Security

How To Read A Privacy Policy

By Sydney Butler / October 2, 2018

Every time you visit a website you’ve probably noticed something called the “privacy policy”. This is an official statement by the owners of the website. It describes what sort of information about you they collect and what they do with it once it is in their possession.

These documents are the sort of boring and confusing legal jargon users tend to ignore. We click that we agree or don’t bother reading the document in the first place. Then at some point in the future, there’s a data breach and people are surprised at what was being stored. Alternatively, it might be that the company has been selling user information this whole time.

It causes outrage, but if you had bothered to read the privacy statement you’d know that users were agreeing to this treatment without knowing it. Simply because reading the privacy policy is too much of a bother.

Hiding in Plain Sight

Lady With Binoculars

It’s, of course, no surprise that something as important as a privacy policy would be obscured by confusing legalese and convoluted structures. This tactic has become such a problem in various areas that many nations make contracts signed by those who could not understand them null and void.

It’s also why there is a worldwide drive towards easily understandable legal documents. It’s a slow process, but hopefully, everyone will eventually adopt public-facing legal documents that are plain in language.

That does not mean you should give up on reading or understanding the privacy statements of the services that you use. By doing so you are playing right into the hands of the companies that desperately want your information to profit from it.

It is essential that we all read and understand those privacy statements. At the very least as a way to take responsibility for our choices. I have a feeling that if you read the privacy policies of the services you use at the moment there’s a good chance you’d drop some of them. So how should you read a privacy policy without falling asleep? What should we look out for? These are the questions that I want to answer here.

Look for the Simplified Version

Child Play
More and more companies are doing us the favor of releasing a human-readable, simplified privacy statement that is substantively the same as the bog dense document but is understandable to regular people who aren’t lawyers. Before you try to dig into that mess, first see if one of these easy versions is available.

Use Search to Find Important Words

Privacy statements tend to be long, dense walls of text. I’m happy to see that this is changing. However, companies that make money from your personal information tend to have privacy policies that act as shields against scrutiny.

The way that statements are made in these policies do however fall into common patterns. Which means we can use the good old text search function to quickly find the most important parts of the privacy statement. Unless you have the time to read the entire thing from top to bottom, searching is the best strategy.

Look for Scope-limiting Words

There are certain words that are used in these policies that indicate when the company will limit themselves to certain actions. Word and phrases like “won’t”, “limited to” and “specifically” are found in sentences that tell you the things that they either won’t do or will exclusively do.

These documents tend to use the same phrasing style consistently, so if you find a part of a phrase in sentences that limit the scope, try looking for that same phrase in the rest of the document to quickly highlight this type of rule in the policy.

Start with the Definitions

The words in the document might seem like the ones you already know, but they might be using these with a special meaning. In that case, there should be a list of definitions with these terms explained. Make sure that you understand their definitions and the rest of the policy will immediately make more sense.

Look for Phrases That Make the Scope Bigger

You probably won’t find too much in a privacy policy which specifically limits what the company can do. However, there’s often plenty of languages that introduces ambiguity and widens the scope of what can later be defended.

We should always be wary of overly vague statements. When things are left open to interpretation you can bet the interpretation that doesn’t favor you will win out at the end.

The sorts of red-light words you should look for are “may”, “such as but not limited to”, “in general” and so on. Anything that leaves the door open for them to do things which is not specifically excluded.

Only Look for Relevant Chunks

A good privacy policy will be divided into sections that collect policy rules which relate to each other. For example, there might be a section on aggregating and reselling your data. Another section might discuss your right to have information deleted.

Scan through the subheadings of the document and note the issues that most concern you. Start by reading those sections. If there are deal-breaking red flags in the areas that you care about the most, then you’ve saved yourself reading through the whole thing.

Key Issues To Look For

Justice

Privacy policies can cover a lot of ground in a short span of text. There are so many issues that they have to cover that it’s hard to know which ones actually matter. The good news is that there are only a few key issues you really, absolutely must have the answers to. By using the above methods, try finding the text that will answer the following set of questions.

By answering these key questions you can get a good feeling for the policy and whether its favorable to you or not.

Find a Third-Party Analysis

The last tip I can give you when it comes to making sense of these documents is not to look at them yourself! There are now third-party tools and sites that will analyze and review the privacy policies of the most popular sites and services.

Usable Privacy is one of the better ones. They took human-annotated privacy policies that have been analyzed by law students. Then they trained AI to on those annotations and set it loose on more than 7000 privacy policies. If you’re lucky the policy you want to understand will be in that pile. At the very least, you can learn quite a lot about how to analyze a privacy policy. Just based on these that have already been put through the process.

What do you think about the scary privacy policies out there? Let us know in the comments below. For more interesting picks follow TechNadu on Facebook and Twitter



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari