Tuesday, August 28, 2007

Do you read privacy policies, c'mon, really?

What’s the best way to communicate information about privacy to consumers? Virtually all companies do this in writing, via privacy policies. But many are not easy to read, because they are trying to do two (sometimes contradictory) things, namely, provide consumers with information in a comprehensible format, while meeting legal obligations for full privacy disclosure. So, should privacy policies be short (universally preferred by consumers) or long (universally preferred by lawyers worried about regulatory obligations)? Perhaps a combination of the two is the best compromise: a short summary on top of a long complete privacy policy, the so-called “layered” approach. This is the approach recommended in a thoughtful study by the Center for Information Policy Leadership:
http://www.hunton.com/files/tbl_s47Details/FileUpload265/1405/Ten_Steps_whitepaper.pdf

But then I’m reminded of what Woody Allen said: “I took a speed reading course and read ‘War and Peace’ in twenty minutes. It involves Russia.” Yes, privacy summaries can be too short to be meaningful.

Indeed, maybe written policies aren’t the best format for communicating with consumers, regardless of whether they’re long or short. Maybe consumers prefer watching videos. Intellectually, privacy professionals might want consumers to read privacy policies, but in practice, most consumers don’t. We should face that reality. So, I think we have an obligation to be creative, to explore other media for communicating with consumers about privacy. That’s why Google is exploring video formats. We’ve just gotten started, and so far, we’ve only launched one. We’re working on more. Take a look and let me know what you think. Remember, we’re trying to communicate with “average” consumers, so don’t expect a detailed tech tutorial.

http://googleblog.blogspot.com/2007/08/google-search-privacy-plain-and-simple.html

Personally, I’ve also been trying to talk about privacy through other video formats, with the media. Below is just one example. I don’t know if all these videos are the right approach, but I do think it’s right to be experimenting.

http://www.reuters.com/news/video/videoStory?videoId=57250

Did you read the book, or watch the movie?

3 comments:

Anonymous said...

Privacy? Term 11 in Google's "Terms of Service" has stopped me from putting ANY content under Google's control. I am a lawyer, and I don't know what this means: "By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence [sic] to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services...."

Anonymous said...

re: "So, I think we have an obligation to be creative, to explore other media for communicating with consumers about privacy."

That's an interesting idea; Peter, what do you think of W3C's Privacy Policy?

Anonymous said...

I like the idea of using video to explain privacy, and having worked in the tech industry before, love the simple whiteboard approach. I would say, though, that even though the woman in the YouTube video did a good job of explaining the concept of what data is collected and how it is used, it would be interesting to note why this is important. In other words, you have the "how" and the "what" questions answered, but not the "why," other than the general "to improve our services" catchall (not that she used that phrase, but you get my meaning). As a consumer, I would want to know "why" IP address is going to be anonymized, when Google goes out of its way to say it wasn't important or PII anyway... (interestingly, you call it the phone number of the internet, and yet go on to say phone numbers are "personal information" - does Google really use the EU definition for collection of IP addresses?).

Anyway, I think it is an admirable idea. As the former privacy guy for another large internet search company, I know we always struggled with how to make our Privacy Policy clear. Internally, I could always write it on the whiteboard. Externally, that seemed impossible to do - you have proved things differently!

Now, if you could just explain how you will use the data collected from a searcher using a mobile phone (where you get location, phone number, ID, etc. etc...) or one of your "free" wireless networks... Good luck.

Cheers!