What’s Wrong with Online Privacy Policies?

Pollach, Irene. "What's Wrong with Online Privacy Policies?" Communications of the ACM 50, no. 9 (September 2007): 103-108.

The article relates users’ responses to online privacy concerns to websites’ inadequate and confusing privacy policies. Pollach underscores current users’ practices of falsifying information and refusing to provide information to companies in order to protect their privacy. She also reflects on the companies’ concern about these practices hindering their ability to properly market and deliver good service to those customers.

Pollack points out flaws and outlines ways that companies can improve their online privacy policies in order to allay their customers’ privacy concerns and build trust with them. Relative to existing privacy policies, she outlines some ways in which they are deficient in the following quote:

“Internet users have been found not to read online privacy policies because they find them too legalistic and therefore difficult to understand [9]. Another study has assessed privacy policies by means of readability formulae and found that readers would require at least some college education to understand the complex words and sentence structures in these texts [1]” (Pollach 2007, 2).

Pollach selected 50 popular and successful websites in order to conduct her research chosen from Alexa.com for their traffic rankings. She carried out two separate studies, one to ascertain what the companies’ privacy policies do say and one to determine what the policies don’t say about how they handle consumers’ information. She used a range of familiar company names, from Internet Service Providers like Yahoo to travel companies such as Expedia.com to collect her data. Her research involved assessing the ability to answer 29 questions on corporate data handling relative to users’ privacy concerns using the language in the longest privacy policies from the sample. The results showed that 39.4% of the questions couldn’t be answered because the answer could not be found in the privacy policies. It is worth noting also that many companies exhibit a “privacy seal” on their website which gives customers a feeling of security about their privacy. The results of this study showed that companies that had privacy seals had only slightly better privacy policies than companies that didn’t have the seals.

Less than a third of companies disclosed their data handling policies. Pollach was shocked to find out how many companies don’t disclose any information at all, including how they share customers’ information with third parties. She found a number of other activities that companies participate in to share customers’ data such as e-mail addresses which further confirmed her suspicions.

The language of the privacy policies was analyzed in order to provider a deeper understanding of how they are worded. “The analysis of the language of privacy policies was based on critical linguistics [6], a method that seeks to uncover how authors of texts use language to construct their own versions of reality. In the context of privacy policies, this “version of reality” refers to how companies present their data handling practices to their readers. The goal of this analysis was to determine why privacy policies are difficult to understand and why readers do not consider them worth reading” (Pollach 2007, 105-106).

Several aspects of the language in the privacy policies was evaluated, and it appears as though the companies used various techniques in the wording of them to make them more palatable to the customer, to potentially confuse the customer as to the true intent, or to possibly hide the real facts. Pollach does admit, however, that she can’t be certain the companies’ intent is to deliberately hide or shield the truth. The purpose of the privacy policies seems to mainly defend possible litigation threats against the companies.

In conclusion, Pollach recommends that online companies address the ambiguous wording in their privacy policies using structure that makes the language more easily read and understood by every customer. Some suggestions she makes are to put the salient details of the policy in a table to make it easy for customers to look up specific topics. In addition, she recommends breaking the document up into smaller paragraphs of information to make it easier to read. Overall, Pollach feels strongly that IT departments of online companies need to be clear with their customers about exactly how their using their personal data.

This was a very detailed article, looking at online privacy through a microscope, in essence. I appreciated the authors’ analysis of the language of the privacy policies as a way of specifically defining their inadequacies and providing evidence confirming customers’ privacy concerns in addition to pointing out ways that companies can allay those concerns. Her study was very exacting, and the intra-coder reliability pertaining to the coding of the 50 privacy policies was 98.84%.

This source will fit in well with the rest of my research and address the privacy issue on a much more granular level than other sources I’ve gathered so far. It takes the mystery out of the term privacy and puts the onus back onto the companies that attempt to shield the public from knowing the truth.