Privacy Policy Is an Oxymoron

Hang on just a few more minutes. I know that you're waiting for me to write this article, but its taking me quite a bit of time to do the online research for it. Why? Well, I'm taking the time to read the privacy policy on every Web site I visit. Don't you? I'm pretty sure your answer to that question is no. (And, in all honesty, that's really my answer, too.) And why should you? Web site privacy policies give software EULAs a good run for their money when it comes to length and complexity. In fact, according to a recent study by researchers at Carnegie Mellon University, it takes 10 minutes on average to read a Web site's privacy policy. In the report, the researchers estimated that it would take a total of 44.3 billion minutes per year if every Web user read the privacy policies for every site he or she visited. And, of course, a privacy policy's length is only part of the problem. Even shorter privacy policies can be hard to understand for anyone without a law degree. With all the whereases and heretofors, I'm never quite sure what the site is claiming. It can seem as if some sites are reserving the right to anything I might do for the rest of my life.

Jim RapozaHang on just a few more minutes. I know that you're waiting for me to write this article, but it's taking me quite a bit of time to do the online research for it.

Why? Well, I'm taking the time to read the privacy policy on every Web site I visit. Don't you?

I'm pretty sure your answer to that question is no. (And, in all honesty, that's really my answer, too.) And why should you? Web site privacy policies give software EULAs a good run for their money when it comes to length and complexity.

In fact, according to a recent study by researchers at Carnegie Mellon University, it takes 10 minutes on average to read a Web site's privacy policy. In the report, the researchers estimated that it would take a total of 44.3 billion minutes per year if every Web user read the privacy policies for every site he or she visited.

And, of course, a privacy policy's length is only part of the problem. Even shorter privacy policies can be hard to understand for anyone without a law degree. With all the whereases and heretofors, I'm never quite sure what the site is claiming. It can seem as if some sites are reserving the right to anything I might do for the rest of my life.

So what's the solution?

There is always the time-honored solution of more regulation. The FTC already regulates online privacy policies to a small degree, but, for the most part, it is still up to the online companies to determine what's needed.

There are also technological solutions, and a pretty good one has existed for a while in the form of P3P (Platform for Privacy Preferences). P3P has been around for a while and is supported in browsers, but almost no one uses it to vet the privacy policies of sites they visit.

What many representatives of online sites will say is that there is no problem--that the current length and complexity of privacy policies fully protects the privacy of visitors. They will also note that the policies aren't really there to be read by users. Rather, in posting a policy, a site is legally bound to honor it. (And the FTC has gone after sites that violate the privacy policies they post.)

But the problem here is that the sites and their legal teams get to write these policies, meaning that they usually protect the business wants of the company and its desire to use visitor information while giving the impression that it cares about visitor privacy.

To me, the biggest problem with the whole privacy debate is that U.S. law doesn't really recognize such a thing as a right to privacy. Until it does, these situations will always be a problem for those concerned about their privacy.

Because if something is clearly against the law, it doesn't matter what sites or companies write in their privacy policy or EULA; they'll still be in trouble if they violate the law. And until it's against the law to egregiously invade the privacy of people, no amount of regulation or easy-to-read privacy policies will change that.

Now, if you'll excuse me, I have to read all the terms of service of the Web sites I use. I wonder how long that will take?