We’ve talked about privacy policies a lot before. While they exist to give consumers information about what data is being collected and how it’s being used, they tend to share one big problem in common: aside from a few exceptions, most privacy policies are utterly impenetrable for the average reader.
They’re long. They’re dry. They’re in a particularly tortuous form of legalese, designed to maximize corporate butt-covering and not consumer understanding. They’re hard to find. And they’re so ubiquitous and dull that we ignore them.
So this week, a team of researchers from two universities are trying to make those policies a little more accessible, with a tool they call Usable Privacy.
In a press statement, the researchers pointed out that studies show it would take an average user 600 hours to read all the privacy policies for their regularly-viewed sites. That’s 25 24-hour days — a month of your life, or 37.5 days of your life if you took sleeping breaks and nothing else — devoted entirely to learning where you stand… and that’s ridiculous.
“Our objective is to produce succinct yet informative summaries that can be included in browser plug-ins or interactively conveyed to users by privacy assistants that inform users about salient privacy practices,” said Norman Sadeh, the lead principal investigator of the study.
“While navigating our site, people will notice how complex and fragmented many privacy policies are,” Sadeh said. “The vast majority of statements are about first-party collection and third-party sharing and contain significant levels of ambiguity when it comes to determining exactly what is being collected and with whom it is shared.”
With the color coding, visual bookmarking, highlighting and annotation all put together, Usable Privacy aims to reach two goals. The first is to demonstrate research and show off trends in the policies they’ve analyzed. For example, the visual bookmark sidebar shows how related concepts are not necessarily grouped together at all, but instead spread out into several different paragraphs or sections.
The other, though, is for the end users to be able to figure out more quickly just what’s going on. For example, NBC.com:
Falling under that umbrella are familiar statements like, “When you use our online services we collect information through the user of Cookies and Other technologies” and “we use information to provide the services you have requested,” which are basically how the internet works. However, it also warns of data bleed-through: “If you visit our online services on a device through which you also interact with social networks or if you interact with us through a social media function such as a plug-in (for example, a Facebook “like” button) then you may be permitting us to have on-going access to some information from your social network profile.”
The nest most common statements (57, total) concern third-party sharing and collection, like “we may disclose your personal information to … protect our legal rights,” or their right to sell your data as an asset belonging to a business unit if they sell that business unit.
About Do Not Track, they only say, “NBCUniversal does not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.”
The analysis goes on from there, and readers can navigate using either side panel to go directly to certain kinds of content, as well as just scrolling through the core policy text itself.