GUEST ESSAY: Few consumers read privacy policies — tools can now do this for them

By Ognjen Ikovic

When was the last time you read an online privacy policy in its entirety? Perhaps, never?

Yet our world has moved online. We have on average 67 applications on our mobile phones, seven social media accounts and more than 120 online accounts. But these accounts are not all about networking and games.

Related: What happened to privacy in 2021

COVID crisis has forced us to work remotely. Our children now take classes online. Financial services, health, home security, governance and all other mission critical services are now provided online. The question is at what price?

All these activities leave a massive digital footprint comprising our private data. With the prospect of metaverse and other completely immersive online worlds, our data becomes us. Any misuse of this data can have incomprehensible consequences for us.

Each time we subscribe for an online service or install a mobile application, we are introduced with a document which explains in detail how our private data will be handled. This document is called a privacy policy. We are supposed to read through the privacy policy before proceeding with using the app or service.

Few folks bother. A few years back a small company from Iowa added a clause to their privacy policy offering a reward of 1000 USD to anyone who contacted them. Five months and 3000 users later they received their first call. More than 96% of all internet users have never read a single privacy policy text.

And why should they? Privacy policies are long documents with 2500 words on average, written in a legal language. The New York Times did an experiment where they read 150 privacy policies of well known apps. They have summed up their experience as an Incomprehensible Disaster. To be able to understand an average privacy policy you need a degree in law.


Despite the reluctance to read long and complex privacy policies, recent trends show that users do care about online privacy of their data. Last year WhatsApp lost nearly 90 million users due to an announced privacy policy update which became global news. At the same time, Apple introduced the “do not track across apps” feature with the new iOS version and 96% of users opt out of the cross app tracking.

Whenever offered with a possibility to protect the privacy of our data, we will take it. There is value in our private data and not just for advertising companies. The problem is that there are no available tools that can help end users understand the intricate and complex world of online private data protection and privacy policies behind it. Let’s try to scope such a tool by answering a couple of questions.

What should this tool do exactly, what kind of added value is expected for end users?

It needs to be integrated with user’s daily routines and support them every time they install a new mobile app or enrol with an online service. In the ideal situation users should know who collects their data, what data is collected, how the data is used, for how long is data kept, what rights they have regarding the data processing, what security measures are applied to protect their data, and much more, through a user friendly interface without reading long and complex privacy policies.

Service providers update privacy policies on a regular basis with limited or no notifications to end users at all. It’s hard to keep track of how these updates affect us. The right tools should provide users with the archive of all the accepted privacy policies. It should automatically track these updates and provide notifications to end users.

The right tool should:

•Educate users about the importance of online privacy protection and data protection.

•Empower users to set ground rules on how their data should be collected and used by companies.

•Provide users with “opinion” about the quality and impact of what is written in the policy on users’ privacy preferences.

Users are used to keeping a folder with all their contracts in the physical world. This good practice should translate to the virtual world as well.

What technologies should the tool use?

The technologies for making this tool a reality are already out there. Applying artificial intelligence and using natural language processing to dissect the complex privacy policies is the right way forward.

If these technologies are combined with compelling user experience to summarize results of the privacy policy analysis and visually provide key takeaways, users would finally be able to make informed decisions about their online privacy.

About the essayist: Ognjen Ikovic is co-founder and chief technology officer of INVT, a Serbia-based supplier of Pro Se Online Privacy Policy Guru, a service that reads and analyses privacy policies on the end user’s behalf.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone