Privacy policies: Is anyone reading them?

Privacy policies, or notices, have long been used by companies to describe their data collection and processing practices to consumers and other individuals.  

At least, that was the plan.  

The only problem: is anyone reading these policies–and if so–are they understanding what they just read? 

Despite the critical role they play in safeguarding user privacy, many organizations and consumers alike are often left feeling like these policies aren’t fulfilling their intended purpose.  

Let’s explore why these intended tools of transparency so often miss the mark and tackle a few things that can be done to fix the problem. 

Reading the room on how consumers feel about privacy

Our latest research report, Privacy Beyond Borders, revealed some intriguing truths about how consumers feel about privacy, and how well they feel their needs are being met in this area. According to the results: 

• 93% of consumers are concerned about the security of their personal information, and 
• 92% believe that companies often prioritize profits over data protection. 

Those numbers alone are already enough to make one thing clear: people care about their privacy, and, unfortunately, they don’t think companies do.  

It seems like a privacy policy could swoop in at this precise moment and solve everything – and yet, some additional numbers from the report reveal additional nuances of the issue: 

• 33% of respondents rarely or never review privacy policies before using online services or apps 
• 62% have consented to data sharing without considering the consequences  
• 30% rarely or never read a consent pop up before choosing a response, but 29% always or often click accept all cookies  
• 67% of consumers have consented to cookies in order to view a website, even though they felt skeptical  
• Half of consumers that have consented without considering the consequences have had their personal information leaked in a data breach 

There is the enigma. How can companies better earn the trust of privacy-minded customers that don’t give you a ton of chances to do so? 

Plain talk

One of the biggest factors contributing to gap between a privacy policy’s intended purpose and its actual impact is language.  

The report above mentioned that many privacy enthusiasts don’t even read privacy policies, and that’s probably because the ones they read in the past seemed like they were written in a foreign language.  

For organizations, privacy is in many ways tied to legal risk, and this often is apparent in their privacy policy.  

Legal jargon, ambiguous descriptions, and technical terminology often take up most of the space in the average privacy policy, and unless the reader has a background in law or privacy, the meaning behind the words can be elusive.  

Worse, this lack of understanding is the goal of some companies, as they want to make their practices as mysterious as possible to the average individual. 

A desire for true transparency, however, will seek to overcome these verbal obstacles. First, companies should make sure that the true purpose of their policy is to be understood by the average person, as opposed to merely satisfying a legal requirement.  

Yes, there may eventually be content that might seem obscure to someone unfamiliar with legal bases, data transfers, and online-tracking technologies – but that’s ok, if there is also something simple and accessible to guide the reader.  

Don’t just write a policy – design one

Besides making privacy policies easier to understand, organizations should also consider making them simply easier to find, and in some cases, easier to read quickly.  

The average person’s focus is constantly being bombarded with things that would win attention, and this is even more true for those who are online.  

As consumers, we consistently skim a bit of everything that is in front of us, and then we make a lightning quick decision as to what we will pay more attention to, and what will be dismissed out of thought entirely. 

 If your privacy policy is going to be something that people want to spend quality time with, it has got to catch their eye, and keep it for a moment. If your policy looks like an endless scroll of 10-point black font, people will be desperate to read something else. Anything else.  

Instead, imagine your privacy policy is just like any other part of your website. Consider utilizing good visual design tactics: 

• Use the same company brand standards in your policy as in other content that you create for consumers 
• Keep headings simple, clear and make the page visually attractive 
• Allow users to click in on topics where they would like to explore the detailed specifics; otherwise, offer them the easier-to-grasp concepts up front 

Examples of the best privacy policies 

Here are some excellent examples of privacy policies that go above and beyond to make privacy a priority for their audience:  

Lego – a lesson in privacy for kids

Lego’s privacy policy on their kids-specific website perfectly demonstrates how to change the tone and language to be understandable for a younger audience. The video is a nice touch to make complex concepts much simpler.  

Lego Privacy Policy

Best Buy – a lesson in making privacy a resource

Best Buy go one step further to call their privacy policy page a privacy resource – emphasizing their commitment to making it helpful and informative. The language is clear with highlighted sections and quick explanations whilst the layout is simple and easy to navigate.  

Best Buy Privacy Policy

Google – a lesson in user experience  

Unsurprisingly, Google has put a great deal of effort into their privacy policy for users. The videos are on-brand whilst still clearly explaining different sections of their policy and they highlight key legislative requirements like GDPR and how to remove your data.    

Google Privacy Policy

Key takeaway: Be transparent about what you do with data

Finally, companies that want to level up their privacy policies must look in the mirror first. As was mentioned earlier – some companies may try to hide their actions behind mountains of legalese, but you don’t want this to be you.  

Before writing your privacy policy, be honest about your organizations data processing practices: 

• What do you do with consumer data? 
• Who do you share it with? 
• What can consumers do about any of this? 

If you really don’t want your consumers to know the truth about these questions, a privacy policy can’t really fix the true issue.  

You cannot gain consumer trust by fooling people – instead, you gain it by telling them the truth. If you can tell the truth to your customers, then change your practices, not your descriptions of them. It’s amazing how simple and easy it can be to describe something to someone when you aren’t scared of them understanding it. 

Final thoughts…

To improve the effectiveness of privacy policies, companies must prioritize clarity, simplicity, and transparency in their policy language and design.  

Those writing the policies should continue to push for standardized, user-friendly formats and encourage their companies to adopt best practices in data protection.  

Finally, users should be empowered with the tools and knowledge to make informed decisions about their privacy, through education and the development of user-centric privacy solutions.  

Remember, most consumers want more privacy from organizations, even if they need to be encouraged to participate in reading about it sometimes.