How about this?
Your e-mail address will not be passed on to anyone else for any purpose, not even to keep us out of prison.
That certainly didn't take 10 minutes to read.
Website privacy policies take on average 10 minutes to read and sometimes run into thousands of words, researchers have found. While some are short, others would take over half an hour to read. Researchers Aleecia McDonald and Lorrie Faith Cranor of Carnegie Mellon University looked at online privacy policies and how long it …
As AJ Stiles says, a *privacy* policy requires only one line of text. You only need more if you need to document your violations of your customers' privacy.
Privacy notices suffer from the same problem most any other legal document suffers these days: excessive use of "Legalese". Why all this "party in the first part" drivel?
Sometimes, I wonder if a law should be passed that demands that all future legal writings be written in terse but concise language that anyone can read and understand quickly. For example, a privacy notice could read:
"We may use information ABOUT you (but not tracable to you) to form statistics, and we may be forced to turn over information if demanded by the law, but we will keep your personal information private otherwise. Should this not be the case, you may sue us under the law."
Perhaps such an act could also include this line: "Make a bill or legal notice too lengthy, expect to spend up to a year in jail and to pay the costs of trying you."
... it is not worth reading. Any competent lawyer should be able to hide get-out clauses around anything that looks like a binding commitment in such a long document.
There are plenty of ways to deal with huge privacy policies. How many millions of internet users live in Beverly Hills (zipcode 90210)? Who else puts the website's own contact phone number into the form? How many people have a date of birth that varies with the phase of the moon? How many people use a bugmenot address for confirmation email?
It never came to it, in the end (either The Authorities took at face value another disclaimer, "Anything on this web site that would be illegal if it were true is made up", or -- more probably -- they just didn't bother with us); and it was before the RIPA became law. But I'd certainly like to think that I'd have gone to prison rather than compromise other people's privacy.
The problem is that things get outsourced, and certain bits of your information will get transferred to achieve that. Who holds the information given to a "site"? The hosting company? The company who holds the copyright? The agency who manages it? What happens if one of those entities is outside of the EU? What happens when a third party is contracted to send you a catalogue or e-mail newsletter? What about Google Analytics tracking? (A very useful legitimate tool for a site developer to try and find and resolve 'black spots', but its use most certainly needs to be explained). What cookies are sent to your PC, what do they contain and how long do they last for? What actually *is* the consumer's responsibility (e.g., keeping passwords private)?
All websites/applications should be required to go through the plain english campaign and achieve a crystal mark for clarity.
I've been victom to the
"But it says so in our terms and conditions, section 4, part 5.2..." when trying to make a complaint on poor service.
Once you take in all the exceptions, weasel words, and excuses into account...
We own all your data and will do what ever the hell we want, and everything is your fault.
There you go, one sentence.