These documents are the sort of boring and confusing legal jargon users tend to ignore. We click that we agree or don’t bother reading the document in the first place. Then at some point in the future, there’s a data breach and people are surprised at what was being stored. Alternatively, it might be that the company has been selling user information this whole time.
Hiding in Plain Sight
It’s also why there is a worldwide drive towards easily understandable legal documents. It’s a slow process, but hopefully, everyone will eventually adopt public-facing legal documents that are plain in language.
That does not mean you should give up on reading or understanding the privacy statements of the services that you use. By doing so you are playing right into the hands of the companies that desperately want your information to profit from it.
Look for the Simplified VersionMore and more companies are doing us the favor of releasing a human-readable, simplified privacy statement that is substantively the same as the bog dense document but is understandable to regular people who aren’t lawyers. Before you try to dig into that mess, first see if one of these easy versions is available.
Use Search to Find Important Words
Privacy statements tend to be long, dense walls of text. I’m happy to see that this is changing. However, companies that make money from your personal information tend to have privacy policies that act as shields against scrutiny.
The way that statements are made in these policies do however fall into common patterns. Which means we can use the good old text search function to quickly find the most important parts of the privacy statement. Unless you have the time to read the entire thing from top to bottom, searching is the best strategy.
Look for Scope-limiting Words
There are certain words that are used in these policies that indicate when the company will limit themselves to certain actions. Word and phrases like “won’t”, “limited to” and “specifically” are found in sentences that tell you the things that they either won’t do or will exclusively do.
These documents tend to use the same phrasing style consistently, so if you find a part of a phrase in sentences that limit the scope, try looking for that same phrase in the rest of the document to quickly highlight this type of rule in the policy.
Start with the Definitions
The words in the document might seem like the ones you already know, but they might be using these with a special meaning. In that case, there should be a list of definitions with these terms explained. Make sure that you understand their definitions and the rest of the policy will immediately make more sense.
Look for Phrases That Make the Scope Bigger
We should always be wary of overly vague statements. When things are left open to interpretation you can bet the interpretation that doesn’t favor you will win out at the end.
The sorts of red-light words you should look for are “may”, “such as but not limited to”, “in general” and so on. Anything that leaves the door open for them to do things which is not specifically excluded.
Only Look for Relevant Chunks
Scan through the subheadings of the document and note the issues that most concern you. Start by reading those sections. If there are deal-breaking red flags in the areas that you care about the most, then you’ve saved yourself reading through the whole thing.
Key Issues To Look For
Privacy policies can cover a lot of ground in a short span of text. There are so many issues that they have to cover that it’s hard to know which ones actually matter. The good news is that there are only a few key issues you really, absolutely must have the answers to. By using the above methods, try finding the text that will answer the following set of questions.
- What information, exactly, is collected and stored by the company or site?
- Which third-parties, if any, do they share the data with and what is it used for?
- What will it take for them to hand your info to the authorities?
- Will they notify you if a demand for your data is made?
- What types of data are collected specifically?
- Which country’s laws to they fall under?
By answering these key questions you can get a good feeling for the policy and whether its favorable to you or not.
Find a Third-Party Analysis
The last tip I can give you when it comes to making sense of these documents is not to look at them yourself! There are now third-party tools and sites that will analyze and review the privacy policies of the most popular sites and services.