human readable privacy policies

I recently wrote a column in the Financial Express on the changes in Google’s privacy policy which explained the need for standard form agreements made by internet companies to be supplemented by infographics or any method which is less data rich and does not end up saturating the user.

Of course there are concerns that such a simpler representation of the terms of service agreement or the privacy policy may end up creating potential liability, since it will not contain the warranty limitations contained in a complicated contract. However, I feel that simpler summaries of contracts are the only way forward in a web which rarely reads them. The article which is pasted below explains why.

Consumer expectations for online companies to price their services for “free” have never receded since the time we first signed up for our Hotmail email accounts. Though some companies do tie in more premium or advanced services at an upfront price, the vast majority of online service providers support their services by a revenue model relying on advertisements. The great big leap in this model was the introduction of contextual advertising, where our personal data is used to match our consumer preferences against advertisements.

The reigning king of the web in terms of its service offerings as well as pioneering contextual advertising remains Google, which today is as much a verb as it is a web behemoth. Due to its ubiquitous presence in our lives, it now has a massive store of extremely personal information which is used to serve us ads. How it stores our information, processes it for use or discloses it to advertisers is a topic that is debated with the rollout of each new Google service where the service’s unique privacy policy is picked apart. Last week, an announcement from them that, “we’re getting rid of over 60 different privacy policies across Google and replacing them with one” caused tremendous concern amongst privacy advocates and consumer watchdogs.

A line in the announcement that the policy would be, “a lot shorter and easier to read” did not quell the rising pitch of privacy invasion. Most objections were centered on the pooling and sharing of data gathered by Google across its various services, thereby destroying the database silos it has previously maintained for each one of its services. Critics stated that by pooling our search results with our location settings, personal email and activity on social networks, Google would gain insight into our thoughts and emotions better than our parents, or even god herself.

However, much of this angst was the result of our emotional presumption of the growth of Google from a virtuous David into a villainous Goliath. This narrative failed to notice clauses in even an antiquated 2005 privacy policy, which pretty much said the same thing was being done earlier. The policy stated quite categorically that Google, “may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services.” Hence, much of the hue and cry was people crying wolf.

While some scary aspects remain with the introduction of a new privacy policy, it is important for Google users to reassess their expectations from what remains essentially a group of web services that are cutting edge and have a near constant uptime. Here, it is essential for Google to communicate more effectively and take the rhetoric head on. It has already attempted to stem the flood of criticism through a post on its policy blog and making videos on how Google will utilise customer data. However, much more needs to be done.

Most of us do not read the terms of use or even the privacy policy of a web service when we sign up and this count even includes lawyers. In the absence of what lawyers fondly call a consensus-ad-idem and what humans call a meeting of the minds towards the formation of a contract, the consumer presumes the worst. Given how a decrease in our attention span is directly proportional to each line of legalese, web service providers and online outfits have tried several innovative solutions. Starting with drafting in plain English and using videos, the Creative Commons non-profit organisation which provides copyright licenses has made an effective info graphic. This info graphic which varies for each flavor of its license has easy to comprehend graphics juxtaposed against bulleted provisions of the license reduced in English. Going beyond the form, the infographic does not sugar-coat provisions in the license that impact the rights of authors who license their content.

Adopting such an approach today is in the best interest of any web company, especially one that is graded by the warm and fuzzy standards of “don’t be evil”. Shying away from clearly spelling out how consumer data and privacy will be treated in its first email is viewed by many to be a derogation of this. Moreover, an approach to omit spelling out the problematic parts of a terms of service in a comprehensible manner rarely works since the agreement is publicly available. Before one knows, bloggers and “legal experts” point out clauses that “grievously endanger privacy” and before you know it, a strawman argument is going viral. What compounds this problem is that the user has not read the privacy policy.

In today’s times, it is no longer about browbeating Google into a binary narrative of good and evil. It is about calling on them to communicate their agreements more effectively and efficiently. This means not hiding the provisions which may not please us and telling us upfront in a human readable form the main provisions of its policy change that may not be in our best interests. After that the choice is simple: turn on, tune in or drop out.

Comments are closed.


More from the blog


  • No posts found.

More news