Slashdot Mirror

← Back to Stories (view on slashdot.org)

20 Hours a Month Reading Privacy Policies

Posted by kdawson on from the half-the-bailout-every-year dept.

Barence sends word of research out of Carnegie Mellon University calling for changes in the way Web sites present privacy policies. The researchers, one of whom is an EFF board member, calculated how long it would take the average user to read through the privacy policies of the sites visited in a year. The answer: 200 hours, at a hypothetical cost to the US economy of $365 billion, more than half the financial bailout package. Every year. The researchers propose that, if the industry can't make privacy policies easier to read or skim, then federal intervention may be needed. This resulted in the predictable cry of outrage from online executives. Here's the study (PDF).

21 of 161 comments (clear)

  1. Solution: Standardized policies by crow · · Score: 5, Interesting

    If there were a few standardized policies that most sites used, then users wouldn't need to read them. Like with software licenses, you don't bother to read the GPL for each time you install software that uses that license.

    1. Re:Solution: Standardized policies by sakdoctor · · Score: 4, Informative

      Wasn't that the idea behind P3P

    2. Re:Solution: Standardized policies by truthsearch · · Score: 5, Insightful

      Creative Commons puts out a variety of licenses that have a simple (human readable) version and a complete (legal) version. A logo or link on a site makes it immediately clear which license is being used. The exact same formula would probably work quite well for privacy policies.

      --
      Developers: We can use your help.
    3. Re:Solution: Standardized policies by electrictroy · · Score: 3, Insightful

      It's not the FCC job to regulate anything other than over-the-air radio waves (public property).
      Software, not being radio, is private and NONE of the government's long-nosed business.

      The solution I use is to not bother reading the policies, because I know the companies don't adhere to them. They just sell your info to whoever that want, and do whatever they please (similar to how Bush is eavesdropping on overseas Americans even though he promised he wouldn't). There's no point wasting my time reading a policy that is not enforced.

      --
      The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to you.
    4. Re:Solution: Standardized policies by Stewie241 · · Score: 3, Insightful

      True, but you learn about your rights by reading the license. And, by knowing what the license is, you don't have to worry about the question of whether or not you got it legitimately or not.

    5. Re:Solution: Standardized policies by DriedClexler · · Score: 3, Insightful

      It's not the FCC job to regulate anything other than over-the-air radio waves (public property).
      Software, not being radio, is private and NONE of the government's long-nosed business.

      Good job. He said FCC (Federal Communications Commission) when he should have said FTC (Federal Trade Commission) and instead of reminding the rest of us what the relevant government agency would be, you took the opportunity to grandstand about his mistake. That really helps the discussion, doesn't it?

      Anyway, I have a hard time seeing how this would be overstepping the government's bounds. It's just setting up a template people are free to use, or not, or use with modifications. Government-endorsed behavior (where it pays people to do something), is not the same thing as government-recognized behavior (where it sets a template to ease communication).

      The worst that would happen is that it biases people into not trusting those who refuse to simplify their TOS into one of the common templates. Good. People should have distrusted long license agreements in the first place. It's the general tolerance of that kind of BS that has pushed people into accepting as commonplace the atrocious practice of agreeing to something you haven't read ... something that in any other context is evidence of coercion.

      --
      Information theory is life. The rest is just the KL divergence.
  2. Or maybe... by Aladrin · · Score: 5, Insightful

    Or maybe people shouldn't submit their data to every website they visit. If they care about their privacy, they had better well read the privacy policy.

    Companies aren't going to dumb-down their policies and open themselves to lawsuits. They are precise and lengthy for a reason.

    In the end it doesn't even matter, though. They all include a clause that lets them change the policy any time they like.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  3. No big deal. by Mister+Whirly · · Score: 5, Funny

    200 hours? big deal.
    Average amount of hours wasted reading Slashdot at work in a year : 5,000,000

    --
    "But this one goes to 11!"
    1. Re:No big deal. by aurb · · Score: 5, Funny

      It's a good thing we don't read the articles. The number could be much much bigger...

    2. Re:No big deal. by alexhs · · Score: 3, Funny

      By my own calculations using your helpful data, it means a slashdotter in average wastes each work hour 2500 times...

      Using relativity formulae, I guess we would come close to the speed of light...

      --
      I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
    3. Re:No big deal. by MadCow42 · · Score: 3, Funny

      Actually, the average for Slashdot editors appears to be slightly lower than the general populace... it's the only explanation I can see. :)

      MadCow.

      --
      I used to have a sig, but I set it free and it never came back.
  4. Standardization by FireStormZ · · Score: 4, Insightful

    Some group need to write a half dozen or so policies covering a range of options and publish them under a license which *does not* allow them to be used under the same name if any changes are made.

    Who really reads the GPL anymore after you have went through it a few time? the MPL? BSD? If you get somewhere under a dozen options out there you can save *everybody* time..

    --
    "Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
  5. Re:fp by ozphx · · Score: 5, Funny

    Short, sweet and to the point. Fine use of rhetoricals and emphasis on the punchline. This well balanced piece is let down by its brevity and typos, I can't help but feel that Coward rushed this work.

    Worth your time. Three and a half stars.

    --
    3laws: No freebies, no backsies, GTFO.
  6. What about television by iteyoidar · · Score: 3, Funny

    I would imagine every American loses like, a bujillion hours a month watching TV. That probably costs a lot too.

  7. I'm your browser and I'm here to help. by SleptThroughClass · · Score: 5, Interesting

    Even better, a tag could tell your browser which standard policy is being used. Tell your browser which policies you want to be accepted, and what action to take for sites with other policies.

  8. This is a very BIG deal! by tuxgeek · · Score: 4, Funny

    So, if our time, 200 hrs, is worth $350 billion
    And we spend 5,000,000 hrs / year reading slashdot
    That means our wasted hours reading slashdot is worth $8,750,000,000,000,000.00

    Good God man! If we slashdotters collude on this we can buy the whole planet and kick everyone else off it, or at least charge them rent.

    -----

    Never underestimate the power of stupid people in large groups

    --
    "Suppose you were an idiot...and suppose you were a member of Congress...but I repeat myself." Mark Twain
    1. Re:This is a very BIG deal! by digitig · · Score: 5, Funny

      So, if our time, 200 hrs, is worth $350 billion

      Where do I apply for this $1.75 billion an hour job, reading privacy agreements?

      --
      Quidnam Latine loqui modo coepi?
  9. Re:They need another study by corsec67 · · Score: 5, Funny

    Not even congress reads the laws.

    --
    If I have nothing to hide, don't search me
  10. Logicless Leap by Hercules+Peanut · · Score: 4, Interesting

    The researchers propose that, if the industry can't make privacy policies easier to read or skim, then federal intervention may be needed.

    Why? Why should I need the federal government to get involved? At what point did I lose the power to choose to simply not use the service. If I don't have time to read the policy, then I can simply say no. It is only at the point that I no longer have a choice and that my rights are threatened that I need the federal government to step in and protect my rights.

    How did we become a society of people who believe that the only ones who can solve our problems are the government, worse, the federal government? Have we no self reliance anymore?

  11. Re:fp by Anonymous Coward · · Score: 4, Funny

    Fair assessment. Great turnaround time.

    Would troll again AAAAAAAAAAAAA++++++++++++++++

  12. Privacy policies aren't legally enforcable anyway by Aram+Fingal · · Score: 3, Informative

    Back in the Clinton administration, the FTC tried to set a precedent for enforcement of privacy policies with the case of Toysmart.com. Toysmart.com went bankrupt and a judge ruled that they could sell their customer database in violation of their own privacy policy to settle debt. The Clinton administration tried to reverse the decision on appeal but the case went on after Clinton left office and Bush came in.

    The Bush administration tried to broker a compromise allowing Toysmart.com to sell their database as long as it was to a company in the same industry. One of the shareholders in Toysmart.com didn't want to be responsible for that decision so he bought the database himself and destroyed it. No precedent was set and the Bush administration hasn't tried to prosecute anyone for violation of privacy policy since.