“A notable share of Americans – 45% – are very or somewhat concerned about how companies use data they collect about them and, at the same time, say they frequently agree to privacy policies without reading them.” This was one of the findings in a 2023 Pew Research Center study on how Americans view data privacy. An earlier Pew study found that 81 percent of the public say the potential risks they face because of data collection by companies outweigh the benefits.

So why do so many people who are concerned about misuse of their data not read a company’s policy on how it will be collected, protected, and maybe shared with third parties? One reason is that many privacy policies are beyond their ability to comprehend.

According to a 2020 article by Maddie Roderick in The Realtime Report:

• Google’s privacy policy contains more words than the U.S. Constitution.
• It would take you less time to read the Magna Carta than Instagram’s, Apple’s, and Facebook’s privacy policies.
• Twitter’s privacy policy is one of the easiest to read, but it would still take you almost as much time to read it as George Washington’s Farewell Address.

Ms. Roderick also said that some website and social media policies are written to a 10^th-grade reading level or higher, while the platforms are directed to kids 2-3 years younger. Another study found that the privacy policies of many popular websites are considered more difficult to read than Charles Dickens’ Great Expectations and Immanuel Kant’s infamously dense Critique of Pure Reason.

Another reason some people may not read a privacy policy is they assume that if a company has one, the company protects their data. A 2007 study at the University of California, Berkeley found that 75 percent of people think that having a privacy policy means a company won’t share their data with third parties. The reality is that privacy polices tell you what companies do with your data, which could include using it to target you with ads or sharing it with third parties for advertising or other purposes.

The United States does not have a national privacy policy. There are a variety of federal regulations that cover specific situations, such as the Children’s Online Privacy Protection Act (COPPA), which governs the collection and use of the data of young children by websites and other online platforms. The Gramm-Leach-Bliley Act requires financial institutions to explain their information-sharing practices and to safeguard sensitive data. The FTC recommends a privacy policy for most websites that collect and share consumer data.

If you’re not going to read a company’s privacy policy, at least be sure they have one if they’re collecting personal information from you. And check out the company’s reputation with the BBB and online to hopefully ensure you can trust it with your data.

Randy Hutchinson is president and CEO of the Better Business Bureau of the Mid-South and can be reached at rhutchinson@bbbmidsouth.org