Who Reads those Privacy Policy Statements on Websites? NAI Does!
In a recent post “Transparency Should Be the New Privacy,” on the IAPP Blog “Privacy Perspectives,” Richard Beaumont writes: “The privacy policy is the document on any website least likely to inform the visitor in any meaningful way…The reality is that the privacy policy is designed to protect the owners in the case of a dispute—which is what most legal documents are designed to do.
Beaumont calls for a new solution in order to simplify privacy policy statements so that they are understandable to the consumer: a “transparency policy” or “transparency statement” – a concise clear statement that is easy to understand. He writes, “It will be the basis on which the website will set your expectations for how you and your data will be treated….Transparency statements could be the vehicle to enable the majority of people to make better-informed choices than they currently do and use a truly market-driven approach to online privacy practice.”
In a comment posted on Beaumont’s blog post, NAI President Marc Groman wrote about the practical challenges of implementing such a solution:
“When it comes to the need for more transparency, you won’t get an argument from me. Amen! But as a person who has both drafted privacy policies and enforced privacy policies on behalf of the FTC, I am having a difficult time understanding how this would be implemented in practice. I don’t have an issue with the concept or philosophy behind your thoughtful proposal for a plain and simple transparency statement, but I don’t follow how it would play out and balance the multiple objectives set out in your post.”
Marc also pointed out that, while privacy policies are often not drafted with the goal of informing the general public, they do serve a valuable purpose:
“First, they often force a company to review its business model and data practices as part of the very exercise of drafting the privacy policy. Second, we [NAI] require our members to include specific information in their policies such as retention schedules for data and links to an opt-out mechanism. Third, privacy policies are reviewed by regulators, academics and self-regulatory compliance programs like NAI. This allows those stakeholders to compare practices and representations made by different entities.”
While consumers may not read privacy policies, NAI does! As Marc stated in his comment:
At NAI … not only do we read every word of hundreds of privacy policies every year, we have developed in house a privacy policy scanner that reviews every NAI members’ privacy policy every business day for changes. The scanner identifies every revision to every privacy policy and then our team of attorneys look at those changes to help identify potential compliance issues… it is incredibly useful for both our compliance program and our members.
What do you think about transparency policies? We invite you to engage with us on the subject as more transparency is good for everyone.