Why No One Reads (And Never Will Read) Privacy Policies

Because of all the high-profile breaches of information around shady privacy policies associated with mobile apps and Google’s public relations trouble with their recently updated, one-ring-to-r...
Why No One Reads (And Never Will Read) Privacy Policies
Written by

Because of all the high-profile breaches of information around shady privacy policies associated with mobile apps and Google’s public relations trouble with their recently updated, one-ring-to-rule-them-all privacy policy, it’s beginning to feel like “privacy policy” will be the internet meme of 2012 that nobody laughed at. Still, every time a new story concerning a privacy policy breaks, I never fail to think back to one of the more gruesome yet hilarious episodes of South Park: ‘HUMANCENTiPAD.’

In typical South Park fashion, the episode does a masterful job of skewering both companies that produce these epic tomes that they call a privacy policy – in this case, Apple – and the naive consumers who never bother to read these privacy policies and just click “Agree” to get on with it – in this case, Kyle. During the episode (*SPOILER ALERT* if you’re really that worried about being spoiled), Kyle innocently agrees to Apple’s policies and inadvertently commits himself to volunteer as a participant in the company’s next revolutionary device: the HUMANCENTiPAD. If you’ve brushed shoulders with pop culture in the past couple of years, I don’t feel like I need to explain what that means. If you need clarification for what this particular kind of fate entails, I suggest you refer to the internet.

While the episode is a shocking yet poignant admonishment to all of us who mindless agree to anything and everything without really vetting the policies that will directly affect us, a new report was released recently that concludes if we really wanted to try to read every single privacy policy associated with all the websites we visit, we would need an entire month off of work in order to fully read every document. Since nobody really has that much time disposable vacation time saved up to devote to such a task, we’re all probably lucky we haven’t ended up as some middle segment to some sinister iDevice yet.

The analysis, which was conducted by Aleecia M. McDonald and Lorrie Faith Cranor, who are both researchers at Carnegie Mellon, found that in order for the average person to completely read every privacy policy accompanying the websites they visit, the person would need to spend about 250 working hours each year, or about 30 full working days, to finish the herculean task.

The researchers selected the 75 most popular websites that had privacy policies ranging from 144 words to a stupefying 7,669. They assumed that people would read the privacy policies at 250 words per minute, which is on the low end of the general average that people read in order to comprehend a text. However, the analysis doesn’t seem to take into account that into account that this also isn’t prose that people are reading. The documents people are reading – privacy policies – are typically written in such dry legalese that the mere words themselves seem to be dosed with comprehension-repellant. Reading the privacy policies simply as a rote mechanism is one thing, but actually comprehending them is a different beast entirely, meaning the amount of time required to understand all those privacy policies could be even more demanding than reported in their analysis.

Speaking with NPR, Cranor described how most people really have no idea about how much of their information is being used or even how it is being used. She likened the intensity of the info-gathering involved in several of these websites to having some kind of voyeur following you around the mall and recording each and every thing you look at, touch, or remark upon.

As if the time demands weren’t staggering enough, Cranor goes on to explain that it’s not even really economically feasible for people to read the privacy policies. If time is truly money, Cranor says that the total cost in time spent reading those privacy policies (if they indeed did read them) would total around $781 billion a year.

Then again, one of the few things, if not the only thing, that was generally agreed upon as acceptable with Google’s new privacy policy that went into effect last month was how simplified it was (even then, it’s still over 2,000 words). Even in it’s simplified form, only 1 in 10 had actually read the policy the day before it was implemented. So much for keeping it simple in order to get people to read these privacy policies, because obviously the unnavigable bulk of these texts is not the only thing keeping people from reading them.

For the sake of argument, though, lets just say that we did magically find an extra 30 vacation days each year and read every single privacy policy associated with the websites we haunt. Then what? What good does that do a person who wants to use the site? In case you hadn’t noticed, these are not negotiable terms. You literally have two choices: accept the terms even though they might seem intrusive or unsavory in order to continue to use the website; or you don’t accept them, so you move along. This isn’t a contract on which you can negotiate terms like you would with a salary extension or even something less grave like whether or not you want pickles on your Junior Whopper. Visiting a website and using its services is not an exercise in democracy, and part of that is because at the end of the day all of the websites you visit, in spite of how gentle they try to word their privacy policies and info-collecting practices, are for-profit businesses. You must accept their terms because, well, they own the playground.

Generally, I think of privacy policies pertaining to websites I use as less about keeping me involved in the democratic process and more about the company informing me in advance of what kind of thumbscrews my privacy can look forward to. It’s not like there’s a mediation process where Facebook’s lawyers meet with my personal agent and they discuss the site’s terms until both parties can come to a satisfying agreement. That doesn’t happen because, one, Facebook’s lawyers would probably win everything they want anyways and, two, I don’t have an agent because I’m a normal person.

So even if privacy policies were explained with the most simplified of jargon and they were a breezy 600 words, would anybody still read them? That wouldn’t ever happen, but again, for the sake of argument, assume that type of practice became common for websites. What would it take to get you to routinely read every policy for every website that you use? Or is this just a bad model in general that demands to be overhauled into a version more functional in the year 2012? You should share your thoughts with us and other readers because, in the mean time, under this current model of privacy terms that we live with, every single one of us should feel exquisitely lucky that we haven’t ended up with the same fate as that fictional young boy from South Park.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us