Why we changed our privacy policy

We live in a world where almost every interaction we have has shifted online.

We message our friends on Facebook, get driving directions through apps, and even contact businesses using chatbots on their website.

The digital footprint of all these actions is now larger than it has ever been, meaning that organisations are collecting more data and information from people than ever before.

Reset Australia prides itself on having a world leading Privacy Policy. We have made sure that we follow best practice data minimisation and transparency procedures.

And even though not a legal requirement in Australia, we have made ourselves GDPR compliant in an effort to lead other Australian organisations in this direction.

But we discovered one problem — the language and legal jargon used in our privacy policy meant hardly anyone would understand.

Let me explain.

We recently published a report that assessed how popular digital apps collect consent from users when they sign up for an account (you can read our full research report on that here).

But basically, after running a content analysis of the language used in terms and conditions — we found that almost all of them required a university level education to understand and none of them could be read in under an hour.

This made us curious. How would our privacy policy stack up in the same analysis?

Surprisingly, we scored the exact same.

We had put a lot of effort into making sure our privacy policy was rigorous, transparent, and adopted the best privacy principles from around the world.

But in this process, we had failed to make any of that information accessible to the public.

So we started again.

We took all of the core elements of our privacy policy and stripped it right back, making sure that we explained every element clearly, simply, and succinctly.

Now, anybody who wants to know how and why we are using their data — anybody at any age, should be able to fully understand in a matter of minutes, not hours.

It was likely that very few people would notice this change. So why did we do it?

Accessible privacy policies alone aren’t going to fix the power imbalance between tech platforms and their users.

But for a digital rights organisation, it was important to practice what we preach.

It is also important for us to make sure that when we talk about digital literacy and data rights, we are doing it in a way that talks to everyone and not the typical policy crowd.

Our supporters have a right to know what data we are collecting from them, how we are using it, and what they can do to access and remove that data.

But as we have learnt, it is essential that all this information is easy to access and understand.

If you’re interested in learning more about this work or how to best ensure the responsible handling of the data, we’d love to hear from you.