Privacy policies, every company has one, but how many are actually read? In the EU 18% of visitors fully read privacy policies in full. This problem has been consistent across industries. Although privacy concerns are on the rise and awareness of data collection practices is increasing, many are still reluctant to really read privacy policies.
We at Rita, are always thinking about our users’ privacy. We find it essential for users to know what they are getting into when interacting with a company. Giving our users a clear understanding of data collection practices lies at the heart of Rita’s mission and is the underlying goal of many of our features.
Some companies don’t want people to read it.
Transparency vs Understandability
If a company decides to be honest in their data practices, as companies are increasingly doing, they will face the following tension: How transparent should we be vs how understandable?
Using personal data usually involves technical processes within a legal framework. These two fields consist of a lot of jargon, which makes it easy for the reader of a policy to get lost. In many cases, the more transparent a policy is, the harder it is to understand for a non-technical reader.
Step1: Review industry standards and literature
To start this project our team reviewed industry standards such as described in the GDPR and followed suggestions output by academics. However, blindly following standards were soon perceived as inappropriate to us. Every company has different practices and a different audience. Additionally, most industry standards missed a lack of contextual suggestions.
The template provided by the https://gdpr.eu/, became our structural starting point.
Step 2: Look at good and bad examples
Next, we looked at privacy policies to better understand what some do so well, and where others fail. Some notably successful examples were:
Less notable examples were found among data brokers and other data-driven companies out of the public eye.
From reviewing over 35 examples our 3 key takeaways were:
- Work with expandable elements
- Reader questions as subtitles
- Focus on user-friendly transparency
Step 3: Consult multiple perspectives, Legal, Technological
Following this review, we consulted 6 legal experts working and researching the intersection between GDPR and Technology. It was interesting to see the discrepancies in their suggestions. Some spoke about a lack of contextualisation and simplicity, while others told us there were important legal framing and elements missing. Again, the tension of transparency vs understandability was clearly perceivable.
Step 4: Ask for community feedback
A challenge at first was to meet the needs of our diverse user group. Rita has attracted a wide range of individuals with multiple backgrounds. However, some interesting points came out.
- Use illustrations
- Understandable in 1min
- Concise overview but provide more depth if one is curious
- Transparency on the revenue model
Inspired by our community feedback we’ve worked out a summary consisting of the most important elements in a presentable format. Additionally, users can click on “Learn more” if they want to be additionally informed.
We view the optimization of our Policy as an ongoing process. We’d like to ask any reader to review our work and give us feedback, on anything you would improve.
Anyone can comment in the file, please let us know if there is any way we can improve!
Rita Personal Data Team