Back in 2010, on April Fool’s Day, game supplier GameStation updated its terms and conditions to require all customers to surrender their immortal soul. Of the 7,500 people placing orders that day, none noticed.
The prank highlighted the fact that users rarely read the small print. And these days, with companies keen to gather as much data on their users as they can, privacy policies often represent a bastion of incomprehensibility that can disguise serious issues.
Dutch VPN website VPNoverview has analyzed the privacy policies of some of the world’s biggest social media websites, ranking each on the basis of reading level, difficulty, sentence length, the number of syllables per word and overall readability score.
It requires the reading level of a college graduate, with an average 42 words per sentence, and takes an hour and a half to read. Meanwhile, it’s collecting location, content and payment information.
It also states that it shares its data with third parties – including search history, location, contacts and financial information – and may hand it over to government agencies, law enforcement or other parties where ‘reasonably necessary’.
And TikTok, the third worst offender, requires a reading level of a college graduate – making it harder to discover that the company is collecting location data and the content of direct messages.
Of websites in general, says VPNoverview, more than six in ten are virtually unreadable, in that most require at least a college-graduate reading level while the average adult reading level in the US is just 14.
The worst offender was Disney, whose policy, while short, had a ‘very difficult’ readability score, with some sentences as long as 48 words, and taking an average of 20 minutes to read.
Meanwhile, references to government access to user data should also ring alarm bells, as should referencing data transfer to other third parties.
“Most privacy policies are very vaguely worded, making it hard to determine what will happen to your data, says VPNoverview. “Vague wording could also save a company from legal prosecution if data is leaked.”