Deciphering Websites’ Privacy Policies
A new tool helps you cut through the gobbledygook and protect your data.
Norman Sadeh (pictured at left) is a professor of computer science at Carnegie Mellon University in Pittsburgh. Carnegie Mellon and Fordham Law recently launched UsablePrivacy.org, a website that helps visitors review privacy policies. Read on for excerpts from our interview:
Most people don’t take the time to slog through the privacy policies for websites they visit. Should they? We live in a data-centric economy where nearly every technology that we interact with collects data about us. Privacy policies are the key to understanding what information is being collected about you and how it is used. These issues will become increasingly important as the amount and sensitivity of the collected data continue to grow.
What are the major shortcomings of these policies? It would take an average computer user more than 600 hours to read the policies for the websites he or she visits in a year. Many of the policies use dense, vague language that requires a high level of education to understand and gives companies flexibility to tweak their practices without revising the policy. Often, information about one topic—for example, how data is shared with other parties—is spread throughout the entire document, so you have to read all the text to answer one question.
How can people use UsablePrivacy.org? Visitors can read paraphrased privacy policies or review annotated policies for about 200 sites so far, including Amazon and Google. Because different people tend to be concerned with different aspects of privacy policies, we use color coding so they can zero in on the topics that are most important to them, such as data security or how the site collects data.
How can consumers use the information they read in privacy policies? People can compare policies for different websites and choose to use sites with policies that best match their own concerns. For example, some sites offer choices or settings that allow users to opt in or out of certain practices, such as tracking your online activity or sharing information with third parties. Others state that they don’t handle “do not track” requests, which you can designate in some browser settings. If you’re shopping or booking a flight online, a competing site may have a policy that you find more agreeable.