Making web privacy policies more transparent
At least once a year, banks and insurance companies will send you a consumer privacy notice that includes a simple chart showing how your information is shared and what controls you have over this data sharing.
It looks something like this:
To be perfectly honest, I usually just throw them in the trash without giving them much thought, but the last couple privacy notices I received in the mail got me thinking: Why can’t web privacy policies be like this? Why can’t we create a simple chart that shows how your data is being used and what you can control?
Privacy policies are an often overlooked but very important piece of transparency within your consumer relationships. After incidents like Facebook/Cambridge Analytica, web property owners now more than ever should be focused on data security and transparency.
And I suggest we take a page from banks.
The privacy policy notices you get from your bank are regulated by the FDIC. Website privacy policies are very different, as summarized by this post. While there are specific details web privacy policies should include, they will look very different from site to site.
My biggest issues with website privacy policies is they’re not easy to read. It’s a lot of text – often legal or tech jargon, not natural language – and they take time to dig through to actually find what you’re looking for.
The bank where I pulled the above image had a web privacy policy that was actually fairly easy to read, however, it was missing some important details.
The page was running Google Analytics scripts but there was no mention of this in their web privacy policy. There is a general section about cookies and beacons with some basic information on disabling cookies in your browser, but nothing more.
I came across sites that were much worse. Some were running advertising and remarketing pixels and did not even disclose this in their web privacy statement, let alone mention they are collecting aggregate traffic metrics through Google Analytics.
Web visitors should not only be aware of what data is being collected and how data is being shared but also be in control of that collection and sharing. And while actually placing the information in the privacy statement is a great first step, I suggest we take this a step further and arrange it in a simple table with easy to understand language.
Transparency is key to building relationships. The more we can educate consumers and help them understand what data is being collected and how it’s used, the better.