How to Read a Privacy Policy

stacking up privacy policies

How Privacy Policies Stack Up (literally)

The Common Data Project surveyed the online privacy policies of the largest internet companies. Their conclusion:

We realize that most users of online services have not and never will read the privacy policies so carefully crafted by teams of lawyers at Google and Microsoft. And having read all of these documents (many times over), we’re not convinced that anyone should read them, other than to confirm what you probably already know: A lot of data is being collected about you, and it’s not really clear who gets to use that data, for what purpose, for how long, or whether any or all of it can eventually be connected back to you.

How does your company’s privacy policy stack up?

4 Responses to How to Read a Privacy Policy

  1. Stephen Meltzer October 27, 2009 at 8:49 am #

    The privacy policy is slowly becoming merely a compliance document rather than instructions for consumer opt-in or opt-out education. In other words, it is a public-facing statement of corporate policy which is increasingly important from a regulatory standpoint. In the best of circumstances, it warns the public and guides corporate activity (mostly marketing activity). In the worst of circumstances, it becomes a hammer for regulators and private litigants to use when corporate actors misbehave.

    • Doug Cornelius October 27, 2009 at 8:39 pm #

      Stephen –

      I agree. Many of the privacy policies I come across are written by lawyers for lawyers, offering little help to the consumer. Just let us know what you are going to do with the information you are collecting.

    • Mitchell Goldstein October 27, 2009 at 10:22 pm #

      Privacy policies create a contract that limits the use of personal information and affords a private right of action for its violation. That is better than nothing.

  2. Grace Meng October 28, 2009 at 3:53 pm #

    Thanks for picking up our report. We’re interested in your comments–I think there’s growing consensus that even “better than nothing” is not good enough. The research that led to us writing this report was actually background research for our current project, building a “datatrust” or data storage system where people can have more control over their information while at the same time, valuable information flows more freely for research and other uses for the public good. We’ve blogged a bit about our current work here:, and you can find out more on our projects page on our website as well: We hope to have more information available and ways for people to provide feedback soon.