Privacy policies are not something I am intimately familiar with, but this seems like a problem that could be solved in a similar way to licensing open source software.
When I look at using a piece of software I quickly jump to the license, if it is BSD or similar I typically jump right in. I don't even have to read the terms because I know the BSD license. I would love to have a similar system for privacy licensing on various online services. Is there anything like this out there?
I just wanted to say that. The web needs a clear privacy policies scheme similar to f.ex. CC with clear guidelines, and even maybe fancy logos like the CC ones. You take a glance at the image, click to see the text version for details and your done.
p3p [http://www.w3.org/P3P/] was based on similar intuitions. If there were a small number of frequently used policies, you could take things one step further to formally describe these policies and even build software to help negotiate: what information are you willing to share given this policy?
It turns out that privacy policies were too subtle and varied and hard for people to understand for this to work.
I'd like to see the numbers for licenses in general (and particularly accounting for how often various sites' licenses change). I've written before[0] about how Apple's iTMS policy is long and frequently updated and that they clearly have no expectation that you'll actually read it or even be able to.
That's a ridiculous statistic purely contrived for a sensational headline. If you want to a more reasonable measure than you should count the number of sites where users are giving personally identifiable information. Those are the sites where policies should be read and that will be a much smaller number.
Given that, I do think privacy policies can be more concise, but that likely won't happen with out some sort of tort reform. Policies are long because businesses need to cover all of their bases in a litigious society.
IP addresses are circumstantial evidence for identifying a person (particularly when combined with timing and correlated with other sites, as is easy for large ad and social networks to do); it's somewhat difficult to use the web without disclosing your IP.
(Also, I feel obliged to point out your interest in this matter. You work for IAPP, which, as far as I can make out, is an association of people on the corporate side of privacy compliance.)
Do you read all the privacy statements of sites that you give personal information to? Every site gets at least your IP address, which has been used in courts to identify people (albeit in a flawed and usually incorrect way). There is a vast amount of information that each of us gives away every time they are on the internet. What we read, what we buy, what interests us, who we talk to, what we say, where we are and much more can be gathered by websites. What sites and companies do with this information varies. Legal contexts vary state to state, nation to nation (some are completely laissez-faire to very protective of users).
The article makes an accurate point about privacy being almost incomprehensible and near impossible to fully understand because of the depth and volume of privacy statements. The article's point is backed up with numbers. How can it be reasonable when the quantity of reading required to have a basic understanding of what sites say they won't do with your information is "too much"?
That would just be ruled unconscionable by a court anyway, but I agree in principle that the whole practice of "by using our website you agree to these umpteen pages of small print" is silly. Browsing a website shouldn't require any terms of service (obviously submitting data is a bit different).
When I look at using a piece of software I quickly jump to the license, if it is BSD or similar I typically jump right in. I don't even have to read the terms because I know the BSD license. I would love to have a similar system for privacy licensing on various online services. Is there anything like this out there?
Seems like it would not be very hard.