Some ideas for making Privacy Policies More Simple and User-Friendly

Allen Brandt has an article, On Making Privacy Policies More Simple and User-Friendly, in the IAPP blog on Privacy Perspectives.

Here is a sample of this very interesting piece from December 10, 2013.

David Vladeck, while he was heading up the FTC’s Bureau of Consumer Protection, frequently railed against the current generation of consumer-facing privacy policies, and he has data to back him up: Consumers just don’t read or understand the things.

Much has been written about the failure of many privacy policies in the way they have been implemented. Most, it seems, have been written by lawyers (disclosure: I am one) and seem only to exist for either the mandatory requirement to have a policy or to throw everything in the policy in the event plaintiff lawyers start calling—“you can point to page 3, paragraph 3(c)I … that explains everything.”

In fact, research shows that many consumers think that a “privacy policy” is there to protect, rather than just give them—not to mention regulators, privacy advocates and class-action attorneys—notice. A 2007 study at the University of California, Berkeley found that “75 percent of consumers think as long as a site has a privacy policy, it means it won’t share data with third parties,” consfusing the existence of a privacy policy with extensive privacy protection.

There even seems to be confusion about whether they should be called privacy policies or notices.

Looking for more information on how to write a consumer-facing privacy policy? Check out Close-Up: Creating a Privacy Policy in the IAPP Resource Center.

But semantics aside, a new, very different group of consumer-facing privacy policies are starting to emerge. It may have started with U.S. government legislation requiring federal websites to incorporate plain-language techniques into all new and updated pages. Banks in the U.S. have started experimenting with simpler documents, including the use of tables, to make information easier to find and understand.

And business is also doing its part, possibly to connect better with its customers.

My organization, GMAC, for example, recently converted our entire privacy policy into a series of one minute videos. There is still the fully written version available, but less than five percent of the visitors to the privacy page ever go there; they are clicking on the video links to get the information they need. And to help clear up some of the “privacy policy” confusion, we’ve changed ours to the “privacy center,” as I think it has a better chance of being recognized for what it is: a resource.

In another example, the BBC’s website incorporates humor into its cookie explanation page with an image of smiling people eating cookies. How can you not smile and have a good feeling about any organization that can do this?

One of the earliest forms of unique privacy policy implementations was from the app game developer, Zynga. Here, they used a game to make the policy less scary and appeal to the site’s users.

Finally, a great implementation of how to present policy information can be found on LinkedIn’s privacy and terms of use pages. In addition to incorporating a short video, they broke the information into very small parts and have an icon and a summary next to each section letting the user navigate easier to their area of interest and highlight what is in each section.

See the rest at his blog.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.