So You'd Rather Throw Your Computer Into The Sea Than Read Through A Privacy Policy

It is a truth universally acknowledged that a company in possession of dubious morals and your data must be in want of a profit.

If you've fallen prey to the siren call of clicking the little I Have Read The Terms And Conditions checkbox without ever actually reading the thing, you're not alone. Everyone does it. Hell, I've done it. Those things are long, with small text and terrible wording - all of which is often done deliberately. Nevertheless it's important to know what a given service is doing with the data you provide it, and so this guide aims to give a rundown of ways to make reading a privacy policy a little more bearable.


Get Someone Else To Read It For You

I'm not the only person talking about data privacy online! One solid place to start is to search “[service] data privacy” and see what's been in the news. A couple of other good places to look are:


ToS;DR

Stands for Terms of Serice; Didn't Read. An incredibly comprehensive resource that also allows contributions from the anyone with an account. Each service on the site is given a grade from A to E (or N/A), as well as summarising the key points from the given Terms and Privacy policies.


Common Sense Privacy Program

The Common Sense Privacy Program is a US-based non-profit organisation that reviews various apps, scoring each out of 100%. It's not perfect - there are instances where “This evaluation did not assess whether this product collects geolocation data” or similar - but it provides a simple to read overview of what a given privacy policy says.

It's also aimed at educators and parents, so there are sections regarding whether the service is intended for schools or under-13s which can affect the overall score whilst realistically speaking not affecting you, the person reading this (unless you happen to be a teacher, in which case hi, or under 13, in which case please don't spend all your time on the internet there are better things to do promise).


*Privacy Not Included

Mozilla is another non-profit, and also the group who made the Firefox browser (which you should switch to if you use Google Chrome or Microsoft Edge but that's another topic for another day).

It has reviews for a whole range of services, from Amazon Ring cameras to Zoom to Pray.com, and splits their review into three main sections: privacy (does it have camera access, what data does it collect, is the policy user-friendly etc); security (is it encrypted, does it encourage the use of a strong password); and AI (if it's there, what decision does it made and how transparent about its use is the service).

As a fun added bonus, it also provides the company's track record (if known) of data protection.



Read The Damn Thing

Yeah, unfortunately the best way you've got of knowing what a company is doing with your data is to read the document in which they tell you what they're doing with your data.


Can you find it?

If a privacy policy isn't easy to find, if you've looked in all the likely site locations and can't see it, if you find an error when you should find a pdf… those are red flags!


How long is it?

There's no easy "your privacy policy should be exactly within this specified range of pages", but documents that are both incredibly short or incredibly long should be treated with suspicion.

Something that's one page long and contains lots of phrases to the effect of "...and your data may be used for other purposes" is something that very deliberately isn't telling you important information about what, exactly, they're doing to your data.

On the other end of the scale, a document that's fifteen pages long in size 9 font is almost certainly using the fact that nobody wants to go through all that to hide that they went down the Yellow Pages and sold your data to anyone who picked up the phone.


Do You Know Your Rights?

If you're a resident in the UK or EU, you have the right to access data held about you, the right to have this forgotten, and the right to not have your data used for marketing purposes (this is a non-exhaustive list - you have other rights too).

A service processing data about you, then, should have provisions in their privacy policy talking about this, and if it doesn't, that's a red flag! Sometimes this is built into the policy as a whole, benefiting everybody! Sometimes there is a separate clause (or even an entirely differently policy) for people in these areas, in which case, fuck the rest of you I guess?

California resident - Do not sell These transfers to third parties may constitute “sale” of your personal information under California law. A California resident can halt these sales at any time by pressing the “California resident - Do not sell” link that is located in the footer of every page on our site. Third-parties do not sell personal information that has been sold to them by the Guardian unless you have first received explicit notice and are provided an opportunity to exercise the right to opt out. You can read further about your California rights here.
If you are located in the UK or the EEA, you may contact us for a copy of the safeguards which we have put in place for the transfer of your personal data outside the UK or the EEA.
Your rights under the Australian Privacy Act

Other places may also have specific data protection regulations that a service operating in that area should take into account. For example, both Australia the state of California in the USA definitely do, and you should check if where you live does too.


Ctrl+F

Everyone loves a good Find In Page. An incomplete list of phrases to watch out for are:

  • "Sell"
    • And if that has no results, a company might still share your data with “partner”s, “affiliate”s, or “third parties”
  • “Advertising”
    • Is it targeted? Can you turn it off? What, data do they use to advertise to you, and who else is it passed to?
  • "May"
    • And other such vague words. A company that may share info or may combine it with information collected from other sources is likely not revealing the full extent of what they do.



Wake Up

Realise this was all a terrible dream. The Internet doesn't exist. The concept of a "business" is alien to you. Solid land is a faraway dream. You are Climatius reticulatus, a small type of spiny shark who lived about 415 million years ago and life is good.



Comment Form is loading comments...