Commentary

Web Users Agree To Anything Online, Study Finds

There was always reason to suspect that many people who sign up for online services never so much as glance at privacy policies -- which tend to be written in dense, nearly undecipherable, language.

But most of the support for that idea has been anecdotal.

Now, researchers at Michigan State University and the University of Connecticut have conducted a study that attempts to scientifically prove whether people read online privacy policies and other notifications.

The results strongly suggest that most people don't even attempt to do so.

For the study, "The Biggest Lie on the Internet," researchers gave 543 communications undergraduates the opportunity to test "Namedrop," a fictional social networking service.

Participants had to officially agree to the site's terms in order to join, but didn't have to click through to read the 8,000-word privacy policy or 4,300-word terms of service first. The vast majority of undergrads -- 74% -- simply checked a box saying they agreed to the terms without reading them.

The ones who "read" privacy policy and terms of service typically spent less than one minute doing so.

The terms of service themselves contained two unusual clauses. One provided that all data could be shared with outside companies -- including ones that could assess eligibility for jobs and loans. The second unfamiliar clause said that participants agreed to give up their first born child to the site.

All of the participants clicked a box stating they agreed to all conditions -- strongly indicating that no one read the terms of service.

"The results of this study suggest that individuals often ignore privacy and terms of service policies for social networking services," the authors write. "If communications scholars-in-training cannot be bothered to read [social networking service] policies, let alone demonstrate concern about the implications of ignoring notice opportunities, it seems likely that the general public would commonly ignore policies as well."

The lead author, Michigan State University's Jonathan Obar, says in a letter to the Federal Communications Commission that the results cast doubt on the so-called "notice and choice" framework for online privacy. That model requires companies to notify consumers about how their data is collected and used, and allow them to opt out of certain uses.

"Transparency and access are terrific places to start, but terrible places to finish," Obar writes. "More needs to be done to ensure that users are aware of what they are agreeing to, and protected from threats associated with data sharing and data use."

Next story loading loading..