Irene Pollach has a short article from September 2007, Communications of the ACM, that analyzes how privacy policies fail to build credibility, trust, and good behavior. Pollach identifies failures in:
– what the companies actually say, disclose, and describe in the policies, and
– how the companies present this information through their communication style.
She sampled 50 different leading websites to analyze them on these 2 factors. She observed several patterns that led to ambiguity in the actual policy communication:
- mitigation, in which frequency is downplayed — making it unclear how often things happen
- enhancement, in which good qualities are emphasized — that seems to promote the trustworthiness and user-value, but is unclear exactly how
- obfuscation, with hedging claims and obscuring causality — with lots of mays, mights, perhaps, if only, we reserve the right to
- omission, in which the company removes its own agency, and has behavior in the passive tense to remove the appearance of their own power