Calif. Lawmaker Wants Web Companies To Tighten Privacy Policies

It's no secret that online privacy policies aren't the easiest documents to understand. As far back as 2008, researchers at Carnegie Mellon University reported that actually reading an online privacy policy would take 10 minutes on average. In other words, it would probably take people longer to read the privacy policy of any given site than to read whatever articles or other content drew them to the site in the first place.

Now, a California lawmaker is hoping to prod the industry into changing that. Ed Chau has proposed Assembly Bill 242, which would require privacy policies to "be written in clear and concise language," and at "no greater than an 8th grade reading level." The bill also says privacy policies must state whether users' personally identifiable information may be shared and, if so, with whom.

California already requires Web site operators who collect personal information to offer privacy policies, but the law doesn't yet mandate the level of detail that Chau would like to see.



He says that one reason he's pushing for the law is because "many privacy policies actually create a false sense of privacy for the average consumer," according to The Sacramento Bee. Chau added that consumers end up just scrolling through without reading the documents.

Chau isn't the first to make those observations. Several years ago, researchers at UC Berkeley reported that consumers tend to assume that companies that have privacy policies also have good privacy practices. "In a way, consumers interpret ‘privacy policy’ as a quality seal that denotes adherence to some set of standards," reads a summary of the report.

Despite the well-known problems with privacy policies, Chau's recommended fix doesn't seem very practical in today's complex Web environment, where even industry experts have a hard time keeping up with the new ways in which ad networks and exchanges collect and use data. That's especially true given that Chau's bill also requires that privacy policies offer precise details about data collection and use. Among other requirements, Web site operators would have to tell people the categories of personally identifiable information that are collected, as well as the categories of third parties that receive information about users.

2 comments about "Calif. Lawmaker Wants Web Companies To Tighten Privacy Policies ".
Check to receive email when comments are posted.
  1. Chuck Lantz from, network, February 11, 2013 at 8:39 p.m.

    The hell with "today's complex Web environment." Either you're actively selling your user info, and/or passively alllowing it to be easily mined, or you're not. No matter how hard the companies try, some user information will get out, but as a user, I want to know up-front, and in concise language, just how hard they're trying to keep the info in-house.

  2. Pete Austin from Fresh Relevance, February 12, 2013 at 5:34 a.m.

    @Chuck Lanz: Unfortunately it's really difficult. Regardless of what the site itself does, once it adds widgets from Facebook and Twitter, Google Analytics links, and an advertising bar, the site is not in control of your privacy. You have a widget from "" on your own site, for example.

Next story loading loading..