Should You Trust Data Privacy Policies and Terms of Service on Websites?

The fact that you've started reading this article means that you are most likely interested in how your privacy is protected online. The problem is, we can't give you a conclusive answer. In fact, in all likelihood, there isn't a single person on the face of the planet that can do it.

On a daily basis, you interact with a number of different websites and applications. In some cases, even if you don't create an account, some of your data is sent to the developer of the website or app. It happens silently, but it's not necessarily illegal. In fact, it's most likely mentioned in the privacy policy, the terms of use, and the end user license agreement (EULA) links to which are usually available at the bottom of the page you're on. As a result, if you start arguing that someone has misused your data, a lawyer will probably point out that you've agreed to all this. The solution, it seems, is to read the privacy policy, terms of use, and EULA of every single website, and if you don't agree with what is stated there, you just stop using it.

Do you read the legal documents of all the websites you use?

This time, we have a conclusive answer: No, you don't. We even have scientific proof of this. In 2012, experts from the Carnegie Mellow University did some research, and after examining the privacy policies of some of the world's most popular websites, they found out that the average document detailing the handling of your private data is about 2,500 words long and will take you about 10 minutes to read.

They also estimated the number of privacy policies you encounter in a year, and they concluded that if you were to stop what you're doing and read them all, you'd need just over 600 hours or 76 working days. This, it should be pointed out, doesn't include the terms of use or the EULA docs. You're not going to spend that much time reading legal documents, are you?

And even if you were to do that, how much of the content would you understand? The documents are about as interesting as watching paint dry, and they're full of legal and technical terms that are beyond the vocabulary level of the regular user. To recap, privacy policies are long, gut-wrenchingly boring, and near-impossible to understand unless you are a legal practitioner.

Can the problem ever be fixed?

You might have heard of EU's GDPR (General Data Protection Regulation). It's a set of regulations that come into effect on May 25 and aim to force service providers to handle users' data in a more transparent manner. According to the official GDPR information portal "… companies will no longer be able to utilize long illegible terms and conditions full of legalese…". So, good news, then, right?

If your data is stored outside the European Union, GDPR won't affect you. Speaking of which, in an attempt to limit its exposure to the new protection laws, Facebook recently moved the data of more than 1.5 billion users away from its headquarters in Ireland.

Even for citizens of the EU, it's still difficult to estimate how much more understandable the legal papers will become once GDPR goes into effect. All in all, GDPR is, at best, a very small light at the end of the tunnel. It could also turn out to be an overhyped, buzzword-generating bill that doesn't really change much.

What can regular users do to minimize the chances of having their private information misused?

While very few users are willing to take the time to read the legal documents, lawyers do it, especially when the popular websites are concerned. Privacy advocates tend to ring the alarm bells whenever they see something that could put users at risk, so it's fair to say that, when it comes to the most widely used services, the privacy policies and terms of use aren't putting your personal data at risk. It's also worth pointing out that most companies try to stick to their policies because if they don't, the damage, both to their reputation and to their bottom lines, could be significant.

In the end, your mechanisms for protecting your own data are somewhat limited. When you're signing up for a new service, skimming the legal paperwork and looking for obvious red flags is a good idea, especially if the website isn't very popular. Try not to give out more information than is strictly necessary and stick to the best security practices to make sure that it's as safe as possible.