Wanted: Privacy policies written for human beings

The biggest problem with online privacy is that nobody understands it. Poorly written privacy policies are a big reason why. UPDATE: StickK responds.

By  

Fast forward two years. Through the magic of Google, my blog post on StickK is now the fourth hit on any search for “Stickk.” And even though there’s a comment at the end from StickK noting that it had changed its policies post facto, the company wanted to add a disclaimer to the top of the piece.

So Computerworld added a disclaimer. No big.

But along the way I revisited StickK’s privacy policy and found more things that disturbed and confused me. That lead to another email conversation with StickK General Counsel Scott Goldberg.

Here’s one example: StickK’s Terms of Use still give it the right to use members’ photographs and other information in advertisements, provided the use doesn’t violate the site’s privacy policy. StickK’s Privacy Policy says nothing about any of that. So does StickK have the right to use my photos in ads or not?

Per Goldberg:

The rule for privacy policy interpretation is that unlisted methods of sharing are not permitted because a user cannot give consent to our sharing their information via a particular method when that user has not been asked or told about sharing via that method.  Our privacy sets forth a specific, limited, list of ways that the information can be shared and advertising is not listed.  Since advertising is not listed, use of PII in advertising is not permitted.

He went on for a bit after that, but that’s the simplest, clearest explanation he provided to any of my questions.

Privacy policies like this are fine, if you happen to have a lawyer in your pocket at all times -- and then maybe another lawyer to translate what the first lawyer said.

Otherwise they’re not so fine. They’re effectively useless. So here’s what I propose. Keep the legalese for the lawyers, if you must, but boil it down to the essentials for the rest of us mere mortals.

The first time you visit a site or log into it, the site should display a pop up window with four bullet points listing:

* The personal identifiable information the site gathers. Name and address? Credit card? IP and location? A simple list would suffice.

* What the site does with your PII. Will third parties have access to your data? Will advertisers?

* The ability to opt out on the spot. Don’t like what the site is doing with your info? Click this link to remove your data or limit sharing.

* Want to dig into the minutiae? Here’s a link to the longer legalese.

Simple, easy, effective, and no migraines. Is that really so difficult? I don’t think so. What do you think?

UPDATE: After I first posted this, StickK's general counsel sent me an official response. Here it is:

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

IT ManagementWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness