28: Check 10 privacy policy terms and conditions before clicking “I Agree”

Updated: Oct 21

When registering to use a website, read the privacy policy terms and conditions before you click “I Agree” and consider the issues we list.

Privacy Policy Terms and Conditions

Most users click “I Agree” for a site’s privacy policy without really reading the policy. Unless and until laws change more universally to put more restrictions on sites’ personal data collection and their ability to share data with other parties, we believe not reading the privacy policy is against users’ privacy interests.


When you click “I Agree” to a website’s terms of use or privacy policy, you are entering into an agreement with the website owners. Particularly with the rampant practice of personal data collection, sharing of personal data with third party marketing networks, targeted marketing, and data breaches, it is more important than ever that you actually read the privacy policy before clicking “I Agree.”


The European Union’s (EU) GPDR privacy legislation, which went into effect May 2018, and California’s CCPA privacy rights legislation, which went into effect January 2020, set new bars for privacy rights that must be granted to users in their jurisdictions. However, even if you do not reside in one of those geographic areas, over the last year or so, you may have noticed that many sites have adopted principles and policies consistent with some of the provisions of GDPR and CCPA nonetheless. They did so either because privacy best practices were deemed to be an important factor for customer satisfaction, or instituting a single customer-friendly privacy policy was cheaper than implementing multiple policies based on user location, or they were already providing privacy-friendly policies that were not monetizing personal data.


So what should you look for in a privacy policy to verify that it abides by high standards of respect for user privacy? We list 10 factors you should expect, or else consider an alternate website.


1. Is the privacy policy written in a clear, friendly manner?

Or is it still written in complex, “legalese” and/or opaque language (e.g., “We collect certain personal information to give you a better online experience” is too vague). If it does not pass this initial test, you can move on to a competitor of theirs who takes privacy seriously.


2. Are you really consenting?

Is consent freely given, informed, and clear as defined by the GPDR? For example, a footnote that says “by using this website, you agree to …” is insufficient; rather, look for unchecked boxes you need to check explicitly and freely to indicate that you agree. Also, is your explicit consent obtained before a single data item is collected? It’s wise to review the privacy policy before you use the site and certainly before you provide any information.


3. Does it clearly present what information is collected and how it will be used and shared?

Does it enumerate the data collected and why? (e.g., to provide a service? for targeted marketing by a third party? for analytics?). Does it explain plainly what it does with the data and with what third parties it is shared? For example, does it sell personal data to third-party marketers? Is there an easy way clearly visible on the home page to opt out of such transfers of user data to third parties (for example, as required by California’s CCPA law).


4. Is the information collected reasonable with respect to the service or product you are acquiring?

Ask yourself if the site is justified in collecting each personal data item. For example, your date of birth may be needed for an online life insurance quote, but would be overkill for a website to ask when an age range would have sufficed. Perhaps there is no customer-beneficial reason for them to request an age range at all.


5. Does it clearly explain how each data item is collected and how long it is retained?

Is data collected via a user form that is submitted? through automated tracking (e.g., via placing a tracking cookie on your computer)? through automatic detection (e.g. “fingerprinting” your device by collecting your IP address, browser and version, operating system and version, fonts on your computer, screen resolution, etc., for the purpose of recognizing you and your activities even if you are not logged in). Does it spell out how long the collected data will be retained? For example, will they delete all data upon request? Upon account closing? After a designated amount of time?


6. Does it provide for an easy way to access, export, edit/correct, and/or delete personal data collected?

Both CCPA and GDPR stipulate certain requirements to allow users to access, correct or delete personal data.


7. Does it claim the right to contact you via email, text messages, phone, and/or snail-mail?

Is there an easy opt-out available or a way to limit the volume and frequency of contacts?


8. Does it reassure you about security of your personal data, and does it authenticate you thoroughly?

For example, are user data protected through measures to secure their server from intrusion, through physical security, encryption of sensitive data, and backup? Does it use the “https” protocol in the URL field of your browser? Does it provide strong authentication, such as by offering two-factor authentication (e.g., confirming your login credentials by sending you a code via text message or app that you must enter to proceed).


9. Does the site have a history of user data breaches?

A quick internet search for the “company name + breaches” might reveal a clean record or some distasteful history. Almost as important as a past breach is how the company handled the breach. Did they sit on the incident for an unreasonable amount of time before they disclosed it? Was there compensation to users?


10. Does the privacy policy and site provide a way to communicate with someone about privacy matters?

If there is no contact-us form or alternate way of contacting the company, that is a red flag. Also, is there a date the policy was last updated, and does it promise to notify users when there is an update?


Take-Away

Take the time to read the privacy policy of a website before you click I Agree and before you even consider using and registering on the website. If the website does not provide nearly all of the 10 items above, consider an alternative service.

-------

Disclaimer

There is not anything in this post that should be construed as legal advice. Rather, this post provides general educational information, which is believed to be valid. Consult your attorney for guidance specific to your needs.

Get email alerts for new posts

*We do not share your email with any third party.  See Privacy Policy.

Use of this blog site constitutes acceptance of its Terms of Use. Note that the terms are written in plain English for clarity and transparency.  Similarly, see also our Privacy Policy.

Brand names mentioned are trademarked or are the trade names of their respective owners.

Other than the logo, most photos or illustrations are stock photos licensed from iStockPhoto.com

Donate


If you like the free content of this blog, help defray the costs of operating the site by making a small donation:

This site is owned and operated by Adept Advice LLC.

Copyright (c) 2020 by Adept Advice LLC. All rights reserved.