Regulators demand clearer privacy policies

Out-Law News | 16 Feb 2009 | 2:44 pm | 2 min. read

Two-thirds of people surveyed by the UK privacy watchdog want marketing opt-outs to be clearer, while 62% want a clearer explanation of how personal information will actually be used. The survey found that 71% did not read or understand privacy policies.

The Information Commissioner's Office (ICO) has begun a campaign to encourage companies to be more up-front about what their privacy policies mean.

Meanwhile, US consumer regulator the Federal Trade Commission (FTC) has made a similar call for privacy policies and explanations of personal data use to be improved, making explanations "clear, concise, consumer friendly and prominent".

The ICO surveyed 2,141 people about their attitudes to the small print of privacy policies and found that 47% of people believed that companies deliberately made it hard to read or hard to understand, and 42% believed that the material only existed to justify the selling on of personal details.

The ICO is conducting a campaign to encourage companies to be more clear about how they will treat personal data.

"Privacy notices are an important way to inform individuals and ensure that organisations are open about how they use personal information," said Information Commissioner Richard Thomas. "But no-one should need a magnifying glass or a lawyer to find out what will happen to their information, what their choices are and what their rights are. Too many privacy notices are written to protect organisations, rather than to inform consumers."

The ICO is running a consultation process on a proposed Code of Practice for companies to follow when publishing their privacy policies. It said that policies are written in deliberately obscure language which consumers find hard to understand, and that the policies are written to protect companies, not to inform citizens.

It is now conducting a public campaign to encourage consumers to read the privacy policies attached to services they sign up for, and to persuade companies to make them easier to understand.

"What chance do people have if privacy notices are written in complex legalese? How can you make an informed decision without understanding what you are signing up to?" said Thomas. "Organisations should only collect the minimum of personal information and they must explain what they will do with it in clear, plain language."

The FTC in the US has issued an update to the principles it wants advertisers to follow when engaging in behavioural advertising, that is basing advertising on knowledge of someone's online activities.

FTC consumer protection official Eileen Harrington told the New York Times that how a website will use information it gathers about you for advertising is seldom clearly communicated.

"With rare exception, it is not the rule for any web sites to [make the policies clear],” she said. “It is far more commonplace for them to put the information in the midst of lengthy and hard-to-understand privacy policies.”

FTC member Jon Leibowitz said that if web publishers did not improve then legislation would have to be brought in to force them to make policies clearer.