By our standards, none of the privacy policies we surveyed quite measure up. Most of them provide incomplete information on what “personal information” means. Many of them fail to make clear that they are actively sharing information with third-parties. Even when they change their policies on something like data retention to placate privacy advocates, the changes do little to provide real privacy. The legal right companies reserve to change their policies at any time reminds us that right now, the balance of power is clearly in their favor. When they do offer users choices, the choices fail to encompass all the ways online data collection implicates users’ privacy.

But we don’t believe that we are stuck with the status quo. In fact, there are many positive signs of companies making smart moves, because they’re realizing they need buy-in from their users to survive in the long-term. Already, we’ve seen users trying to determine how their data is shared in all the controversies Facebook has recently endured. Google has created new tools that allow users a wider range of choices for controlling how their data is tracked. And everyday, we see new examples of how data can be shared with users and customers as part of a service, rather than being treated just as a by-product that is solely for the companies’ use and enrichment.

We hope that our analysis will help push debate in the right direction. We hope that companies will see there can be real value and return in being more honest with their consumers. At the same time, we hope that as consumers and privacy advocates, we can work with companies towards useful solutions that balance privacy rights against the value of data for all of us.

Questions we asked of each company.

  1. What data collection is happening that is not covered by the privacy policy?
  2. How do they define “personal information”?
  3. What promises are being made about sharing information with third parties?
  4. What is their data retention policy and what does it say about their commitment to privacy?
  5. What privacy choices do they offer to the user?
  6. What input do users have into changes to the policy’s terms?
  7. To what extent does they share the data they collect with users and the public?

Introduction / Conclusion / Preview Blog Posts