“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Gary Kibel, a partner in the digital media, technology and privacy practice group at Davis + Gilbert.
Since the early days of the internet, when federal regulators expressed concern that consumers did not understand what data was being collected about them online and how it was being used, companies have been drafting privacy policies.
The guiding principle for these privacy policies has always been the Federal Trade Commission’s (FTC) prohibition on “unfair or deceptive acts or practices.” That meant drafting a policy that was thorough and comprehensive, yet clear and easy for a consumer to digest. An early California law and behavioral advertising self-regulatory principles required certain specific disclosures, but overall, the FTC standard was vague enough to give publishers flexibility in how they structured their disclosures.
But then more regional regulations emerged, leaving consumers more confused and forcing companies to address multiple regulations simultaneously.
The US Constitution is only 4,543 words. Most privacy policies from large portals dwarf that already. It would take a consumer quite some time, perhaps more than an hour, to read some of these privacy policies. And imagine trying to read a lengthy policy on a mobile phone. The reality is that no consumer will read these disclosures. The only parties likely to read such lengthy privacy policies are regulators and class action plaintiff lawyers.