How to Read a Privacy Policy

IDWise Logo

Raise your hand if you regularly read the privacy policies posted by the applications and services you use.

Did your hand go up? I admit: mine didn't. And I know I'm not alone. In fact, I'm ahead of the game just for knowing what a privacy policy is—according to a 2014 study by the Pew Research Center, 52 percent of online Americans believe, incorrectly, that the very existence of a privacy policy means the organization keeps all customer or user data confidential.

But becoming educated on privacy policies—particularly the specific ones for the services you use—isn't easy. A 2012 study from researchers at Carnegie Mellon measured the median length of privacy policies—about 2,500 words—and estimated that most take around 10 minutes to read. That means that to thoroughly understand all of the privacy policies the average person encounters in a year—nearly 1,500!—would take almost 250 hours, more than ten entire 24-hour days of nonstop reading. Even just to skim every privacy policy would take 154 hours per year, or almost eight full work days.

With new data breaches occurring every day and phishing attempts hitting our inboxes in record numbers, it's more important than ever to consider the personally identifiable information (PII) you're surrendering to companies. So what's the solution? Is there an alternative to wading through a slog of dense legalese 1,500 times per year? While we can't recommend skimming privacy policies (or ignoring them altogether), there are some ways to find out what you need to know in less time.

Ask the Right Questions. According to Rachel German, a researcher at the University of Texas at Austin, there are six main pieces of information consumers should try to glean from any privacy policy:

  • Is your data used for secondary use; i.e. for uses other than that for which you are explicitly providing it?
  • Is your data shared with third parties? If so, does it specify for what purposes? (For example, it's often a red flag if the policy states that data sent to third parties is used to deliver ads; that could equal a lot of spam in your inbox.)
  • What are the terms for sharing your data with the government and with law enforcement?
  • Is your data protected in all phases of collection and storage?
  • Does the service allow you to delete your data?
  • Does the service use your data to build and save a profile for non-primary use?

Search Smart. Now that you know what information you're looking for, is there a way to hone in on the answers to those specific questions? German recommends using the manual search option on your browser to find key phrases. Some suggestions that are likely to lead you to the answers you seek:

  • email
  • marketing
  • arbitration
  • waive or waiver
  • third-party
  • affiliate(s)
  • opt-out

Another helpful strategy is to search the policy for any words and phrases in boldface or all caps. There's a good chance that important information is set off this way.

Consider an add-on. Several companies, such as TRUSTe and P3P, offer enrollment-based services that search privacy policies and quickly highlight pertinent information. The Center for Identity also recently released PrivacyCheck, a free Google Chrome extension that's a fast alternative to the manual search process outlined above. PrivacyCheck uses a data mining algorithm—developed using input from experts in law, public policy, and computer science, along with representatives of the FTC and the Electronic Frontier Foundation (EFF)—to provide a graphical, 'at-a-glance' look at the ways in which companies use their customers' personal data.

Consumers may be used to sticking their heads in the sand about privacy policies, but there are options for those of us without an extra 10 full days to spare. Try the methods above and you'll move into the 44 percent of privacy-savvy users in no time.

IDWise Logo
What is IDWise?

Funded by a partnership with the Texas Legislature, and powered by the Center for Identity, IDWise is a resource center for the public on identity theft, fraud, and privacy. IDWise offers clear and accessible resources to empower citizens—both online and offline—to be better informed and make smarter choices to protect their personal information.

IDWise Logo

Funded by a partnership with the Texas Legislature, and powered by the Center for Identity, IDWise is a resource center for the public on identity theft, fraud, and privacy.

Learn More