It’s no surprise why consumers don’t read them. Assuming that a consumer cares about privacy and assuming that they think about reading a policy before submitting information online, privacy policies read like mini legal treatises. They refer to technology that may be hard to understand (e.g., what is a clear gif?), and subtle but significant differences that might not be obvious to some consumers (e.g., what does it mean to share data for “joint marketing with a third party,” but not for a third party to market themselves?).
There was some agreement as to the reason policies tend toward being long, convoluted, and legalistic. Privacy practices are complex and plaintiffs’ attorneys and regulators can be unforgiving. For example, a company that does not intend to sell, rent, or share information, may want to simply say that to consumers using those eight words “we do not sell, rent or share information.” The truth is, however, that there are no definitives when it comes to information. If the company has service providers (as most companies do), it inevitably shares information with consultants, lawyers, product fulfillment companies, etc. If a company receives a subpoena (which any company could), it may have to share information with the government. If the company is acquired (which many companies are), it will sell the information to the acquirer. If the company is sued, it may have to share the information with a plaintiff. The eight word statement, suddenly becomes a 100 word list of exceptions and exclusions to ensure that a company is not accused of deception by carrying out normal (and in most cases unavoidable) sharing practices.
The net result is that the precision that the plaintiff’s bar and some regulators have demanded, forces companies away from brevity and toward legalese. The end result is a precise policy that no consumer has the time (or attention span) to read.