You Can’t Understand Privacy Statements, and I Prove It!


A few weeks ago I commented on an interview with filmmaker Cullen Hoback. He stated that terms and conditions are not designed to be read. I have been wanting to comment further on this, so today we will. Privacy policies are written by lawyers and for other lawyers. While some lawyers can be cheeky and fun, their writing is unapproachable for many. Terms and Conditions and Privacy Policies are their greatest failures.

The Inherent Paradox

What I find most amusing is that the stuff we care about the most is the stuff that we read the least. Our legal rights when using a service and our private information are shared without so much as a passing glimpse at what we signed. Even when there are some good plain language lead-ins, the entirety of the document is opaque to everyone but the person who wrote it.

So why do we do this to our users? Do we hate them? Do we just figure that since they don’t care, we shouldn’t? Or do we, as lawyers, assume that everyone can read on a 12th grade reading level. Let’s look at what reading level (also known as readability) analysis is and then look at examples in this space.

Readability in Numbers

Ever wonder if your writing is accessible to your audience? Doing a readability analysis can tell you. The problem is that most non-trained writers write for the level that they are at. There lies the problem with legal statements on web-enabled services. They are indeed written by lawyers. While they are trained to write good legal texts, they are not trained as true writers. So their ability to write to other audiences is hampered. It is said that if you intend to write to a different audience, try reading other people’s writings in that space. The folks that write privacy policies haven’t been doing that as I will prove.

There are multiple formulas and methods for determining readability of text. The Flesh Kincaid Reading Analysis will give you a grade level output. The higher the grade level, the harder it is to read. It is embedded within Microsoft Office. However, anything about grade 12 is reported as grade 12. So when you do this to your own writing and see a Grade 12, it may actually be much, much higher.

I struggled to find a good definitive resource on what reading level you should be writing to. What I did find was some anecdotal information:

So at worst, you should be writing to a 4th grade level. At best, 10th grade is ok. So let’s look at how privacy policies are doing.

Examples of Privacy Policies and Readability

I used the analysis tool built into Microsoft Word to perform my analysis. I copied and pasted these various privacy policies and than ran the Spelling and Grammar check. Out popped the results. There are other resources out there, but this provided a repeatable test. I will give an overall grade against Oregon’s standard, and will look at the lead-in as suggested by the NIH. So here are my un-scientific results:

My only comment on these results is this. OMG! Honestly, I knew it was going to be bad. I didn’t think it was going to be this bad. I was a little surprised that Facebook was slightly better. They still failed.

Lawyers are constitutionally incapable of writing for non-lawyers. Broad statement, I know. It is not their fault. Unless formally trained as a writer, it is hard to write for other audiences. Journalists go through rigorous training to find neutral voices. Copy writers struggle to write with voices that are not their own. So while I give a failing grade to all, I do it with a grain of salt. I personally know the lawyers who have written their organization’s privacy policies. They are all good people. They just don’t know any better and haven’t been trained or evaluated on this sort of scale.

What You Should Learn

There are a few take aways that I want to leave you with:

  1. Your privacy policy is not readable by all of your users. Quite frankly, it will never be. At least by this standard.
  2. You need to re-write your privacy policy. If you need help, reach out and ask. I have looked at many of these and have many thoughts on them.
  3. Put duct tape over your lawyers mouth for your first re-write. Let someone who is trained in writing take a stab at the statement. Don’t let the lawyer comment at all, at first.
  4. You need to test it. Machine analysis is great, but find yourself a group of high school kids and younger. Let them read it and tell you if they understand it. Ask probing questions. If that audience is not available, find a cross section of your employees and have them do the same.
  5. Rinse and Repeat steps 2-4 as needed. There will always be something different you want to say.

A Final Word

I talked about self-regulation yesterday. Never in any opinion about privacy statements and policies have I ever read a statement about readability. Our regulators and the industries have never talked about it at all. It’s not that they don’t care, I hope. No one has ever thought about it as a metric. A broad accusation, but if the most progressive social companies out there in social are failing so horribly at my test, am I all that wrong?

This entry was posted in Legal, Privacy, Social and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s