to National's policy in the past, but I'm not going to do this anymore–not unless I have to do it to get what I need.
When companies start offering clear, concise, well-organized, and well-formatted privacy policies whose reading is optional, I'll start clicking yes. But until then, I'm going to avoid companies that make me work too hard to be their customer–or who expect the impossible of me.
How do you feel about privacy policies? Do you read them? Do you click to agree and pretend to have read them?
I think that's a good start. How about you?
Enroll in my online, self-study course Business Writing Tune-Up to write policies worth reading.