Now, a California lawmaker is hoping to prod the industry into changing that. Ed Chau has proposed Assembly Bill 242, which would require privacy policies to "be written in clear and concise language," and at "no greater than an 8th grade reading level." The bill also says privacy policies must state whether users' personally identifiable information may be shared and, if so, with whom.
California already requires Web site operators who collect personal information to offer privacy policies, but the law doesn't yet mandate the level of detail that Chau would like to see.
He says that one reason he's pushing for the law is because "many privacy policies actually create a false sense of privacy for the average consumer," according to The Sacramento Bee. Chau added that consumers end up just scrolling through without reading the documents.
Despite the well-known problems with privacy policies, Chau's recommended fix doesn't seem very practical in today's complex Web environment, where even industry experts have a hard time keeping up with the new ways in which ad networks and exchanges collect and use data. That's especially true given that Chau's bill also requires that privacy policies offer precise details about data collection and use. Among other requirements, Web site operators would have to tell people the categories of personally identifiable information that are collected, as well as the categories of third parties that receive information about users.