GUEST ESSAY: Few consumers read privacy policies—now tools can do it for them

When was the last time you read an online privacy policy in its entirety? Maybe never?

Yet our world has evolved online. We have an average of 67 apps on our mobile phones, seven social media accounts and over 120 online accounts. But these accounts aren’t just about networking and gaming.

Related: What happened to privacy in 2021

The COVID crisis forces us to work remotely. Our children are now taking online classes. Financial, health, home security, governance and all other mission critical services are now delivered online. The question is at what price?

All of these activities leave a massive digital footprint that includes our private data. With the prospect of the metaverse and other fully immersive online worlds, our data becomes us. Any misuse of this data may have consequences that are incomprehensible to us.

Each time we subscribe to an online service or install a mobile application, we are presented with a document that explains in detail how our private data will be treated. This document is called a privacy policy. We are expected to read the privacy policy before continuing to use the app or service.

Few people care. A few years ago, a small business in Iowa added a clause to its privacy policy offering a $1,000 reward to anyone who contacts it. Five months and 3000 users later, they received their first call. Over 96% of all internet users have never read a single privacy policy text.

And why should they? Privacy policies are long documents averaging 2500 words, written in legal language. The New York Times did an experiment where they read 150 privacy policies well-known applications. They summed up their experience as an incomprehensible disaster. To be able to understand an average privacy policy, you need a law degree.


Despite the reluctance to read long and complex privacy policies, recent trends show that users care about the online privacy of their data. Last year, WhatsApp lost nearly 90 million users due to an announced privacy policy update that became global news. At the same time, Apple introduced the “do not track between apps” feature with the new iOS version and 96% of users opt out of cross-app tracking.

Whenever it is offered with a possibility to protect the privacy of our data, we will take it. There is value in our private data and not just for advertising agencies. The problem is that there are no tools available that can help end users understand the complex and intricate world of online privacy protection and the privacy policies that underpin it. Let’s try to define the scope of such a tool by answering a few questions.

What exactly should this tool do, what kind of added value is expected for end users?

It should be integrated into users’ daily routines and support them every time they install a new mobile app or sign up for an online service. In the ideal situation, users need to know who collects their data, what data is collected, how the data is used, how long the data is stored, what rights they have regarding data processing, what security measures are applied to protect their data, and more, through a user-friendly interface without having to read long and complex privacy policies.

Service providers regularly update privacy policies with limited or no notices to end users. It’s hard to know how these updates affect us. Good tools should provide users with archives of all accepted privacy policies. It should automatically track these updates and provide notifications to end users.

The right tool should:

• Educate users on the importance of online privacy and data protection.

• Empower users to set ground rules for how their data should be collected and used by businesses.

•Provide users with an “opinion” on the quality and impact of what is written in the User Privacy Preferences Policy.

Users are used to keeping a file with all their contracts in the physical world. This good practice should also translate to the virtual world.

What technologies should the tool use?

The technologies to make this tool a reality already exist. Applying artificial intelligence and using natural language processing to dissect complex privacy policies is the right way to go.

If these technologies are combined with a compelling user experience to summarize the results of privacy policy analysis and provide key insights visually, users could finally make informed decisions about their online privacy.

About the essayist: Ognjen Ikovic is co-founder and CTO of INVT, a Serbian provider of Pro Se Online Privacy Policy Gurua service that reads and analyzes privacy policies on behalf of the end user.

*** This is a syndicated blog from the Security Bloggers Network of The Last Watchdog written by bacohido. Read the original post at:

Comments are closed.