Read Your Dense Privacy Policy? No, I’ll Go Elsewhere

Earlier this month The New York Times published an interactive data-filled article on privacy policies titled "We Read 150 Privacy Policies. They Were an Incomprehensible Disaster."

Author Kevin Litman-Navarro performed several analyses. For example, he timed the minutes it took him to read a privacy policy. Craigslist's policy took the shortest amount of time, around 3 minutes, with Indeed's and Airbnb's policies taking the longest–nearly 35 minutes. (If you can access the NYT article, moving your cursor over the dots reveals the company names.) 

NYT Privacy Policies

He tested how easy it was to understand each policy based on factors such as sentence length and vocabulary. Of the sites featured in the article, the BBC's policy was the easiest to understand (although more than 3,000 words). These were among the hardest: CNN, GoDaddy, Walt Disney, Hulu, and M.L.B. (Major League Baseball). 

Here's an example Litman-Navarro offered from the BBC's clear policy:

We have to have a valid reason to use your personal information. It's called the ‘lawful basis for processing.’ Sometimes we might ask your permission to do things, like when you subscribe to an email. Other times, when you'd reasonably expect us to use your personal information, we don't ask your permission, but only when: the law says it's fine to use it, and it fits with the rights you have.

Compare this 98-word snoozer of a sentence, which I plucked from Airbnb's privacy policy: 

For text messaging in the United States, by requesting, joining, agreeing to, enrolling in, signing up for, acknowledging, or otherwise consenting to receive one or more text messages (“Opting In”) or using a Airbnb arrangement in which Airbnb sends (or indicates that it may send, or receives a request that it send) one or more text messages (“Text Message Service”), you accept these SMS Terms for U.S. (“SMS Terms”), consent to the handling of your personal information as described in the Airbnb Privacy Policy, and agree to resolve disputes with Airbnb as described in our Terms of Service.

Litman-Navarro measured the readability of the first chapter of some classic texts to compare them to the privacy policies. His data shows that: 

  • Immanuel Kant’s demanding Critique of Pure Reason is easier to read than lots of companies' privacy policies, among them Crunchyroll, Baidu, Zoom, CNN, GoDaddy, Walt Disney, Hulu, and M.L.B. 
  • Charles Dickens's Great Expectations is easier to read than all but Craiglist's and the BBC's policies.
  • Harry Potter and the Sorcerer's Stone is easier to read than all of them. 

He also graphed policies by their reading levels, and he shows that the majority of privacy policies–like those of Chase, Citi, eBay, Yelp, Shopify, Apple, and UPS–exceed college reading level.

Litman-Navarro writes that "A significant chunk of the data collection economy is based on consenting to complicated documents that many Americans can’t understand."

But do we have to consent to them? I'm trying my best to reject them. 

For instance, the other day while making a reservation online for a favorite Seattle restaurant, I tried using the restaurant's new reservation service, Resy. I was directed to read a privacy policy of 4,622 words and click a link to acknowledge having read it. Nope. Not going to do it! I'm not going to read a 4,622-word policy, and I'm not going to pretend I read it–not for a restaurant reservation. I called the restaurant and reserved a table in a nice conversation with a human being. I let the restaurant know that I'm not going to deal with Resy and its required privacy policy.  

I had a similar experience last month with Avis. I had wanted to rent a car from them because they listed hybrid cars as an option. But Avis insisted that I acknowledge having read a 13-page 4,270-word policy to create an account. I declined and kept my original National car rental reservation, despite National's not having hybrids. I've probably agreed to National's policy in the past, but I'm not going to do this anymore–not unless I have to do it to get what I need. 

When companies start offering clear, concise, well-organized, and well-formatted privacy policies whose reading is optional, I'll start clicking yes. But until then, I'm going to avoid companies that make me work too hard to be their customer–or who expect the impossible of me. 

How do you feel about privacy policies? Do you read them? Do you click to agree and pretend to have read them?

Litman-Navarro suggests that this is what a good privacy policy would look like: 

A good privacy policy would help users understand how exposed they are: Something as simple as a list of companies that might purchase and use your personal information could go a long way towards setting a new bar for privacy-conscious behavior. For example, if you know that your weather app is constantly tracking your whereabouts [a NYT link] and selling your location data as marketing research, you might want to turn off your location services entirely, or find a new app.

I think that's a good start. How about you?

Enroll in my online, self-study course Business Writing Tune-Up to write policies worth reading. 

Lynn
Syntax Training

 

10 COMMENTS

  1. I try reading these from time to time, call it a penance. But I soon lose focus and find my mind drifting away to memories of less torturous endeavors. What’s the old saying, why use ten words when a ten thousand will do? All the same, I get the gist of their intent and think we should call these incomprehensible disasters what they are, surveillance policies.

  2. I agree with other commentators here. I may glance at a privacy policy, immediately get bored trying to read it, then click that I read it and move on. It is too convenient to do things online rather than making calls, and I assume that all of my information is already being shared anyway – in the age of social media and the Google monster of an organization, assuming privacy of any kind for any information in a digital device is probably naive. Instead, I try to minimize what I do share, but the truth is that I have no idea what kind of private information is out there in cyberspace about me.

  3. Hi Ellen, George, Peter, and Patty,

    Thanks for thinking about this topic and sharing your ideas. Here’s a little more of my thinking:

    The main reason I’m avoiding these policies is not privacy. It’s that I hate the idea of clicking to acknowledge that I read and accept something when I haven’t and I don’t. It seems phony to do so, and it allows companies to be shoddy with their communication, shoddy in ways that they cannot be in their other customer communications. I don’t want to be complicit in this sham when I don’t have to. When I have to, I’ll mutter a curse and click Accept.

    Lynn

  4. What a noble idea, a privacy policy I could agree or disagree based on my understanding of what I read. The problem is that I would be so limited on my ability to work if I did not agreed even without reading or understanding. If I take your stand I would not be able to use Windows or Apple products and so many others. My question is, Is the privacy agreement useful at all?

  5. Carlos, yes, it ‘s a crazy, noble idea. I’m trying it out selectively to see how much it hurts.

    Is the privacy agreement useful at all? To the companies that publish it, yes. Litman-Navarro, the author of the piece I quoted, himself quoted Jen King, the director of consumer privacy at the Center for Internet and Society. She wrote:

    “These are documents created by lawyers, for lawyers. They were never created as a consumer tool.”

    I’m going to keep thinking about this topic.

    Lynn

  6. Lynn,

    You make an excellent point. The companies are being shoddy, and to the detriment of the consumer, no question.

    I enjoy taking a hard stance based on principles as well. In this case, for my own (lazy?) convenience, I’ll leave it to you to hold the ground. Thank you for that, and good luck! Keep us posted 🙂

  7. I recently started doing business with Forever.com and since this is a cloud photo storage website, I did read the privacy policy and the terms/conditions. I was so surprised (and pleased) to see that the “dumbed down” the usual complicated wording by adding very simple sentences to explain what all the legalese said. Satisfied the lawyers, and me. I had never seen this style before and immediately thought “why do more companies not do this?” See the set up here: https://www.forever.com/privacy

  8. Amy, thanks for sharing your story and this good example. I like the simple, clear Overview section provided on the right.

    Sometimes it IS important to read and understand the terms and conditions. Good thing Forever.com made that possible.

    Lynn

LEAVE A REPLY

Please enter your comment!
Please enter your name here