Should You Trust Data Privacy Policies and Terms of Service on Websites?
The fact that you've started reading this article means that you are most likely interested in how your privacy is protected online. The problem is, we can't give you a conclusive answer. In fact, in all likelihood, there isn't a single person on the face of the planet that can do it.
Do you read the legal documents of all the websites you use?
This time, we have a conclusive answer: No, you don't. We even have scientific proof of this. In 2012, experts from the Carnegie Mellow University did some research, and after examining the privacy policies of some of the world's most popular websites, they found out that the average document detailing the handling of your private data is about 2,500 words long and will take you about 10 minutes to read.
And even if you were to do that, how much of the content would you understand? The documents are about as interesting as watching paint dry, and they're full of legal and technical terms that are beyond the vocabulary level of the regular user. To recap, privacy policies are long, gut-wrenchingly boring, and near-impossible to understand unless you are a legal practitioner.
Can the problem ever be fixed?
You might have heard of EU's GDPR (General Data Protection Regulation). It's a set of regulations that come into effect on May 25 and aim to force service providers to handle users' data in a more transparent manner. According to the official GDPR information portal "… companies will no longer be able to utilize long illegible terms and conditions full of legalese…". So, good news, then, right?
If your data is stored outside the European Union, GDPR won't affect you. Speaking of which, in an attempt to limit its exposure to the new protection laws, Facebook recently moved the data of more than 1.5 billion users away from its headquarters in Ireland.
Even for citizens of the EU, it's still difficult to estimate how much more understandable the legal papers will become once GDPR goes into effect. All in all, GDPR is, at best, a very small light at the end of the tunnel. It could also turn out to be an overhyped, buzzword-generating bill that doesn't really change much.
What can regular users do to minimize the chances of having their private information misused?
In the end, your mechanisms for protecting your own data are somewhat limited. When you're signing up for a new service, skimming the legal paperwork and looking for obvious red flags is a good idea, especially if the website isn't very popular. Try not to give out more information than is strictly necessary and stick to the best security practices to make sure that it's as safe as possible.