Irene Pollach has a short article from September 2007, Communications of the ACM, that analyzes how privacy policies fail to build credibility, trust, and good behavior. Pollach identifies failures in:
– what the companies actually say, disclose, and describe in the policies, and
– how the companies present this information through their communication style.
She sampled 50 different leading websites to analyze them on these 2 factors. She observed several patterns that led to ambiguity in the actual policy communication:
- mitigation, in which frequency is downplayed — making it unclear how often things happen
- enhancement, in which good qualities are emphasized — that seems to promote the trustworthiness and user-value, but is unclear exactly how
- obfuscation, with hedging claims and obscuring causality — with lots of mays, mights, perhaps, if only, we reserve the right to
- omission, in which the company removes its own agency, and has behavior in the passive tense to remove the appearance of their own power
The linguistic analysis points to the importance of better communication to establish a strong and clear contract — or how these other techniques can purposefully undermine this communication, and can also lead to mistrust and confusion. These are the ‘dark patterns’ of privacy policy language design.