Otherwise, few people will bother to read them
Why most people don’t read privacy policies
The first is that we live in an age of information overload, and simply don’t have the time. We therefore scan, and if the point is not immediately clear, we move on. This is true for all business writing, which is generally poorly written and struggles to get to the point.
The second reason is that policies are lengthy legal documents written by lawyers. Their objective is not to inform through short, clear language, but to protect through detailed legal language. That’s why, when faced with privacy policies on websites, we just click and accept, and hope for the best. After all, most of the time, it’s just legal boilerplate anyway.
GDPR’s transparency guidelines are poorly applied
GDPR requires communications to data subjects to be “concise, transparent, intelligible and easily accessible.”
Article 29 Working Party guidelines say that “The concept of transparency in the GDPR is user-centric rather than legalistic”, and that “the quality, accessibility and comprehensibility of the information is as important as the actual content.”
This means that information should be presented “efficiently and succinctly in order to avoid information fatigue”, so that people can “immediately access rather than having to scroll through large amounts of text searching for particular issues.”
In practice, however, these guidelines are rarely applied.
Three steps to clear privacy policies
There are three simple steps you can apply to improve your privacy policies:
- Structure or layer them so that the following questions are clearly visible in large font:
- What data do we need?
- Why do we need it?
- How do we use it?
- How long do we keep it?
- What are your rights?
3. Use the writing guidelines in this 10-page booklet called Get to the Point!, which you can download free from this business-writing website (no email required).
Lawyers should not be writing privacy policies
Examples of good privacy policies
Here are a few examples of companies that have got it right:
- Salesforce (good structure, but too much detail in the answers)
- Oracle (good structure, though ruined by the lengthy legalistic introduction)
- Privacy Perfect (perfect!)
- Medair (perfect!)