Reading the Fine Print Always a Good Idea

Sometimes, there's a good reason that the "privacy policy" has been placed almost invisibly at the bottom of the page, and that when you click on the link, it presents you with a mountain of microscopic legal-like gobbledygook in a document 24-pages long.

The reason the policy is placed in a small, out-of-the-way location is simple: the site owners don't really want you to realize that you've just agreed to allow any information they collect about you or your PC to be distributed across the Internet for the rest of your life.

But you'll miss that because you won't bother to read beyond the first paragraph anyway. And now, the 3 minutes you saved by not reading the privacy policy will be offset by years of hitting the delete key.

Most commercial web sites have a "privacy policy" but simply having one does not mean that all your personal data is to be kept private. It means only that they must disclose what they will do with your private information.

Here's the start of a typical paragraph from a privacy policy:

"The information we collect is used to improve the content of our Web page, used to customize the content and/or layout of our page for each individual visitor, used to provide consumers with information or publications that they have requested from us (e.g. newsletters or whitepapers), used to notify consumers about updates to our Web site..."

But the same paragraph finishes like this:

"...used by us to contact consumers for marketing purposes."

If you were to look at the Facebook.com privacy policy, for example, you would find that its over 3,700 words are produced in 6-point type and contains such disingenuous statements as: "We may occasionally use your name and email address to send you notifications regarding new services offered by Facebook that we think you may find valuable."

"We may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services, Facebook Platform developers and other users of Facebook, to supplement your profile."

"In addition, third party developers who have created and operate Platform Applications ("Platform Developers"), may also have access to your personal information..."

Moreover, privacy policies can change and the website may not notify you of the change. Some ISPs, for example, are reputed to have begun selling information they collect on users' online behavior. If their existing privacy policies prevent them from doing this, they merely change their policies. In many cases, it's up to the user to keep up-to-date regarding policy changes. (Source: nytimes.com)

But what about sites having a TRUSTe or Habeas "certification"? In actuality, this does little to ensure true privacy protection. Instead, these certifications only measure compliance with a site's stated privacy policy. Sites can maintain their certification even if their privacy policy changes.

Yes, reading a privacy policy may seem like a royal pain in the you-know-what, but reading carefully before you provide any type of personal information a good idea. If, as users, we don't keep ourselves aware of such policies, we can only expect that greater liberties will be taken with our information, and we will have been informed only in the privacy policies that we didn't bother to read.