Wikipedia wins, Craigslist loses in Clickwrapped’s assessment of who respects your rights online

gold medal_thumb

Do privacy policies make your eyeballs bleed?

Probably not, because if you’re like most of us, you don’t actually read them. They’re just too long, too onerous and too hard to decipher.

In fact, it would take the average person about 250 hours yearly – that’s about 30 full working days – to read the privacy policies of the websites they visit in a year, according to a study [PDF] published by researchers Aleecia M. McDonald and Lorrie Faith Cranor.

That’s why Andrew Nicol, a lawyer based in New York City, launched two weeks ago, a site dedicated to unwrapping the tangled spaghetti of privacy policy legalese for 15 of the most popular sites, including Wikipedia, Dropbox, Google, Amazon, Facebook, LinkedIn and Netflix. Here’s the summary of results:

Summary of results from Clickwrapped

Clickwrapped uses a scale of 100 points to rate each of the site’s privacy policies and practices by evaluating four categories: how the site collects and uses our data, under what circumstances the site discloses our personal data, our rights when the site wants to change its terms or terminate our accounts, and a “miscellaneous” category for sneaky moves.

What’s a sneaky move? Clickwrapped gives these examples:

"...did you know that if you wrongly post something in the wrong category on Craigslist, you could owe that company $25? Or that you violate the Facebook terms of service every time you tag a friend in a photo without their prior consent?"

Such non-standard provisions that raise users’ concerns prompt Clickwrapped to adjust a site’s score.

CraigslistClickwrapped deems Craigslist’s terms of use “among the most draconian of those surveyed”, and placed it dead last in ranking.

Its summary of the site’s policy:

Craigslist’s terms of use are among the most draconian of those surveyed. It is also not afraid to enforce them to try to stamp out spam and to maintain its market position in the face of competition. Although the company earns deserved praise from the EFF for being a “good digital citizen”, it should give some serious thought to making its terms of use more balanced.

On the flip side, Wikipedia/Wikimedia earned Clickwrapped’s top rating, thanks to its streamlined user agreements and careful approach to collecting user data:

Wikimedia, the nonprofit that operates Wikipedia and various other collaboratively edited 'wikis', has a single set of user agreements that apply to all of its projects. These agreements are the highest scoring in our survey by some margin. Wikimedia is committed to collecting and retaining the 'least amount of personally identifiable information needed' to operate its projects. This objective has produced a sensible and eminently fair privacy policy that should be a model for any company that is serious about its users' rights.

Even the privacy-respecting Wikimedia has to be handled with caution, of course. As Clickwrapped points out, the site will disclose your personal information under certain circumstances.

WikipediaThat includes when the site’s forced to respond to a subpoena, when it investigates abuse, or to “protect the rights, property or safety of the Wikimedia Foundation, its users or the public”.

Wikimedia promises to notify a registered user within three business days (if the user has associated an email address with his or her account) of receiving a government request for information about that user. Note that this is the only policy Clickwrapped found that promises to notify a user of a government request within a defined timeframe.

Of course, the big-data guzzlers Facebook and Google are what really tilt people’s privacy meters into the red zone.

However, it might come as a surprise that Clickwrapped rated them both quite high.

Google, rated No. 3 – behind Dropbox at No. 2 and Wikimedia at No. 1 – gets a pat on the back for its response to government requests for user data, and for being a bit more friendly than most of its peers around amendment and termination. For example, Google promises to allow users to download their data before shutting down a Google service.

Some nice things Clickwrapped had to say about Google regarding government requests for data:

Google’s record of responding to government data requests … is commendable. The volume is large: in 2011, it received over 12,000 requests for user data from U.S. authorities alone. Google attempts to notify affected users about government data requests—although as the EFF notes, it has not yet made this commitment in a formal policy. It also has a good record of properly considering each claim rather than just handing over everything the government asks for without question. 

Facebook, ranked at No. 4, defies its bad privacy reputation by having a “Statement of Rights and Responsibilities” that’s one of the most pro-user agreements in Clickwrapped’s survey.

Unlike other social networks, Facebook’s rights to use our content are limited by our privacy settings, Clickwrapped says.

More nice things plus a few caveats about Facebook’s policy:

Whereas most websites can terminate your account at any time and for any reason, Facebook can only do so if you violate the "letter or spirit" of the Statement of Rights and Responsibilities. Nevertheless, there is still scope for improvement. Facebook’s privacy practices have been lax in a few important ways. We have concerns about its ability to track your activity on sites other than that use Facebook plugins. And the Statement of Rights and Responsibilities contains some unnecessarily broad provisions.

What a relief, to have such succinct, easy to understand, plain English summaries of the biggest sites’ privacy policies.

Road sign, courtesy of ShutterstockClickwrapped drills down into caveats and details about each site and how its rating was determined, making these evaluations definitely worth a read.

Which puts us all right back on the hook when it comes to our responsibility to actually understand what we’re signing away.

As Nicol told Time, not understanding just isn’t a good enough reason not to read them.

And that’s particularly true given how much companies are profiting off our privacy, he said:

A lot of these sites are definitely setting themselves up to make money from big data.

So kudos and thank you to a smart lawyer for deciphering those money-making privacy policies for us.

Gold medal and road sign images, courtesy of Shutterstock