1 / 1

Privacy Policy Language

Privacy Policy Language . Author: Robert Carlson Faculty Advisor: Chris Hoofnagle, J.D. and Nathan Good, Ph.D. . Results How long does it take to read an average privacy policy?

kateb
Télécharger la présentation

Privacy Policy Language

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Policy Language Author: Robert Carlson Faculty Advisor: Chris Hoofnagle, J.D. and Nathan Good, Ph.D. Results How long does it take to read an average privacy policy? The average American adult reads at an average rate of 200-250 words per minute (http://ezinearticles.com/?What-is-the-Average-Reading-Speed-and-the-Best-Rate-of-Reading?&id=2298503) The average word count of the privacy policies examined was 1436 words. It would take an average adult approximately 6 minutes to read a privacy policy of average length How difficult is it to understand an average privacy policy? The average American adult reads at the 8th grade level The privacy policies in our sample earned an average of approximately 13.6 across multiple readability tests Is there a correlation between the popularity of a web site and its privacy policy? No Introduction In 1995 Mary J. Culnan stated that ‘fair information practices reflect three conditions of ‘knowledge, notice, and no’. First, consumers must be aware that personal information has been collected. Next, consumers must also be aware that their personal information may be shared with third parties. Finally, consumers must also be able to restrict their personal information from being shared with third parties if they choose.” The current industry practice is to meet the obligations of knowledge and notice by creating and posting a privacy policy/statement on their company’s website. The issue with current practice is that there are no real guidelines or rules in place to ensure that these documents are written understandably so that if read, they actually fulfill their stated purpose which is to give consumers knowledge and notice of a company’s information practices. There have been a number of studies conducted on the readability of privacy policies. These studies have tended to focus on either health industry specific policies or on those websites found to be ranked very high on popular website lists. This fails to capture the readability of the privacy policies of those websites who should most be required to ensure that their customers have both knowledge and notice, i.e. those websites actively engaged in selling their customers’ information. Many companies sell consumer data to third parties such as list brokers or direct marketers. The list broker industry is involved in the sale of huge volumes of personally-identifiable information linked to sensitive behavioral, medical, and demographic elements to almost anyone who wishes to purchase it. These list brokers advertise their databases through list search services such as NextMark, a freely available online service, which hosts 60,000 advertisements for list rentals known as “data cards”. The NextMark service claims that it contains over 37,000 data cards advertising consumer lists and 8,870 data cards advertising email lists. • Implications • Given that the average American adult reads at approximately 5.5 levels below the level of the average privacy policy and would take approximately 6 minutes to read it if they were not struggling to comprehend what they were reading, and there seems to be no correlation between the popularity of a web site and the complexity and length of its privacy policy, the logical conclusion is that the average American adult is not reading these privacy policies and, if they are reading them, then they are most likely not understanding what they are reading. This being the case, it seems disingenuous to claim that privacy policies are providing adequate knowledge and notice of a company’s information practices and thus these companies, knowingly are not, are engaging in unfair information practices. • Further Work • Evaluate the evolution of privacy policies over time • Conduct usability tests on privacy policies to gain a better understanding of their effectiveness • Compare the readability of privacy sections of websites with other comparable sections of the site such as the terms of service, FAQs, and support pages • Methodology • Created Web Crawler using Python • Collected “data cards” from http://lists.nextmark.com • Verified origin of information in data cards • Removed duplicated data cards and URLs • Collected privacy policies from web sites selling their customers’ information • Analyzed privacy policies using style.exe available from http://gnuwin32.sourceforge.net/packages/diction.htm • Separated Statistics on the Privacy Policies according to whether the company’s practices violated their privacy policies, did not violate their privacy policies, or whether their privacy policy was ambiguous • Created pivot tables comparing the readability statistics of the different categories of privacy policies

More Related