How Safe Is That Web App? Researchers Want Online Privacy Policies Regulated
Admit it. You don't always read the EULAs when you install software on your computer. You just click "I Agree." The same goes for the web. Most of us don't read the privacy policies that accompany our favorite web sites and services (myself included, apparently). But our failure to do so has some researchers suggesting that it's time the Federal Government got involved. According to these researchers, today's privacy policies are long and hard to read. Instead, they think it may be time for the FTC to step in and read the privacy policies for us.
Might Be Time For The FTC, Says Researchers
A new report by Carnegie Mellon University, authored by Aleecia McDonald and Lorrie Faith Cranor, states that online privacy policies take an average of 10 minutes to read. If every U.S. web user read the privacy policy at every site they went to, the time spent reading privacy policies would total 44.3 billion hours per year. Their recommendation? Regulation. They concluded that regulation might be necessary to "provide basic privacy protections."
Of course, you can imagine a lot of companies are not happy over this proposal, specifically those that take advantage of long privacy policies which they know no one reads. Online advertisers are the worst for abusing the average user's ignorance over how the internet works. They deploy behavioral targeting platforms that track users and their behavior across the net. Instructions for opting out of these programs may be found in the privacy policies, but few people take the time to read them and discover how to do so.
Cranor, who's also a member of the EFF, thinks that people shouldn't have to read these extensive privacy policies in order to protect themselves - the FTC should get involved and regulate if companies aren't willing to improve the readability of these online documents.
Should Privacy Policies Be Regulated?
If a privacy policy is long, does that mean it fails? We've seen the privacy policies now sent in the mail to us from our credit card companies. They aren't the most readable documents either, but they're legal.
Privacy policies today only seem to be there for the hyper-aware online citizen for whom privacy is a major concern. The rest of us just hear about the breaches of trust when one of those folks takes the time to read the long and boring legalize and then warns the rest of us of their findings.
The problem with privacy policies isn't just their length, though. Alissa Cooper, chief computer scientist at the Center for Democracy & Technology, argues that "It's not only that they're long, but they're also complicated. They're not really written for your average Internet user to understand them."
The average internet user? You mean those people who access the internet for twice a day for a total of 20 hours per month? The ones that spend less than one minute per page? Something tells us they're not going to read privacy policies no matter how clear and easy-to-understand they become.
Image Credits: Computer Eye, Mikey G. Ottowa; Cameras, Urbankudos
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
Reading privacy policies would be a good way to take our mind off our OTHER problems :-)
Could Haarg be a new security & Privacy Policies blog?
In some respect it may make sense to have an institution which puts together an industry standard template that's applicable for most websites & for web sites to them say that they're in conformance to that standard template & highlight any additions or changes separately.
So, there could be a template that calls out the way in which cookies, private information is not resold, or used with an identifiable information & have websites then say we conform with the FTC's PP & point to a URL. They could then explicitly say that they add tracking cookies from 3rd party vendors as an example.
rite..i never read EULA.
If people arn't even willing to read the EULA, how many of them would be willing to take legal action if the EULA was breached? Assuming that they even have the technical savvy to know its being breached, is the legalize solidified enough through case history to insure proper reparations?
This touches directly on the trade off in cloud style computing. The more you're computing is done on some one else's server, the more you're data is stored on someone else's data farms, the less control you have over it.