Sometimes you want to go where everybody knows your name, IP address, shopping habits, browsing history, birthday, mother’s maiden name, and other personally identifiable information. Other times you don’t use the Internet.
Most of us take it for granted that the Web sites we visit collect massive amounts of data about us behind the scenes. If you aren’t aware of this — or if you are, but wish you could keep more of that information private — I can refer you to a little book I wrote on that topic: “Take Control of Your Online Privacy.”
It’s helpful to have greater awareness of who’s collecting what data about you and why. You can do things like changing browser settings, adding plug-ins, and adjusting your preferences on various sites to discover when they track your actions and to reduce (though not eliminate) the endless flow of private information you send out as you use the Web. I talk about all this in my book.
But what about privacy policies? Nearly every commercial Web site has one, and you often have to agree to such a policy (implicitly or explicitly) when signing up for an account. Privacy policies spell out what data the company collects (particularly personally identifiable information), how it’s used, what protections are in place to safeguard it, and so on. Some people mistakenly think that these policies offer some guarantee of privacy or even legal protection. I’d like to disabuse you of that belief in this installment of FlippedBITS.
Sorry to say, but — not to put too fine a point on it — privacy policies by themselves don’t mean diddly-squat.
That’s not to say privacy policies are meaningless, and as I’ll explain in just a moment, I recommend reading them attentively. But don’t mistake a policy for a guarantee.
A policy is just that — a statement about the practices a person or company follows as a general principle. I mean, I have a policy of being honest, but that doesn’t mean I never lie. My library has a policy of charging patrons for overdue books, but sometimes they let it slide. A store has a policy of beating competitors’ prices, but draws the line when someone brings in an ad for a buy-one-get-two-free promotion.
What’s In the Fine Print — I’ve made my point, I hope, that you shouldn’t put too much trust in privacy policies. But you should read them!
Privacy policies are often full of boring and inscrutable legalese, although a surprising number of them are written in something many of us would identify as closely resembling English. They typically include the following:
- What types of information the site collects, under what circumstances, and for what uses. (This may include both general information, such as which browser you’re using, and information that more specifically identifies you as an individual.)
- Whether and how the information is shared with other entities, such as advertisers.
What security measures the site uses to protect your data.
How to opt out of data collection.
You should take the time to read these policies — at least for the sites you visit most frequently — for several reasons:
Second, you could discover something disturbing enough to make you stop using the site. Some privacy policies are quite up front about the fact that the sites collect personal data about you and sell it to third parties. Others do little or nothing to safeguard the personal data they collect. If you’re uncomfortable about that, you can take your business elsewhere.
I tried a few sites (type two characters into the search field to get a long list of sites to browse) and found some interesting results:
- Twitter, the Electronic Frontier Foundation, and Wikipedia got perfect scores — 100 out of 100 — which is not to say that they have perfect privacy.
Wired got a mere 39 — the lowest of any of the sites I checked.