How to Decode Privacy Policies: A Primer

Read some advice on decoding privacy policy language before you click "Approve" on the next set of privacy policies you come across.

You were swamped all day at work, and now making dinner is staring you in the face.

You’re tired, your family is “starving.”

So you go to the restaurant’s website to order carry out, but you’re slowed down by needing to install yet another app to order carry out from them.

Then there it is: the legalese, the permissions. You click “accept” again and again without a thought, just the sound of your stomach growling.

One of those things you probably agreed to in a rush was the app’s privacy policies. Only recently have companies been required to show you their “Privacy Policy” that describes how they’ll handle your data. They may even give you a chance to limit what they can do with your data.

But they’re not just being nice when they do. The primary purpose of privacy policies is to shield companies from legal action. The result is long, boring, complicated policies filled with impossible-to-read legal gobbledygook designed to get you to click the “ACCEPT” button without thinking.

Privacy Policies 101

In the moment, getting some dinner takes precedence over reading a policy. But what’s at stake is your data and your privacy. Parsing through an average privacy policy can feel like an insurmountable task, but keep reading. We’ve simplified it for you!

If you feel like you don’t have any control over your data, you’re not alone. In fact, four out of five people surveyed recently think they have no control over the data collected about them.

But we have more control than we might think. We just need the knowledge to decode the secrets hidden in many privacy policies. That’s the point of this article.


Download Your Free Data Privacy Week 2021 Toolkit!

Take Data Privacy Day on Jan. 28, 2021, to another level with a week's worth of resources in our Data Privacy Week toolkit!

Get My Toolkit

Privacy Policies’ Hidden Secrets

Most privacy regulations require companies to disclose:

  • Types of information collected
  • Purposes of collection and use
  • How data is collected, like cookies or other tracking technology
  • The effective date and validity of the privacy policy
  • Possible policy changes and how you’ll be notified if they occur
  • What, if any, control you have over data processing
  • Security measures that protect information
  • What third parties have access to the information, and how they use it
  • Terms of sharing your information with governmental agencies
  • The people accountable for the organization’s privacy practices and their contact details

That’s a lot to wrap your head around. The challenge for the average consumer is that these disclosures are written by lawyers, and “legalese” is as hard to understand as something written by visitors from outer space.

On top of that, some policies are so involved they contain as many words as you’d find in the chapter of a novel. Facebook’s privacy policy takes about 18 minutes to read. That’s pretty typical when compared to other big companies.

Deciphering Words that Matter

So how do you navigate the sea of privacy policies encountered every day without drowning?

Thanks to certain requirements in laws like the EU’s GDPR, privacy policies may be getting shorter and easier to read, but for now knowing a few important keywords can help.

Use your computer or phone’s “Find on page” function to search for these keywords. Think of these like clues in the mystery of what exactly Big Data Corp plans to do with your personal data.

Keyword What it Most Likely Means
Third Parties Your data is going to be sold to other companies, probably a data broker. These companies collect online data and sell it to pretty much anyone interested in learning more about customers, voters, students, and consumers … like you. It’s legal, but not always honest.
Except Whatever the policy just said, doesn’t matter. It’s not uncommon for companies to say they won’t sell your data, “except under certain circumstances.” Those exceptions probably make all the difference.
Such As This sneaky term is used when companies want to give you a few examples, but not the complete picture. It might as well mean “whatever we want.”
Retain This tells you how long a company will keep your data. Companies should only keep your data for as long as you’re their customer. If longer, they’re mining your data.
Delete If the company gives you options to delete your data, they’re showing some respect for you. If they don’t, they’re acting like they own your data, not you.
Date Check the date the policy was last updated. If it’s recent, the company is taking your privacy more seriously. If not, they might not deserve your trust.
Control This might be the most important word to find because it indicates your options in determining how your data is treated. Many companies have privacy settings, but they aren’t always turned on by default.

What Can You Do, Really?

Based on what you find, you might want to act. Consumers may have limited options, but they’re far from powerless.

Take your business elsewhere

Nearly half of consumers have already ditched companies because of their data policies. You can too. Reward companies that do privacy right with your business. When you do, we might help encourage entire industries toward a more ethical future.

Take control

If a company provides options to do things like consent, opt-out, adjust privacy settings, or delete your data, you should take advantage of them. These tools aren’t helping you if you don’t use them. Get in the habit of checking each website’s or service’s options when you sign up.

Be picky

Every bit of data about you is valuable. Think twice before you share anything online. The less data about you out there, the fewer chances it can be used unethically. Even a simple Facebook survey can lead to scandal and disruption.

Speak up

If you see something weird or alarming in a privacy policy, say something. Your online voice can matter more than you think.

Many companies are obsessed with their image and constantly monitor social media for chatter about them, good and bad.  Change only happens when everyday consumers put pressure on companies to do the right thing and treat them like people … not ones and zeros.


Download Your Free Data Privacy Week 2021 Toolkit!

Take Data Privacy Day on Jan. 28, 2021, to another level with a week's worth of resources in our Data Privacy Week toolkit!

Get My Toolkit

Share this Post