21
P3P Area Popular,
Percentage Unclear Random, Percentage
Unclear Type of Data Collected
25 average 30 average
Data Use 29 average
35 average Data Recipients and
Sharing 45
45 Access Provisions
4 4
Data Retention 72
70
Table 4: Uncertainty in Human Readable Policies. Type of Data Collected and Data Use are Averaged Over Multiple Sub-categories.
This high level of uncertainty is, itself, an interesting result. Websites with human readable privacy policies do not offer the level of detail and
specificity to enable analysis of many of their practices.
3.4 Analysis of Readability
Anecdotal evidence suggests one of the reasons people are reluctant to read privacy policies is the polices are difficult to understand. Readability
analysis supports the view that polices are inaccessible to most of the population.
There are a variety of standard metrics for comparing how easy it is to comprehend a text. In general, readability metrics are ratios based on word
length, sentence length, and paragraph length. All other things being equal, we expect that the longer a sentence is, the more complex it is and the harder
it is to read. Higher scores indicate more difficult text.
The Kincaid formula
39
is = [11.8 syllables number of words] +
[0.39 number of words number of sentences] – 15.59 The average readability scores for the privacy policies we looked at
indicate most people would find them difficult to read. For the sake of contrast, we include typical readability scores for two other forms of
communication: press releases from the White House, and New York Times articles.
40
22
Metric Popular Random
White House Press
Release New York
Times Article
Kincaid Score 12.4
12.5 4.1
6.2 Standard Deviation
1.8 2.3
Minimum Kincaid 7.3
6.8 Maximum Kincaid
17.9 18.1
Table 5: Readability Scores for Popular and Random Sites
Certainly there is room for improvement. Unfortunately, corporations have incentive to retain the status quo. Because the FTC uses privacy
policies to bring action for fraudulent and deceptive practices, legal departments may be wary of using plain English. Corporations may have
fewer liability concerns by using standard, boiler-plate legal language.
3.4.1 Differences in Readability
The Popular and Random are very similar to each other: most policies require a college education to understand.
There is slightly more variability in the Random policies, as seen in both a wider range from minimum to maximum and a slightly higher
standard deviation.
23
4 Focus on Financial Industry
This year we present an in-depth look at the privacy policy trends in the financial industry.
This section of the report includes excerpts from a study published in the Fall 2006 issue of IS: A Journal of Law and Policy for the Information
Society.
41
4.1 Analysis of Privacy Protections