How to View the Privacy Policy

Posted on by

You just downloaded the most popular new app, and now you need to flip through the placeholder text pages before you can use it. Who has time for all this? Even privacy and security-minded people review the app’s Terms of Service frequently, and for good reason. Researchers at Carnegie Mellon calculated that it would take a whopping 76 business days to review all of the privacy policies met in a year, and that was back in 2008!

While you shouldn’t feel obligated to read the privacy policies of your apps and services word for word – boring! – there are a few more key criteria that you should pay attention to when viewing skimming. Yes, skimming; you should not completely ignore this privacy policy because it is important to know what is happening with your data (or with it).

Shorter privacy policies aren’t always better

Thanks to the GDPR and CCPA , a number of companies are starting to write their privacy policies in an easier to-understand language. Some even focus on things like collecting, storing, using and sharing data, but that doesn’t always help keep them concise.

Whitney Merrill, privacy and data advisor at Brex, said long privacy policies aren’t necessarily bad. “If people see something very long, they think, ‘My God, you are doing all these bad things! “But it can also mean that you are very transparent about everything and trying to explain what is going on,” she said.

In other words, don’t give a free company pass with a short privacy policy, and don’t ignore an overly long privacy policy – in this case, thoroughness isn’t the worst thing in the world.

Look for conciseness, updates and callbacks

If brevity isn’t necessarily an indicator of the best privacy policy, then what? Privacy policies that use easy-to-read language or contain clear and concise summaries are at least an indication that the company is trying to communicate in a way that users can understand. Knowing when the privacy policy was updated is also a good sign. (GitHub even describes changes to its privacy policy in its site policy repository .)

Merrill likes Apple’s privacy page , which explains its values ​​and privacy principles. And, as she noted, Apple has an image of two little blue men shaking hands, which appears during the process of registering and copying them. This same icon appears on iOS and macOS whenever Apple apps ask you to use your personal information in any way.

“Every time you see them, it means that they are going to talk about data, data use, data exchange or data collection,” she said.

In some areas, Apple will even provide links or refer to its policies to provide more information on what is collected and how it is used. “I think this is also very useful because one of the problems is that when you give permission to something, you really don’t have the context to understand what it is being used for,” she said.

At the end of the day, you may not have to dig deeper into the privacy policy.

Fred Jennings, GitHub Junior Corporate Advisor (who asked for clarification that he did not provide legal advice and did not act as a GitHub attorney when he spoke to us), points out that the level of review you give to the privacy policy may depend on what you’re using an app or tool. “Before you start reading the policy, the main question is: what data do I transfer to the service and how confidential is it?” he said.

For example, a photographer who is concerned about copyright may pay more attention to photography tools policy than one who simply posts amateur food photos to Instagram, and a business owner may be looking closely at cloud-based file sharing or storage services.

Wide can be bad

Some companies design terms that are very lenient (for themselves), often because their lawyers want to cover all possible scenarios. In some cases, companies don’t actually use the data you provide, but they want to be able to do so in the future without the bad press that companies sometimes get when they change their privacy policies (or the hassle of getting everyone’s consent again). However, it’s hard to tell if companies intend, for example, to take advantage of the copyright that you subscribe to your own user generated content, or if they are including that as a language in their policies just in case.

“The language used in this privacy policy is often intentionally ambiguous,” said Jen King, director of consumer privacy at Stanford Law School’s Internet and Society Center. For example, many forms say they “can” or “could” or “could” do certain things, making interpretation difficult.

When in doubt, it is best to assume that companies are or will soon be doing exactly what they reserve the right to do in their policies. Whether or not this is an obstacle for you depends on what you use their services for. Some areas you might want to look at when scrolling through the policy include sections describing what data the company collects and how it shares and stores that data, Jennings said.

Data collection

An excellent privacy policy sets out what information the company collects about you. This may include your name, address, social media data, IP addresses and other unique identifiers, GPS information, etc. This data may also be combined with information that the company collects from third parties.

In addition to your personal information, there is also the issue of content that you create using the company’s apps or services. Pay attention to whether the company is licensed to simply publish your images or other content to third parties, or is claiming more ownership. If a photographer plans to publish an image on a photo sharing site, but may also want to sell it elsewhere at a later date, the publisher may want to know if any other person is entitled to publish the work. “If I have to delete my account to say that I have not published it anywhere else, I would still like to know if this data is provided to the company on an ongoing basis, even after I delete my account.” Jennings explained.

Start by hitting Ctrl + F and searching for “ownership” to find out what rights and what license the company gets for your creative work: ownership, perpetual (perpetual or perpetual are legal keywords that are sometimes used to explain how some, how long something has been kept), globally or at your own discretion. Once you find the section you want, take the time to read it thoroughly.

Data exchange

“One of the number one things I look for when I go through them is if I can determine if they are selling my data,” King said. Here again declarative statements are appropriate. “Sometimes you find a privacy policy that has a company position on this and they just say clearly that we don’t sell or share your data with anyone.”

But even companies that insist they don’t sell your data are not doing enough, because “sharing” can be just as bad. And apps that say, “We only share with our affiliates,” may do so in a broader sense than you might imagine. For example, Match Group, Inc owns Match.com, also owns Tinder, OkCupid, and PlentyOfFish, and OkCupid users may not know their data is being shared by Tinder. In addition, even if you trust the organization’s data sharing policy with which you want to share information, the organizations with which it shares may have different policies.

Look for the words collect, share, and affiliates.

Data exchange also includes the exchange of information with the government. “If this is some place where I store more personal data, I might be curious about phrases like ‘lawsuit’ or ‘law enforcement,’” Jennings said. Disclosure can also be helpful.

Data store

Control-F for phrases such as “store” and “encrypt” to find information about how the company stores your data on its servers, and search for “delete” or “retention” to see what you can learn about how long it keeps your data. Information.

Unfortunately, data storage information is often vague and opaque, and companies suffer from so many security breaches that it is difficult to keep track of them. Even if you are comfortable with the privacy policy, protecting your data requires additional measures in addition to trusting the company that stores it:

  • Consider giving applications only the information they need to run. Adding data in excess of what is required does not always provide many benefits. For example, a period tracking application only needs the date and time to run; he doesn’t need the names and dates of birth of your sex partners.
  • Be sure to use unique, strong passwords for your accounts so that if your password is compromised, only one account is affected.
  • Use a security key (like Yubikey) or an app like Google Authenticator or Authy in addition to your multi-factor authentication password.

Additional Resources

The widespread reports of what Facebook is doing with your data have been completely debunked , but there are several useful resources to be found on the Internet. While Guard is still in its infancy, it is an artificial intelligence service that reads privacy policies and alerts users to privacy threats in the digital services they use.

The EFF also has a Who Supports You ? Report that does the hard work and violates the transparency of companies in communicating government removal requests based on platform policy violations and legal requests, and having a notice and appeal process for removing and suspending content. , among other things.

More…

0
Privacy

Leave a Reply