On Making Privacy Policies More Simple and User-Friendly
David Vladeck, while he was heading up the FTC's Bureau of Consumer Protection, frequently railed against the current generation of consumer-facing privacy policies, and he has data to back him up: Consumers just don't read or understand the things.
Much has been written about the failure of many privacy policies in the way they have been implemented. Most, it seems, have been written by lawyers (disclosure: I am one) and seem only to exist for either the mandatory requirement to have a policy or to throw everything in the policy in the event plaintiff lawyers start calling—“you can point to page 3, paragraph 3(c)I … that explains everything.”
There even seems to be confusion about whether they should be called privacy policies or notices.
But semantics aside, a new, very different group of consumer-facing privacy policies are starting to emerge. It may have started with U.S. government legislation requiring federal websites to incorporate plain-language techniques into all new and updated pages. Banks in the U.S. have started experimenting with simpler documents, including the use of tables, to make information easier to find and understand.
And business is also doing its part, possibly to connect better with its customers.
In another example, the BBC’s website incorporates humor into its cookie explanation page with an image of smiling people eating cookies. How can you not smile and have a good feeling about any organization that can do this?
I'm sure that I've missed many great examples of how organizations are rethinking how to connect with their users and make these required policies part of their branding message and less of just a legal requirement, but these examples might help to give you some ideas and motivate you get started on rewriting your own.
About the Author
Allen Brandt, CIPP/US, CIPP/E, CIPM, is corporate counsel, data protection and privacy, and chief privacy official for GMAC, which owns the Graduate Management Admission Test (GMAT), an exam delivered to prospective graduate business students in 111 countries worldwide. He provides legal guidance and counsel on U.S. and domestic consumer privacy issues, creates data protection policies and procedures, responds to privacy inquiries and leads the privacy training program. In addition, he monitors compliance with the council’s marketing programs and oversees the filing of international data processing applications and notices.
Brandt is a member of the California and Missouri Bars and is a Virginia corporate counsel.