Directing Privacy Policies at Consumers

By John Wagley

01 January 2011

Print Issue: January 2011

ALTHOUGH BUSINESSES are required to have privacy policies posted on their Web sites, the statements, drafted by lawyers, are rarely read by consumers. After at least a year of research, including a series of privacy roundtables, the Federal Trade Commission (FTC) has concluded that in significant ways, privacy policies “are broken,” Maneesha Michal, an FTC associate director, told attendees at a recent conference on the issue, sponsored by the Online Trust Alliance.

To fix the problem, the FTC wants to make privacy statements shorter and more understandable and to focus on growing consumer concerns about online data sharing, she said. A simple statement could tell users whether data would be shared with data brokers or marketers, for example.

Preferably, such notices would be available on a Web site near the data to be shared, she said. In many cases, when a consumer wants to make an online purchase, for example, “they aren’t going to spend 10 minutes reading a policy” first.

But at least one speaker was skeptical of a quick fix, noting that online data sharing is complex and constantly evolving. For example, it can be difficult to be sure what happens among all of the third parties, as was evident in a recent controversy involving the third-party sharing of user Web browser data obtained through flash-based cookies.

Some panelists said companies could improve their privacy policy presentations through a layered approach, providing basic information with guidance on where to find more in-depth language.

By clarifying the policies, companies can reduce the risk of legal or regulatory trouble, said one panelist, Lydia Parnes, a partner at the law firm Wilson Sonsini and a former FTC official. There can be other bottom line benefits as well.

Another speaker, Linda Woolley, executive vice president of government affairs at the nonprofit Direct Marketing Association, discussed what some companies, such as AT&T, are doing to make privacy policies more accessible. She noted that AT&T highlights changes to privacy-related policy by having updates scroll along one side of the screen.

AT&T also has employees explaining privacy policies in plain English in online videos. In addition, the policy has been streamlined so that the written explanation is far shorter.

Making policies simpler is necessary due to the growing popularity of smart phones, said a few panelists. “Even someone very interested in privacy wouldn’t want to scroll through those small screens,” said Parnes.