Most users of Facebook and Google had fundamental gaps in understanding, even after reading privacy policies, about how the websites handled their information and how other Web users could discover it, according to a study released by the digital branding firm Siegel+Gale [cq].
Users understood the privacy policies less well than they did government documents or bank card agreements, the study said. They earned comprehension scores between 35 and 40 out of 100 for both policies. The survey asked just over 400 people to read the companies' policies and then answer questions about them online.
"We forced users to pay attention to this, but even through forcing them to pay attention, they still couldn't understand what was in these privacy policies and were failing to grasp the basic information that was supposed to be communicated," said Brian Rafferty [cq], global director of insight at Siegel+Gale.
After reading the policies, just 23% understood that their Google+ profile is visible to anyone online. Just 30% knew that even with the strictest privacy settings activated, their Facebook user names remain public.
A Google spokesman called the company's user education campaign "the most extensive notification effort in Google's history."
The study suggests that informing users within the app or website how their information is being shared is a better way to safeguard privacy.
Justin Brookman [cq], director of the Project on Consumer Privacy at the Center for Democracy and Technology, agreed.
"Privacy policies are not a great way to inform users," he said.
Brookman pointed out that both Google and Facebook have begun including more intuitive notification methods.
A Google spokesman pointed to those features, and said its "privacy center, published FAQs, Help Center articles, Good to Know website and in-product notifications help explain what data we collect, how we use it and how people can manage their information."
Facebook has also moved toward including more information about how users' information can be accessed. The company did not respond to a request for comment.