Business Daily Media

Men's Weekly

.

Should online users be bound by their privacy agreements?

  • Written by Samuel Becher, Associate Professor of Business Law, Victoria University of Wellington
image

The political economy of digital capitalism[1] is largely premised on a new exchange: individuals enjoy cheap or free services and goods in exchange for their personal information[2].

Put simply, individuals often pay online, consciously or unintentionally, with their data and privacy. As a result, companies hold a vast amount of information on consumers[3], and consumers allegedly agree to that practice. But as our research[4] shows, online privacy agreements are largely incomprehensible.

Read more: Why are Australians still using Facebook?[5]

Regulating privacy

Privacy issues are becoming more and more salient, in part due to enormous privacy scandals. Perhaps most conspicuously, a massive public protest erupted in response to the Facebook-Cambridge Analytica data scandal[6]. In this case, the data of millions of people’s Facebook profiles was harvested. Facebook’s CEO, Mark Zuckerberg, testified[7] before two US senate committees about the company’s privacy practices.

Read more: Why you should talk to your children about Cambridge Analytica[8]

Privacy is now also at the forefront of policy making. The most systematic legislative attempt to make more order in the messy world of privacy is the EU General Data Protection Regulation (GDPR[9]). It comes as no surprise that European legislature was breaking the ground in this realm. The EU is known to have a strong focus on citizens’ rights[10]. It is committed to data protection, and to consumer protection[11] more generally.

The GDPR came into force[12] in May 2018. Its primary objective is to level the playing field and give individuals more control over their personal data. The GDPR also aspires to force companies to be more transparent around data collection and more cautious about its usage.

Clear and plain language

Another interesting aspect of the GDPR is its requirement to clearly communicate privacy terms to end users. In this respect, the GDPR requires companies to use “clear and plain language[13]” in their privacy agreements.

Making privacy policies readable may bring about a few notable benefits. For starters, drafting readable policies better respects users’ autonomy. Beyond that, readability can contribute to better comprehension of legal texts. This, in turn, can make such texts more salient, leading companies to draft more balanced terms.

But does this indeed materialise? In our study[14] (with Professor Uri Benoliel from Israel[15]), we examined whether, half a year post-GDPR, companies present users with online privacy agreements that are readable. We applied two well-established linguistic tools: the Flesch Reading Ease test[16] and the Flesch-Kincaid test[17]. Both tests are based on the average sentence length and the average number of syllables per word.

We measured the readability of more than 200 privacy policies. We gathered these policies from the most popular English websites in the UK and Ireland. Our sample included policies used by companies such as Facebook, Amazon, Google, Youtube, and the BBC.

We had good reasons to be optimistic. The GDPR receives a lot of attention. It employs harsh penalties, which can presumably serve as effective deterrence. Additionally, the cultural convention is that Europeans generally tend to be compliant and law abiding[18].

But we were disappointed. Instead of the recommended Flesch-Kincaid score of 8th grade for consumer-related materials[19], understanding the average policy in our sample requires almost 13 years of education. Almost all the privacy policies in our sample, about 97%, received a higher than recommended score.

Readability remains a challenge

The European legislature thought that using plain language in privacy agreements can be part of a better, holistic approach to users’ privacy. We believe this is an idea worth exploring.

While not a magic bullet, readability can prove to be important for users’ privacy. But despite the GDPR’s requirement, European citizens still encounter privacy policies that are largely unreadable.

Does the GDPR just bark, but not bite? While it is perhaps too early to say, we located 24 websites in our sample that included their privacy policies as drafted pre-GDPR. We then measured their readability. The results show that current privacy policies are only slightly more readable than the older ones.

This may offer some lessons. Most notably perhaps, good intentions and extensive legislation may not suffice. Merely having a general, vague law is not likely to yield the anticipated change.

References

  1. ^ digital capitalism (www.amazon.com)
  2. ^ exchange for their personal information (www.hbs.edu)
  3. ^ a vast amount of information on consumers (www.stuff.co.nz)
  4. ^ our research (papers.ssrn.com)
  5. ^ Why are Australians still using Facebook? (theconversation.com)
  6. ^ Facebook-Cambridge Analytica data scandal (www.bbc.com)
  7. ^ testified (www.washingtonpost.com)
  8. ^ Why you should talk to your children about Cambridge Analytica (theconversation.com)
  9. ^ GDPR (eugdpr.org)
  10. ^ citizens’ rights (www.eesc.europa.eu)
  11. ^ consumer protection (ec.europa.eu)
  12. ^ came into force (www.zdnet.com)
  13. ^ clear and plain language (www.cmswire.com)
  14. ^ our study (papers.ssrn.com)
  15. ^ Professor Uri Benoliel from Israel (clb.ac.il)
  16. ^ Flesch Reading Ease test (www.readabilityformulas.com)
  17. ^ Flesch-Kincaid test (en.wikipedia.org)
  18. ^ compliant and law abiding (www.npr.org)
  19. ^ 8th grade for consumer-related materials (contently.com)

Authors: Samuel Becher, Associate Professor of Business Law, Victoria University of Wellington

Read more http://theconversation.com/should-online-users-be-bound-by-their-privacy-agreements-112301

Minns Labor Government shutting down the Business Connect program

The NSW Opposition is concerned that the Labor government will shut down a support program that has assisted New South Wales businesses. In a media ...

Samsara Eco appoints Dr. Lars Kissau as General Manager for Asia

Australian biotech innovator Samsara Eco has announced the appointment of Dr Lars Kissau as its first General Manager of Asia. Based in Singapore...

From the first bounce to the final siren - small business lessons from the AFL Grand Final

The AFL Grand Final is one of the most anticipated days on the sporting calendar. This Saturday, the Geelong Cats and Brisbane Lions will battle i...

Australia’s top finance leaders recognised as CFO role expands

Amid surging regulatory demands and rapidly evolving industry, Australia’s most influential Chief Financial Officers will be honoured at the inaug...

Why outdated security leaves small businesses exposed to crime

Small and medium businesses in Australia are under increasing pressure to address security gaps that criminals readily exploit. An unlocked door, an...

Why it’s time telcos rethink location and put customer experience first

Maurice Zicman, Vice President - CX Strategy at TP in Australia unpacks why the telco industry must rethink old assumptions and focus on digital-f...