Do privacy policies make your eyeballs bleed?
Probably not, because if you’re like most of us, you don’t actually read them. They’re just too long, too onerous and too hard to decipher.
In fact, it would take the average person about 250 hours yearly – that’s about 30 full working days – to read the privacy policies of the websites they visit in a year, according to a study [PDF] published by researchers Aleecia M. McDonald and Lorrie Faith Cranor.
Clickwrapped uses a scale of 100 points to rate each of the site’s privacy policies and practices by evaluating four categories: how the site collects and uses our data, under what circumstances the site discloses our personal data, our rights when the site wants to change its terms or terminate our accounts, and a “miscellaneous” category for sneaky moves.
What’s a sneaky move? Clickwrapped gives these examples:
"...did you know that if you wrongly post something in the wrong category on Craigslist, you could owe that company $25? Or that you violate the Facebook terms of service every time you tag a friend in a photo without their prior consent?"
Such non-standard provisions that raise users’ concerns prompt Clickwrapped to adjust a site’s score.
Its summary of the site’s policy:
On the flip side, Wikipedia/Wikimedia earned Clickwrapped’s top rating, thanks to its streamlined user agreements and careful approach to collecting user data:
Even the privacy-respecting Wikimedia has to be handled with caution, of course. As Clickwrapped points out, the site will disclose your personal information under certain circumstances.
That includes when the site’s forced to respond to a subpoena, when it investigates abuse, or to “protect the rights, property or safety of the Wikimedia Foundation, its users or the public”.
Wikimedia promises to notify a registered user within three business days (if the user has associated an email address with his or her account) of receiving a government request for information about that user. Note that this is the only policy Clickwrapped found that promises to notify a user of a government request within a defined timeframe.
Of course, the big-data guzzlers Facebook and Google are what really tilt people’s privacy meters into the red zone.
However, it might come as a surprise that Clickwrapped rated them both quite high.
Google, rated No. 3 – behind Dropbox at No. 2 and Wikimedia at No. 1 – gets a pat on the back for its response to government requests for user data, and for being a bit more friendly than most of its peers around amendment and termination. For example, Google promises to allow users to download their data before shutting down a Google service.
Some nice things Clickwrapped had to say about Google regarding government requests for data:
Google’s record of responding to government data requests … is commendable. The volume is large: in 2011, it received over 12,000 requests for user data from U.S. authorities alone. Google attempts to notify affected users about government data requests—although as the EFF notes, it has not yet made this commitment in a formal policy. It also has a good record of properly considering each claim rather than just handing over everything the government asks for without question.
Facebook, ranked at No. 4, defies its bad privacy reputation by having a “Statement of Rights and Responsibilities” that’s one of the most pro-user agreements in Clickwrapped’s survey.
Unlike other social networks, Facebook’s rights to use our content are limited by our privacy settings, Clickwrapped says.
More nice things plus a few caveats about Facebook’s policy:
Whereas most websites can terminate your account at any time and for any reason, Facebook can only do so if you violate the "letter or spirit" of the Statement of Rights and Responsibilities. Nevertheless, there is still scope for improvement. Facebook’s privacy practices have been lax in a few important ways. We have concerns about its ability to track your activity on sites other than facebook.com that use Facebook plugins. And the Statement of Rights and Responsibilities contains some unnecessarily broad provisions.
What a relief, to have such succinct, easy to understand, plain English summaries of the biggest sites’ privacy policies.
Clickwrapped drills down into caveats and details about each site and how its rating was determined, making these evaluations definitely worth a read.
Which puts us all right back on the hook when it comes to our responsibility to actually understand what we’re signing away.
As Nicol told Time, not understanding just isn’t a good enough reason not to read them.
And that’s particularly true given how much companies are profiting off our privacy, he said:
A lot of these sites are definitely setting themselves up to make money from big data.
So kudos and thank you to a smart lawyer for deciphering those money-making privacy policies for us.