Privacy Policies Are Great — For PhDs

An anonymous reader writes "Major Internet companies say that they inform their customers about privacy issues through specially written policies. What they don't say is that more often than not consumers would need college undergraduate educations or higher to easily wade through the verbiage. BNET looked at 20-some-odd privacy policies from Internet companies that received letters from the House about privacy practices. The easiest to read policy came from Yahoo, at a roughly 12th grade level. Most difficult? Insight Communications, which at a level of over 20 years of eduction officially puts it onto IRS Code territory."

It's Quite Obvious Why They're At This Level

[eldavojohn]

Well--and this is all from the prospective of a geography ignorant non-lawyer American--the fact is that most policies are in place to avoid confusion. Ah, who am I kidding, they're there so nobody sues the hell out of anyone else. And a policy is there to stop the worst kind of lawsuits: class action. I'm sure you would notice this if you did the same analysis of other policies--like healthcare, dental or auto insurance policies. Yes, your health and your automobile might seem more important than your privacy but the United States Justice system (is supposed to--like in the NYTimes article) stop companies from swindling any of those.

And there's not a lot you can do about this, we're going to want to sue the pants off a bastard company if suddenly our name and address is being traded on a disc with 50,000 others on the black market. So they write these policies to be air tight and they use terms that have legal connotations because I'm sure the only time these things are scrutinized are in court anyway. And the second you take away that level of granularity, I'm sure you see yourself as a company open up to lawsuits.

Re:It's Quite Obvious Why They're At This Level

[houghi]

a policy is there to stop the worst kind of lawsuits

And that explains who the EULA is written for. It is is not written for Joe Sixpack. It is not for the user. It is to be used in lawsuits. This means it is written for the people who work with the law, lawers.

And those are the people who write them, because they are also the people who they are intended for.

Also often I see a lot of copy and paste. Especially on the bullshit attachments they put under an email.

In some countries an EULA is not even legal and most of them are written for US law. Well, many countries have different laws and if you don't like that, then you should not make the software available there from your website.

Then there is the fact that an EULA is not available in the language(s) of the country.

Yeah, it is a bitch that you should make the EULA available for all those laws, languages and countries, so cry me a river.

Re:It's Quite Obvious Why They're At This Level

[F�an�ro]

So we need some standardisation for EULAs, just like foods must list their ingredients in some standard way.

Analyze the available EULAs, 90% of it boils probably down to the same few terms.
Make a list of these terms, label each with a descriptive short name, and maybe a symbol.
Then make a regulation that companies must use those labels if they want to describe terms equivalent to those labels in their EULA.

Every year, make a survey of EULAs to find parts that are not covered by any existing label to find wich new labels need to be added to the system.

Discourage companies from using terms not covered by labels, for example by a tax.

If this leads to mass lawsuits, fix the laws.

Re:It's Quite Obvious Why They're At This Level

[Warg!+The+Orcs!!]

But EULAs are mostly unreliable anyway. if I bought a part for my car that turned out to be unfit for purpose resulting in the destruction of my car's engine, I would be able to pursue the manufacturer for compensation. Even if the part came with a small piece of paper that had "By using this part you accept that it might not work and relinquish all legal rights" written on it. This is because national law supercedes small bits of paper with 'not my fault, honest' printed on them. Most software EULAs that have the standard "If you use this and your computer breaks then it's not our fault and you agree to not sue us and in any case you accept that the most you can sue us for is 99 cents" are likewise ineffectively illegal. In the UK at least. Products sold here, by any means, have to be fit for purpose and behave as advertised or the buyer is entitled to recompense. So if I buy a piece of software or hardware and it makes my computer fry, then EULA or no EULA my rights are protected.

From a lawyer's perspective...

[imyy4u3]

I really don't see the point in these privacy policies. They are written in the most boring, impossible-to-comprehend way in the hopes that no one will actually take the time to figure out what the policy is. Because let's face it, if everyone knew that Slashdot's privacy policy allows them to sell your email address and first born child (just kidding!), no one would sign up on the site. So companies word these statements in a way that discourages anyone from reading them, yet still covers their ass if they get sued.

I really think something needs to be done about this, because 99.9% of people don't read lengthy EULAs and privacy policies simply because they are too long, boring, and difficult to understand, yet we are agreeing to conditions we probably would never agree to if we knew about them. Perhaps a law stating that the policies must be written at a sixth grade level, use small and non-legal words wherever possible, and come with a 1-page summary of the major rights. I think that would be a fantastic idea.

Re:From a lawyer's perspective...

[cfulmer]

They're mandated by the Children's Online Privacy Protection Act (COPPA).

There's also no reason for them to be hard to read. See, for example, the FTC's privacy policy: http://www.ftc.gov/ftc/privacy.shtm

Unfortunately, with Internet T&C, there are a few times where the requirements to be legally binding are at odds with being readable to the layman. For example, if you want to disclaim the implied warranty of merchantability, you generally need to put that disclaimer in all-caps and specifically mention that warranty. But, "Warranty of Merchantability" is really a term of art, and a lay person may not understand what it means.

But, absent those times, the fact that a websites T&C are hard to read is really a problem with the lawyer not drafting them for the appropriate audience. Sometimes that comes from the site operator, who doesn't want to be billed for the extra legal time.

That said, I'm not a big fan of your suggested law -- that's a lot of money spent on documents that nobody really reads. More often than not a typical user who slogged through the T&C will conclude "Yeah, that's about what I expected."

Funny story: my kid signed up for the Ty Beanie Baby on-line service. At the end of the sign-in process (which was clearly intended for children to read), there was a cartoon character that said "Be sure to read the terms and conditions and click accept!" The T&C were in a separate scrolling 4-line text box, and was written in absurd legalese. I have no idea how Ty things that's going to be binding.

Re:From a lawyer's perspective...

[Icarium]

Because let's face it, if everyone knew that Slashdot's privacy policy allows them to sell your email address and first born child (just kidding!), no one would sign up on the site

You mean you didn't create a once off, disposable email address for the purposes of registering? There's a bin for your geek card on the left as you leave the building, thanks!

On a more serious note, Slashdot is probably one of the few forums of its size where a significant number of members would be able to figure out exactly who leaked/sold thier email addresses, and it probably wouldn't take too many people pointing fingers at SF for doing such a thing before they started leaking subscribers. There's a difference between having no legal recourse and being helpless.

This is news ...Why?

[Rie+Beam]

Um, as far as I can understand, privacy policies are there for legal reasons, written in legalese to give them a quasi-legal basis for defending their policies.

Unless you're a lawyer or have a lawyer present each and every time you agree to a privacy policy (assuming you even agree to it, most are just implied to "work"), then it's basically just embedded, textual bullshit to somehow protect the company from lawsuits.

I seriously doubt that a privacy policy would stand up very well in court, unless the judge is completely in the dark on matters of technology, in which case it's simply a matter of presenting the test case as a physical contract and seeing how it would stand up, or limiting the amount of power a privacy policy holds on a public website.

Disclaimer: IANAL

Re:This is news ...Why?

[Sique]

Um, as far as I can understand, privacy policies are there for legal reasons, written in legalese to give them a quasi-legal basis for defending their policies.

All contracts and contractual condutions are. Because in an ideal world they will never be used at all, because both parties have understood what the other party expected of them and are behaving accordingly. Those written things called contracts and conditions and licenses and stuff are there if something goes wrong, to actually define the scope and the limits of the contract or license or whatever.

But exactly because they are defining scope and limits, each party has to actually understand what they are defining as scopes and limits. So yes, on the one hand they are written for the lawyers to sort things out afterwards if something derails. But at first they should give the parties of the contract an idea what behaviour is actually expected of each of them. So it has to be understandable by the signing parties at first, and usable for lawyers as a second thought.

BIG NEWS!!!

[qoncept]

Are these privacy policies any more difficult to read than the rules to McDonalds' annual Monopoly game? Come on, they are worded in a way so as to protect the company posting them, not to genuinely inform their customers.

Re:Word length

[sm62704]

Actually, in most case (although not a legal document, even an illegal legal document like a EULA) the lower the education level needed to read, the more intelligent the writer.

For example, Isaac Asimov's books are written at roughly an eighth grade level, and his nonfiction still managed to educate intelligent, learned people. He was actually called "the great educator". Dr. Asimov held a PhD in biochemistry and taught and did research at (IIRC) Boston University. Asimov was a very intelligent man with a great imagination, and was one hell of a writer.

OTOH I read a paper once by some dimwit PhD who used the word "enumerate" five times in a single paragraph without once using the word "count". Writing like this is intended to obfuscate rather than illuminate, and its sole purpose is usually to impress you with how intelligent the moron is.

In a EULA the obfuscation's purpose is obviously to make you think the damned people won't use your personal information when in fact it actually says the opposite. These people are just slimy.

The thesaurus entry for obfuscate says bewilder, blur, cloud, confuse, darken, dim, garble, hide, muddle, obscure, perplex, puzzle. None are exact synonyms, so sorry; I'm not smart enough to convey this information well.