Your New Privacy Policy Looks Too Much Like Your Old Privacy Policy

One of the most popular memes in recent years has been the “distracted boyfriend” meme. The coverage has been amazing, including the identification of an 18th Century equivalent painting.

One of the most striking things about the meme is that the presumably current girlfriend has a similar look to the presumably new girl that is so distracting to the boyfriend. It is this similarity that prompted us to…

Your new Privacy Policy looks a lot like Your old Privacy Policy

Transparency is the first pillar of GDPR and that means a privacy policy that goes way beyond the one you probably copied and pasted into your web editor 9 years ago.

As outlined in the blog post earlier this week:

That’s all fine from a philosophical standpoint, but what does transparency mean in practical terms?  Essentially, it is about telling your users/customers what you will do with their data and why.  The easiest way to demonstrate the change is by looking at privacy policies.  To me, these policies have been a lot like middle school fads, in that as soon as businesses identified what seemed to be a good policy, everyone blindly copied and pasted the model, even if it included language that was totally inapplicable.  (You know who you are.)

Over the last several weeks, I’ve counted at least 25 platforms, that I either use daily or have somehow, unwittingly been subscribed to, that have informed me of their new privacy policy. We’ve looked at several of these and they are disappointing in many ways. To understand the goals of GDPR you need to be building your privacy policy as well as your systems with a truly transparent approach. Most of these new policies just re-state what they said before, and don’t do enough to explain what data is being gathered, how is it being used, who is it being shared with, and why is any of this data usage necessary.

As you are undoubtedly getting these notices like we are, take some time to read one or two. Technically, I suppose you should read them all, but since you’re human and naturally don’t like torture, I am trying to set a realistic goal for your weekend.

The GDPR requires that each privacy policy is:

  • concise, transparent, intelligible and easily accessible;
  • written in clear and plain language, particularly if addressed to a child; and
  • free of charge.

Take a look at the ones you have through this lens. Do they meet the standard?

One thought on “Your New Privacy Policy Looks Too Much Like Your Old Privacy Policy

Leave a Reply