Build a Better Privacy Policy

429168_subscriptionDo you read every privacy policy for every site you use? I’ll come clean and confess I kind of skim it … sometimes. According to research by a team at Carnegie Mellon University, an average website’s privacy policy, as read by someone with an average reading speed, would take around ten minutes to read. And by thinking about the number of websites an average person visits, they concluded that if you were to read every privacy policy in full, you would spend between 30-50 minutes per day — or between 181 and 304 hours per year. What?!

Considering the possible risks to your identity, it’s definitely important to understand a website’s privacy policy and how it affects you, especially if it’s the kind of site that stores your real name, address, or your credit card — but who has that much time? What about end user licence agreements (EULAs), or warranties?

The Carnegie Mellon researchers suggested that it’d be better if users found it easier to skim policies and pick out the most useful bits — that way people might be able to take in more information, and at least have a fighting chance of understanding what’s going on. How do we achieve that? Well, the results of another study revealed this week suggests that a change in how we lay out that information might be all it takes. Researchers on behalf of the Federal Trade Commission tested a variety of different layouts for a bank’s personal information sharing policies — that is, the document detailing how and why they may choose to share your details with a third party — and found that the best way to present this information was in tables, clearly laying out what kinds of information sharing occurred and in which situations. Readers were more likely to correctly answer questions about the content of each bank’s policy when the information was expressed in this manner. Check out the study for yourself (PDF).

table-text-neptune

That seems like it’d be pretty obvious, right? We’ve already known for years now that on the Web, people find that scannable text is easiest to read — that is, text broken up into bite-sized, manageable chunks, with headings or bullet points where necessary. However, it seems as if that good advice flies out the window when it comes to the big dense lump of legalese. It’s probably fair to say that we’re reluctant to change what our lawyer pals told us to put there, but we’re doing a disservice to ourselves and our users by hiding all that essential information in a big pile of unreasonably thick text. Why are we still making privacy policies so hard to use?

So here’s my challenge to myself, and I hope you’ll join me: the next time I need to edit or create a new privacy policy, EULA or some other kind of dense legalese, I’m going to do what I can to format that policy in a more usable, readable manner. It’s high time that we all made an effort to be clearer about our users’ rights and obligations, and it shouldn’t be a giant investment of time on their part to understand how we plan to deal with their personal information.

Do you pay attention to the usability of your legal text? What do you to do help users understand better?

Win an Annual Membership to Learnable,

SitePoint's Learning Platform

  • Anonymous

    that’s a very valid point i told myself just the other day. The present situation is really saying “we don’t want you to be aware of the potential legal application of you using our website”. some websites solve this by adding a summary of the main points of relevance. But i guess the cryptic aspect of law texts is intended that way, even on paper. It’s not meant to be understandable to other people than lawyers in most cases.

  • http://www.francoisdutoit.com Francois du Toit

    Good post! I wonder how many people actually read through the privacy policy of every new website they visit and understand all the implications of the privacy policy…

    In my opinion, presenting information in tables will certainly help and make a site more user friendly.

    Do you know if there is a standard privacy policy (in table form) that can be copied and used after making some minor changes to it?

    Thanks,

    Francois du Toit

  • Craig

    I must confess, I used an automatic privacy policy builder. Bigger fish to fry before I take on writing my own…