Readability of Internet Privacy Policies

By Dr. Annie I. Antón and Gurleen Kaur

Erik Sherman’s September 4, 2008, BNET blog post, Privacy Policies are Great — for PhDs, analyzes the readability of common Internet privacy policies including Google, Microsoft and Yahoo.  His study supports the findings, published by ThePrivacyPlace.Org researchers in IEEE Security & Privacy.  Our studies showed that privacy policies are inaccessible to the very end-users they are intended to inform. 

Our first study, published in 2004, analyzed 40 online privacy policy documents from nine financial institutions to examine their clarity and readability.  Our findings revealed that compliance with existing legislation was, at best, questionable.

Our second study, published in 2007, analyzed 24 healthcare privacy policy documents from nine healthcare Web sites both pre- and post-HIPAA (Health Insurance Portability and Accountability Act).  Our findings revealed that HIPAA’s introduction has led to more descriptive privacy policies, but many remain difficult to read.

Last month, ThePrivacyPlace published an empirical study in IEEE Transactions on  Engineering Management that reveals that users perceive traditional, paragraph-form policies to be more secure than other policy representations, but that user-comprehension of paragraph-form policies is poor in comparison to other policy representations.  

Comments are closed.