Employees | 4 min read

A Beginner’s Guide to Understanding Privacy Policies

  

Want to get updates on InfoArmor News?

Have you noticed more websites asking you to read their privacy policies?

This is due largely to the European Union’s General Data Protection Regulation (GDPR), a law requiring companies to disclose how they collect, use, and store customer information. As more privacy laws are passed, you’ll likely see more pop-ups prompting you to read and agree to privacy statements.

Transparency is a good thing. It empowers people to better understand and control the data they share. But that’s only true for those who decide to read the privacy policies.

In truth, decoding the legalese can be a chore. And, faced with so many lengthy documents, there’s a risk of “consent fatigue.” To highlight the situation, the Wall Street Journal printed out policies from 30-some popular apps, and the results spanned a football field.

What a good privacy policy will include

Before you share information with a site, it’s important to understand how the company will handle your data. Since privacy policies are dense by nature, it’s helpful to know what should be included.

A good privacy policy will:

  • Describe the types of information that’s collected, such as payment methods and IP addresses, and outline how they’re used

  • Disclose how information is gathered, including the use of browser cookies

  • Identify any third parties or organizations that might have access to your information

  • Outline the available privacy choices, with instructions on how to opt out of information sharing — and the consequences of doing so  

  • Describe the site’s security protocols  

  • Outline compliance with the Children’s Online Privacy Protection Act (COPPA) if the site collects data from children under 13

  • Provide contact information for further inquiries

If you’re having trouble understanding a privacy policy, search for it on pribot.org. This site was created by researchers looking to simplify privacy documents for the average consumer, like a CliffsNotes for privacy policies.

Watch for these keywords

It’s critical to make informed decisions about the data you share. So, when you’re skimming a marathon-length policy, be mindful of words and phrases that can signal important disclosures.

If you see the words “third parties,” for example, check if your data is being sold to advertisers or if there’s a more legitimate reason for passing your information along, such as streamlining the checkout process with help from a trustworthy payments app.

Here are some of the most significant keywords.

  • Share

  • Control

  • Delete

  • Choice

  • Third parties

  • Turn off

  • Settings

  • Advertise

Cookies can be useful, but they’re not always sweet

By looking over the privacy policy for each new site you visit, you can better understand how your data is tracked and what choices you have about the information you share. But since that level of attention is not always possible, you can get ahead of some privacy issues by proactively managing your interaction with cookies.

As you surf the web, sites can leave “cookies” on your system. Think of them as virtual breadcrumbs. Cookies gather information and track your browsing behavior, creating a trail of where you’ve been online.

Sometimes cookies come in handy. They may help a site remember your log-in information or record your preferences for a future visit. But companies can also use them to capture your data, which can translate to big profits for them — at your expense.

The good news is you can set controls to limit what you share and minimize your digital footprint. Then, even if you don’t have time to read a site’s privacy policy, you’ll still be partially covered.

In order to avoid cross-device tracking, try these steps on all your gadgets:

  • Eliminate traces of your past searches and visit your browser’s settings to delete your history, cache, and cookies

  • Visit Usa.gov to learn about controlling the cookie settings on popular internet browsers  

  • Consider enabling your browser’s “Do Not Track” mode from settings, a feature that stops web services from tracking your actions online — but understand avoiding cookies entirely may limit your browsing experience

  • Visit Adobe’s website to learn how you can manage Adobe Flash cookies, which operate differently from internet browser cookies

  • Consider resetting the advertising identifier on your smartphone and opting out of ad tracking

If all else fails, consider searching for another app

There are some red flags in a company’s privacy policy that should encourage you to turn elsewhere for service. Here’s the shortlist:

  • Overly confusing language or legalese: When key points are buried or convoluted, a privacy statement can actually erode trust — which is why the GDPR specifically calls for the use of “clear and plain language”

  • A long-past publication date: As security threats evolve, privacy policies should evolve in kind

  • No privacy policy: Without a privacy statement, there’s no way of knowing if the information you share will be adequately protected

What if you ignore a site’s privacy policy?

So what’s the worst that could happen if you share something with a site without glancing over the privacy statement? You may wind up receiving unwanted ads and solicitations. Or, if you’ve shared with a company that doesn’t adequately protect its data, your personal details could wind up in the wrong hands.

When hacks and breaches happen, the dark web monitoring included with PrivacyArmor can offer protection. Our operatives scour the internet for the misuse of your sensitive data, like the information in your credit cards, passport, or driver's license. If your information is compromised, we’ll alert you and help chart a path to recovery.

Still, it’s a good bet to make it a standard practice to review every privacy policy before sharing anything sensitive. You can also take a look at our guide, Protecting Your Privacy: Best Practices for Mobile, Social, and Search Settings for ideas on how to browse more securely and privately.

  
New Call-to-action
At InfoArmor, we believe everyone deserves the right to privacy, security, and above all else, peace of mind. This is why we’re proud to offer industry-leading solutions for employee identity protection and advanced threat intelligence. From enterprise to employee, InfoArmor redefines how organizations combat an ever-changing cyber threat landscape. If you’d like more information on how we can help your organization protect its most valuable assets, reach out. We’d love to hear from you.