To Read All Of The Privacy Policies You Encounter, You'd Need To Take A Month Off From Work Each Year

from the get-busy-reading dept

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

We've discussed the stupidity of privacy policies many times in the past. Honestly, it's an idea that serves no useful purpose, yet most sites are required to have one, and if you don't, people get all upset . But no one reads them, and most people incorrectly assume that if a site hasprivacy policy, they must keep data private The reality is that the incentives of a privacy policy are touse it to keep your info private. In fact, the incentives are to make a privacy policy. Because the only time you get in trouble is not if you fail to protect someone's privacy... but if you violate your own privacy policy. So companies have the incentive to write a privacy policy that is as permissive to the company as possible, so that they're less likely to avoid violating their own privacy policy. That is, conceptually, the best privacy policy for a company is one that says "we don't take your privacy seriously at all and share all your data," because then they'll never break that policy. Of course, companies don't go that far, because that's pretty extreme -- but it does lead to vague privacy policies that no one reads anyway. Oh, and even when peopleread them, almost no one understands them.In fact, a new report notes that if you actually bothered toall the privacy policies you encounter on a daily basis, it would take you 250 working hours per year -- or about 30 workdays. The full study (pdf) by Aleecia M. McDonald and Lorrie Faith Cranor is quite interesting. They measure the length of privacy policies, ranging from just 144 words up to 7,669 words (median is around 2,500 words) and recognize that at a standard reading pace of 250 words per minute, most privacy policies take about eight to ten minutes to read. They also ran some tests to figure out how long ittakes people to read and/or skim privacy policies.They put all of this together and estimated that it would normally take a person about 244 hours per year to read every new privacy policy they encountered... and even 154 hours just to skim them. They used some variables to create a lower and upper bound estimate as well:They then go further to try to estimate the cost to the economy of all this privacy policy reading, but I always finds such extrapolations to be pretty meaningless. They assume a constant return on time, so just like bogus studies about how much personal surfing "costs" the economy, those figures seem totally meaningless. But the amount of time estimates do seem completely valid.And, here's the thing: that's only for privacy policies. Imagine if you read terms of service and end user license agreements too... Of course, sometimes those include little hidden gems. Like the time a company put a clause in its EULA that the first person to read that clause and contact them would get $1,000. It only took four months for someone to actually spot it.

Filed Under: eula, privacy policy