A new report by Carnegie Mellon University, authored by Aleecia McDonald and Lorrie Faith Cranor, states that online privacy policies take an average of 10 minutes to read. If every U.S. web user read the privacy policy at every site they went to, the time spent reading privacy policies would total 44.3 billion hours per year. Their recommendation? Regulation. They concluded that regulation might be necessary to "provide basic privacy protections."

Of course, you can imagine a lot of companies are not happy over this proposal, specifically those that take advantage of long privacy policies which they know no one reads. Online advertisers are the worst for abusing the average user's ignorance over how the internet works. They deploy behavioral targeting platforms that track users and their behavior across the net. Instructions for opting out of these programs may be found in the privacy policies, but few people take the time to read them and discover how to do so.

Cranor, who's also a member of the EFF, thinks that people shouldn't have to read these extensive privacy policies in order to protect themselves - the FTC should get involved and regulate if companies aren't willing to improve the readability of these online documents.

Should Privacy Policies Be Regulated?

If a privacy policy is long, does that mean it fails? We've seen the privacy policies now sent in the mail to us from our credit card companies. They aren't the most readable documents either, but they're legal.

Privacy policies today only seem to be there for the hyper-aware online citizen for whom privacy is a major concern. The rest of us just hear about the breaches of trust when one of those folks takes the time to read the long and boring legalize and then warns the rest of us of their findings.

The problem with privacy policies isn't just their length, though. Alissa Cooper, chief computer scientist at the Center for Democracy & Technology, argues that "It's not only that they're long, but they're also complicated. They're not really written for your average Internet user to understand them."

The average internet user? You mean those people who access the internet for twice a day for a total of 20 hours per month? The ones that spend less than one minute per page? Something tells us they're not going to read privacy policies no matter how clear and easy-to-understand they become.

Image Credits: Computer Eye, Mikey G. Ottowa; Cameras, Urbankudos

A recent study in the UK showed that most Britons have a strong desire for the regulation of social network sites like MySpace and Facebook. In fact, 9 out of 10 people said there should be tighter regulation and, according to today's The Guardian, 89% said there should be a set of widely accepted rules to help prevent personal information from being abused.

Sir Christopher Meyer, the PCC chairman, warned of the dangers of posting content online to these sites, saying, "there is a need for public awareness about what can happen to information once it is voluntarily put into the public domain." In other words, people are posting content without thinking about the consequences and permanence of their actions.

EU Considers Regulation, Too

This news about the British survey comes at the same time as the EU is considering additional social network legislation and regulation as well. The Executive Director of Europe's top Internet security agency, ENISA (European Network and Information Security Agency), Andreas Pirotti, recently called for expanding EU legislation "to cover the taking of photos of people and posting them on the Internet," noting that there's no need to obtain consent before posting photos of others.

He also said there's a crucial need to educate people on how social networks work, claiming that most don't understand how the "friending" process works or how it's nearly impossible to erase material once it's online.

But is there really a need for regulation or is this just a scare tactic to help pave the way for ENISA's current power grab? ENISA was created in 2004 as a temporary body to oversee security measures in the EU for a duration of five years. Now, the European Commission wants to extend that  to 2011 and is even considering a controversial proposal to merge them with an EU-wide telecom regulator.

Is U.S. Next?

It's not as if the U.S. hasn't considered social network regulation before, although here it often focuses on the safety of children. We have the controversial "Deleting Online Predators Act," (DOPA) and, around the same time that DOPA was introduced in 2006, Rep. Diana DeGette, a Colorado Democrat, proposed legislation that would "require Internet service providers to retain activity logs to aid in criminal investigations, including ones involving child abuse." She then expanded that to include social networks as well. Our current presidential candidate John McCain has also drafted legislation in the past that would require web sites offering user profiles (i.e. social networks) to delete user profile pages posted by sex offenders.

Possible Consequences of Regulation

Despite what may be good intentions on the part of legislators, having government and/or regulatory bodies get involved with how social networks operate could be a very slippery slope, both in the U.S. and worldwide. Once you start demanding social networks comply with certain rules and restrictions instead of just being governed by their own TOS, you're literally impacting an entire industry. There's more to social networks than just MySpace and Facebook. What about smaller networks like those provided by Ning, for example? What about social networks that are used in business like CollectiveX? And if legislation is crafted to control this particular industry, when does that stop?

Another side effect of regulation and "raised awareness" could also be a change in behavior. In the PCC survey, 78% said they would change the information they put online if they thought it would be reproduced by mainstream media. Another recent survey of Germans shows the social effects of surveillance - since the beginning of 2008, communication providers are required to record electronic communication - who communicated with whom, but not what was said. This data is stored for six months so that it could be made available to law enforcement in case of a crime. The problem with this is that the knowledge that communication is recorded has begun to change behavior - 11% of the people surveyed have already abstained from using phones, cell phones or email in certain occasions, especially in private matters like when contacting drug counselors, psychotherapists, or marriage counselors because of this data retention.

This psychological effect could easily impact today's social networks as well if users truly understood how their content could be accessed, stored, saved, and shared with others. Many people believe they have control over the items they post online, but, yesterday, we were all reminded yet again that "your privacy is an illusion," when a Yahoo hack opened up Paris and Lindsey's MySpace photos to the world. If all social networkers became educated as to what it means to post content online, would the social networks suffer a drought of content?

Do you agree that social networks in your country should be regulated? Let us know in the comments.