Proposed Law: Privacy Policies Must Be Less Than 100 Words (Says 336 Word Bill)

from the lawyers-are-not-good-at-being-brief dept

This bill would require the privacy policy to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

I've stated in the past, that the whole concept of "privacy policies" is a failed concept . No one reads them, those who do read them don't understand them, and most people incorrectly think that if you have a privacy policy, it means you keep information private. That's not the case. Since the only way you get into legal trouble is by violating your privacy policy, the incentives are totally screwed up: sites have the incentive to make their privacy policies as broad as possible, allowing them to do as much as possible. Since users think any privacy policy means they're safe, then the "ideal" privacy policy is one that says "we don't care about your privacy, we give away or sell all your data, and we laugh all the way to the bank" (more or less). The user thinks their data is secure, while the site has nothing to worry about since they won't "violate" the policy.And, yet, politicians still seem to focus on privacy policies, as if they're a legitimate replacement for actually doing something to protect privacy. In pointing out how silly privacy policies are, a year ago, we noted that you'd need to take a month off from work each year to actually read all the privacy policies you encounter on a normal basis. It appears that California Assemblymember Ed Chau has a solution to all of this (as pointed out by Eric Goldman ): just pass a law that requires all privacy policies to be less than 100 words . Seriously.While I'm all for having things like terms of service and privacy policies be more simplified, I still don't see how it's particularly useful to legislate this. Also, lawyers aren't exactly known for their ability to be pithy. Having worked on a couple of privacy policies with lawyers in the past, finding someone who can get such a policy under 100 words would be very, very tricky.And, not to be snarky or anything, but the text of the law itself (removing the digest explanation and preamble) clocks in at 336 words. So... if your law saying that all privacy policies must be under 100 words can't be written in under 100 words, perhaps you've highlighted the problem with your own law.

Filed Under: 100 words, california, privacy, privacy policies