If I were to ask, “Would you rather be punched in the face or stabbed in the back?” I’m guessing that you would be hard pressed to answer because I’m seeking consent for something without providing a meaningful choice.

Similarly, when a company requires consent to its online privacy policy in exchange for a consumer’s ability to use and interact with the company’s website that extend beyond what a reasonable consumer considers meaningful, the company runs the risk of unnecessary and burdensome litigation that, in some cases, may damage their brand exponentially.

Take Google for instance. This past March, the company enacted a privacy policy that enabled the search engine giant to collect an individual’s data across various online platforms whether by Gmail, YouTube or search engine. Advocacy groups argued that the policy gives users no choice but to stop using Google services if they want to avoid having their every online move monitored. The policy fails to provide users information on what personal data is collected, how it will be used and for how long the company will retain the data.

European Union regulators are threatening legal action if Google doesn’t roll back its privacy policy and they are giving Google until the end of the year to comply with their demands to provide more transparency about their policies. Some speculate that other countries, including the U.S., will follow suit if Google doesn’t comply.

Since the news broke abroad, Google’s stock prices dropped from $755 to $675. Whether the EU news and its big brother privacy policy had something to do with this, it’s hard to say. However, anytime privacy policies are so broad that they can’t be simply understood by those who use the services provided, consumers and government regulators may take action and your brand may be collaterally damaged.

Another interesting case in the UK involves Spreadex, a company that, as its name suggests, takes bets on the movements in prices of various commodities including gold, silver and crude oil. A Mr. Cochrane visited the site in October 2010, filled out the customer account information and was directed to the site’s “Customer Agreement.” He agreed to the terms and hit the “submit” button. He began trading a few weeks later, and explained what he was doing to his girlfriend’s son. He left his computer screen open and, you guessed it, the boy thought he was playing a game for fun and made a series of online bets setting Mr. Cochrane’s account back more than 50,000 pounds.

Spreadex wanted to cover those bets and requested that a court rule in Spreadex’s favor taking the position that Cochrane had no arguable defense because he agreed to be bound to the terms of the Customer Agreement. When the judge reviewed the document, he was faced with 49 pages of small  print and complex legal terms and stated it was impossible to read, let alone understand the implications of the agreement.

As a result, Spreadex took a hit in London newspapers and agreed to revisit its privacy policy to make it more relevant to its users.

Companies work hard to protect their brands yet often fail to understand how their bloated and over-reaching privacy policies can alienate the customers who make their brands relevant.