杏吧原创

Privacy policies are four times as long as they were 25 years ago

A machine learning analysis of 50,000 privacy policy texts shows they have ballooned to an average of over 4000 words since 1996
MTBE2R General Data Protection Regulation - closeup smartphone message with text Privacy Policy.
Privacy policies are getting harder to read
Antons Jevterevs / Alamy

Privacy policies have become longer and less readable, and require more access to user data for the organisations that write them, an analysis of 25 years of documents shows.

at De Montfort University in Leicester, UK, gathered 50,000 privacy policy texts by trawling some of the most visited websites in the world for their privacy policies. She also delved into their history dating back to 1996 using the Internet Archive鈥檚 Wayback Machine, which hosts historical versions of web pages.

She analysed the data using a machine learning-based natural language-processing model called BERT, developed by Google in 2018. BERT is able to quickly analyse large amounts of data for patterns.

Wagner鈥檚 work was triggered by a recognition of her own habits. 鈥淎s a researcher who works on privacy, I find myself agreeing to privacy policies but not reading them,鈥 she says.

She found that the average privacy policy has nearly quadrupled in length between 2000 and 2021. The average privacy policy was 1146 words long in 2000, 2159 words long in March 2011 and 4191 words long in March 2021.

Analysing privacy policies on a month-by-month basis, Wagner found their length ballooned in around May 2018 鈥 when the European Union鈥檚 General Data Protection Regulation (GDPR), a set of laws designed to protect consumers鈥 data, came into effect 鈥 and at the start of 2020, when California introduced similar rules. More than 40 per cent of the policies Wagner tracked were updated in mid-2018, demonstrating GDPR鈥檚 impact.

As privacy policies have got longer, they have also become more complicated. According to the Flesch reading ease scale, which measures the readability of text, Wagner found that privacy policies written in 2021 had scores similar to academic papers written for the likes of the Harvard Law Review.

鈥淚 think privacy policies, from a user鈥檚 point of view, are fundamentally broken,鈥 says Wagner. She suggests that until policies are dramatically simplified, machine learning could help users sift through the morass of gobbledygook.

at Newcastle University, UK, says that such analyses highlight the issues with impenetrable privacy policies, an issue she says is particularly prevalent in the US. 鈥淸The US is] now the last place on the planet, almost, that clings to notice and choice as its most significant safeguard for users,鈥 she says, meaning people have to be informed about how their data is being used but they have few explicit rights over their data. 鈥淗opefully that situation will not now last forever.鈥

Reference:

Join us for a mind-blowing festival of ideas and experiences. New 杏吧原创 Live is going hybrid, with a live in-person event in Manchester, UK, that you can also enjoy from the comfort of your own home, from 12 to 14 March 2022. .

Topics: Privacy