Last month we reported on a study that found that privacy policies and EULAs for software and web sites were lengthy (averaging 3,442 words for privacy policies) and written at a grade level that would make them inaccessible to many people. The policies laid out in such user-facing legal documents are important, but are so long and difficult to understand that many users skip over them.
That’s a whole heck of a lot of time, and the theoretical cost to the US economy in lost productivity if everyone actually spent that much time reading privacy policies would be $365-$652 billion (depending on if you’re reading or skimming). The research only covers web site privacy policies — it didn’t cover all the other types of legal documents that we encounter in our daily lives, including web site and software license agreements, terms of service, and service level agreements — so the actual cost might be higher.
Of course, the simple truth is that most people don’t actually read or even skim all the privacy policies and other user-facing legal documents they come across on a daily basis.
The paper’s authors argue that the government, by allowing web sites to self regulate and develop their own privacy terms, has actually created an environment where a lot of time and money is wasted. “These estimates presume that people visit sites, read the policies once a year, and then carry on their business as before. Yet the [...] vision of self-regulation presumes that at least for consumer sites, Internet users will visit multiple sites to comparison shop for acceptable privacy practices,” writes the paper’s authors. “The true cost of adherence to the self-regulation vision is perhaps on the order of double the costs we estimate, depending on which percentage of sites have ready substitutes and how many sites people are expected to compare.”
The researchers propose that corporations and web sites need to do a “better job of conveying their practices in useable [sic] ways, which includes reducing the time it takes to read policies.” If they can’t, government regulation may be necessary, the authors conclude, to provide privacy protections and ease the burden placed on users to keep track of their rights online.